jc/wordpress_enumeration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17c1bfda469300559c5446f1ced4194d31520f73
wordpress_enumeration/enum.sh
T
jc 17c1bfda46 updated with scrap.py
2025-06-23 04:44:02 +00:00

173 lines
1.9 MiB
Plaintext
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# Optimize the scrapping plugins with a difference in slashes i.e https:\/\/ke.cicinsurancegroup.com\/wp-content\/plugins\/awsm-team-pro\/js
# Add gap seperating vulnerabilities section in script
# Add author-sitemap.xml as enumeration try out for users
# Optimize source code scraping -> URL Encoding e.g CIC%20Sliders
# change site-kit-by-google to google-site-kit and redux to redux-framework
# add the plugins found in capitalfm source code to consideration -> like tplugins
pp(){
len=30; for ((c=1; c<$(($len+1)); c++)); do echo -n "="; done; echo; echo "[+] $1"; for ((c=1; c<$(($len+1)); c++)); do echo -n "="; done; echo
}
ch(){
[[ `curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s -I $url $url/doesnotexist $url/wp-admin -k -L | grep -i "x-redirect-by\|x-powered-by\|link\|x-tec-api-root"` =~ (WordPress|WP|Strattic|Netlify|wp-json) ]] && return 0 || return 1
}
cf(){
[[ `file $file` =~ "gzip" ]] && { zcat $file > a; mv a $file; }
}
cwv(){
# check if the version of wordpress is outdated or not
[[ $wp_version == $lv ]] && { echo -n "Wordpress version: $wp_version "; cg_color bbg "(Up-to-date)"; return 1; }; for ((c=0; c<${#releases[@]}; c++)); do [[ ${releases[c]} =~ $wp_version ]] && break; done; b=c; a=(${releases[b]}); c=$(($c-1)); d=(${releases[c]}); if [[ ${d[0]} =~ ^[0-9]\.[0-9]$ || ${safe[@]} =~ $wp_version ]]; then echo -n "Wordpress version: $wp_version"; cg_color olbg " [SAFE] "; echo -n "(Outdated - Released: "; else echo -n "Wordpress version: $wp_version (Outdated - Released: "; fi; echo "${a[1]}, Latest version: $lv)"
}
cv(){
# compare versions
[[ $p == $v ]] && return 1
[[ $(echo $p | cut -d "." -f1) -gt $(echo $v | cut -d "." -f1) ]] && { flag+=($j); return 1; }
[[ ${#p} == ${#v} ]] && [[ $(printf "$p\n$v" | sort -rn | head -n1) == $p ]] && { flag+=($j); return 1; }
[[ $(echo $p | cut -d "." -f1) == $(echo $v | cut -d "." -f1) ]] && [[ $(echo $p | cut -d "." -f2) -gt $(echo $v | cut -d "." -f2) ]] && { flag+=($j); return 1; }
[[ $(echo $p | cut -d "." -f1) == $(echo $v | cut -d "." -f1) ]] && [[ $(echo $p | cut -d "." -f2) == $(echo $v | cut -d "." -f2) ]] && [[ ${#p} -gt ${#v} ]] && { flag+=($j); return 1; }
}
cg_color(){
[[ $1 == olbr ]] && echo -en "\e[1;31m$2\e[0m" || { [[ $1 == olbg ]] && echo -en "\e[1;92m$2\e[0m"; } || { [[ $1 == olbb ]] && echo -en "\e[1;94m$2\e[0m"; } || { [[ $1 == olby ]] && echo -en "\e[1;93m$2\e[0m"; } || { [[ $1 == olhr ]] && echo -en "\e[1;91m\e[0m"; } || { [[ $1 == bbr ]] && echo -e "\e[1;31m$2\e[0m"; } || { [[ $1 == bbg ]] && echo -e "\e[1;92m$2\e[0m"; } || { [[ $1 == bbb ]] && echo -e "\e[1;94m$2\e[0m"; } || { [[ $1 == bby ]] && echo -e "\e[1;93m$2\e[0m"; } || { [[ $1 == bhr ]] && echo -e "\e[1;91m$2\e[0m"; } || { [[ $1 == olbp ]] && echo -en "\e[1;95m$2\e[0m"; } || { [[ $1 == bbp ]] && echo -e "\e[1;95m$2\e[0m"; }
}
sapv(){
# search plugin in array and print if vulnerable or not
flag=(); for ((j=0; j<${#vulns_plugins[@]}; j++)); do g=(${vulns_plugins[j]}); p=${g[1]}; [[ ! ${g[0]} =~ ^$1$ ]] && continue; [[ $p == $v ]] && continue; cv; done; [[ ${flag[@]} ]] && { cg_color olbr " [VULNERABLE] "; flagz+=(${flag[@]}); } || cg_color olbg " [CLEAN] "
}
sap(){
# search plugin in array and print if outdated or not
[[ $# == 2 ]] && { a="$1-$2"; set -- "$a"; } || { [[ $# == 3 ]] && { a="$1-$2-$3"; set -- "$a"; }; } || { [[ $# == 4 ]] && { a="$1-$2-$3-$4"; set -- "$a"; }; }
[[ ! $v ]] && { echo "$1: Version not detected"; return 1; }; for ((x=0; x<${#releases_plugins[@]}; x++)); do w=(${releases_plugins[x]}); if [[ ${w[0]} =~ ^$1$ ]]; then u=(${releases_plugins[x]}); k=${u[1]}; kk=${u[0]}; [[ $v == $k ]] && { echo -n "$kk: "; echo -n $v; sapv $1; echo "(Up-to-date)"; } || { echo -n "$kk: "; echo -n $v; sapv $1; echo "(Outdated - Latest version: $k)"; }; break; fi; [[ $x == $((${#releases_plugins[@]}-1)) ]] && { echo -n "$1: $v"; sapv $1; echo; }; done
}
saptv(){
# search theme in array and print if vulnerable or not
flag=(); for ((j=0; j<${#vulns_themes[@]}; j++)); do g=(${vulns_themes[j]}); p=${g[1]}; [[ ! ${g[0]} =~ ^$1$ ]] && continue; [[ $p == $v ]] && continue; cv; done; [[ ${flag[@]} ]] && { cg_color olbr " [VULNERABLE] "; flagz+=(${flag[@]}); } || cg_color olbg " [CLEAN] "
}
sapt(){
# search theme in array and print if outdated or not
[[ ! $v ]] && { echo "$1: Version not detected"; return 1; }; for ((x=0; x<${#releases_themes[@]}; x++)); do w=(${releases_themes[x]}); if [[ ${w[0]} =~ ^$1$ ]]; then u=(${releases_themes[x]}); k=${u[1]}; kk=${u[0]}; [[ $v == $k ]] && { echo -n "$kk: "; echo -n $v; saptv $1; echo "(Up-to-date)"; } || { echo -n "$kk: "; echo -n $v; saptv $1; echo "(Outdated - Latest version: $k)"; }; break; fi; [[ $x == $((${#releases_themes[@]}-1)) ]] && { echo -n "$1: $v"; saptv $1; echo; }; done
}
rg(){
v=$(curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/$1/$2 -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1)
}
ver(){
lv=6.8.1
range=("6.4.3 - 6.6" "6.1.2 - 6.4.2" "5.8.3 - 6.1.1" "5.6.1 - 5.8.2" "5.3.3 - 5.6" "5.0.3 - 5.3.2")
releases=("6.8.1 30-04-2025" "6.8 15-04-2025" "6.7.2 11-02-2025" "6.7.1 21-11-2024" "6.7 12-11-2024" "6.6 10-09-2024" "0.71 23-07-2024" "6.6.2 16-07-2024" "6.6.1 24-06-2024" "6.6 05-06-2024" "6.5.5 07-05-2024" "6.5.4 09-04-2024" "6.5.3 02-04-2024" "6.5.2 24-06-2024" "6.5 09-04-2024" "6.4.5 30-01-2024" "6.4.4 06-12-2023" "6.4.3 09-11-2023" "6.4.2 07-11-2023" "6.4.1 24-06-2024" "6.4 09-04-2024" "6.3.5 30-01-2024" "6.3.4 12-10-2023" "6.3.3 29-08-2023" "6.3.2 08-08-2023" "6.3.1 24-06-2024" "6.3 09-04-2024" "6.2.6 30-01-2024" "6.2.5 12-10-2023" "6.2.4 20-05-2023" "6.2.3 16-05-2023" "6.2.2 29-03-2023" "6.2.1 24-06-2024" "6.2 09-04-2024" "6.1.7 30-01-2024" "6.1.6 12-10-2023" "6.1.5 20-05-2023" "6.1.4 16-05-2023" "6.1.3 15-11-2022" "6.1.2 02-11-2022" "6.1.1 24-06-2024" "6.1 10-04-2024" "6.0.9 30-01-2024" "6.0.8 12-10-2023" "6.0.7 20-05-2023" "6.0.6 16-05-2023" "6.0.5 17-10-2022" "6.0.4 30-08-2022" "6.0.3 12-07-2022" "6.0.2 24-05-2022" "6.0.1 24-06-2024" "6.0 30-01-2024" "5.9.10 12-10-2023" "5.9.9 20-05-2023" "5.9.8 16-05-2023" "5.9.7 17-10-2022" "5.9.6 30-08-2022" "5.9.5 05-04-2022" "5.9.4 11-03-2022" "5.9.3 22-02-2022" "5.9.2 25-01-2022" "5.9.1 24-06-2024" "5.9 30-01-2024" "5.8.10 12-10-2023" "5.8.9 16-05-2023" "5.8.8 17-10-2022" "5.8.7 30-08-2022" "5.8.6 11-03-2022" "5.8.5 06-01-2022" "5.8.4 10-11-2021" "5.8.3 09-09-2021" "5.8.2 20-07-2021" "5.8.1 24-06-2024" "5.8 30-01-2024" "5.7.12 12-10-2023" "5.7.11 16-05-2023" "5.7.10 17-10-2022" "5.7.9 30-08-2022" "5.7.8 11-03-2022" "5.7.7 06-01-2022" "5.7.6 10-11-2021" "5.7.5 09-09-2021" "5.7.4 12-05-2021" "5.7.3 15-04-2021" "5.7.2 09-03-2021" "5.7.1 24-06-2024" "5.7 30-01-2024" "5.6.14 12-10-2023" "5.6.13 16-05-2023" "5.6.12 17-10-2022" "5.6.11 30-08-2022" "5.6.10 11-03-2022" "5.6.9 06-01-2022" "5.6.8 10-11-2021" "5.6.7 09-09-2021" "5.6.6 12-05-2021" "5.6.5 15-04-2021" "5.6.4 22-02-2021" "5.6.3 03-02-2021" "5.6.2 08-12-2020" "5.6.1 24-06-2024" "5.6 30-01-2024" "5.5.15 12-10-2023" "5.5.14 16-05-2023" "5.5.13 17-10-2022" "5.5.12 30-08-2022" "5.5.11 11-03-2022" "5.5.10 06-01-2022" "5.5.9 10-11-2021" "5.5.8 09-09-2021" "5.5.7 12-05-2021" "5.5.6 15-04-2021" "5.5.5 30-10-2020" "5.5.4 29-10-2020" "5.5.3 01-09-2020" "5.5.2 11-08-2020" "5.5.1 24-06-2024" "5.5 30-01-2024" "5.4.16 12-10-2023" "5.4.15 16-05-2023" "5.4.14 17-10-2022" "5.4.13 30-08-2022" "5.4.12 11-03-2022" "5.4.11 06-01-2022" "5.4.10 10-11-2021" "5.4.9 09-09-2021" "5.4.8 12-05-2021" "5.4.7 15-04-2021" "5.4.6 30-10-2020" "5.4.5 29-10-2020" "5.4.4 10-06-2020" "5.4.3 29-04-2020" "5.4.2 31-03-2020" "5.4.1 24-06-2024" "5.4 30-01-2024" "5.3.18 12-10-2023" "5.3.17 16-05-2023" "5.3.16 17-10-2022" "5.3.15 30-08-2022" "5.3.14 11-03-2022" "5.3.13 06-01-2022" "5.3.12 10-11-2021" "5.3.11 11-09-2021" "5.3.10 12-05-2021" "5.3.9 15-04-2021" "5.3.8 30-10-2020" "5.3.7 29-10-2020" "5.3.6 10-06-2020" "5.3.5 29-04-2020" "5.3.4 18-12-2019" "5.3.3 12-12-2019" "5.3.2 12-11-2019" "5.3.1 24-06-2024" "5.3 30-01-2024" "5.2.21 12-10-2023" "5.2.20 16-05-2023" "5.2.19 17-10-2022" "5.2.18 30-08-2022" "5.2.17 11-03-2022" "5.2.16 06-01-2022" "5.2.15 10-11-2021" "5.2.14 09-09-2021" "5.2.13 12-05-2021" "5.2.12 15-04-2021" "5.2.11 30-10-2020" "5.2.10 29-10-2020" "5.2.9 10-06-2020" "5.2.8 29-04-2020" "5.2.7 12-12-2019" "5.2.6 14-10-2019" "5.2.5 05-09-2019" "5.2.4 18-06-2019" "5.2.3 21-05-2019" "5.2.2 07-05-2019" "5.2.1 24-06-2024" "5.2 30-01-2024" "5.1.19 12-10-2023" "5.1.18 16-05-2023" "5.1.17 17-10-2022" "5.1.16 30-08-2022" "5.1.15 11-03-2022" "5.1.14 06-01-2022" "5.1.13 21-09-2021" "5.1.12 13-05-2021" "5.1.11 15-04-2021" "5.1.10 30-10-2020" "5.1.9 29-10-2020" "5.1.8 10-06-2020" "5.1.7 29-04-2020" "5.1.6 29-04-2020" "5.1.5 14-10-2019" "5.1.4 05-09-2019" "5.1.3 13-03-2019" "5.1.2 21-02-2019" "5.1.1 24-06-2024" "5.1 30-01-2024" "5.0.22 12-10-2023" "5.0.21 16-05-2023" "5.0.20 17-10-2022" "5.0.19 30-08-2022" "5.0.18 11-03-2022" "5.0.17 06-01-2022" "5.0.16 21-09-2021" "5.0.15 13-05-2021" "5.0.14 15-04-2021" "5.0.13 29-10-2020" "5.0.12 10-06-2020" "5.0.11 29-04-2020" "5.0.10 12-12-2019" "5.0.9 14-10-2019" "5.0.8 05-09-2019" "5.0.7 13-03-2019" "5.0.6 09-01-2019" "5.0.4 19-12-2018" "5.0.3 13-12-2018" "5.0.2 06-12-2018" "5.0.1 24-06-2024" "5.0 30-01-2024" "4.9.26 12-10-2023" "4.9.25 16-05-2023" "4.9.24 17-10-2022" "4.9.23 30-08-2022" "4.9.22 11-03-2022" "4.9.21 06-01-2022" "4.9.20 13-05-2021" "4.9.19 15-04-2021" "4.9.18 29-10-2020" "4.9.17 10-06-2020" "4.9.16 29-04-2020" "4.9.15 12-12-2019" "4.9.14 14-10-2019" "4.9.13 05-09-2019" "4.9.12 13-03-2019" "4.9.11 13-12-2018" "4.9.10 02-08-2018" "4.9.9 05-07-2018" "4.9.8 17-05-2018" "4.9.7 03-04-2018" "4.9.6 06-02-2018" "4.9.5 05-02-2018" "4.9.4 16-01-2018" "4.9.3 29-11-2017" "4.9.2 16-11-2017" "4.9.1 24-06-2024" "4.9 30-01-2024" "4.8.25 12-10-2023" "4.8.24 16-05-2023" "4.8.23 17-10-2022" "4.8.22 30-08-2022" "4.8.21 11-03-2022" "4.8.20 06-01-2022" "4.8.19 13-05-2021" "4.8.18 15-04-2021" "4.8.17 29-10-2020" "4.8.16 10-06-2020" "4.8.15 29-04-2020" "4.8.14 12-12-2019" "4.8.13 14-10-2019" "4.8.12 05-09-2019" "4.8.11 13-03-2019" "4.8.10 13-12-2018" "4.8.9 05-07-2018" "4.8.8 03-04-2018" "4.8.7 16-01-2018" "4.8.6 29-11-2017" "4.8.5 31-10-2017" "4.8.4 19-09-2017" "4.8.3 02-08-2017" "4.8.2 08-06-2017" "4.8.1 24-06-2024" "4.8 30-01-2024" "4.7.29 12-10-2023" "4.7.28 16-05-2023" "4.7.27 17-10-2022" "4.7.26 30-08-2022" "4.7.25 11-03-2022" "4.7.24 06-01-2022" "4.7.23 13-05-2021" "4.7.22 15-04-2021" "4.7.21 29-10-2020" "4.7.20 10-06-2020" "4.7.19 29-04-2020" "4.7.18 12-12-2019" "4.7.17 14-10-2019" "4.7.16 05-09-2019" "4.7.15 13-03-2019" "4.7.14 13-12-2018" "4.7.13 05-07-2018" "4.7.12 03-04-2018" "4.7.11 16-01-2018" "4.7.10 29-11-2017" "4.7.9 31-10-2017" "4.7.8 19-09-2017" "4.7.7 16-05-2017" "4.7.6 20-04-2017" "4.7.5 06-03-2017" "4.7.4 26-01-2017" "4.7.3 11-01-2017" "4.7.2 06-12-2016" "4.7.1 24-06-2024" "4.7 30-01-2024" "4.6.29 12-10-2023" "4.6.28 16-05-2023" "4.6.27 17-10-2022" "4.6.26 30-08-2022" "4.6.25 11-03-2022" "4.6.24 06-01-2022" "4.6.23 13-05-2021" "4.6.22 29-10-2020" "4.6.21 10-06-2020" "4.6.20 29-04-2020" "4.6.19 12-12-2019" "4.6.18 14-10-2019" "4.6.17 05-09-2019" "4.6.16 13-03-2019" "4.6.15 13-12-2018" "4.6.14 05-07-2018" "4.6.13 03-04-2018" "4.6.12 16-01-2018" "4.6.11 29-11-2017" "4.6.10 31-10-2017" "4.6.9 19-09-2017" "4.6.8 16-05-2017" "4.6.7 20-04-2017" "4.6.6 06-03-2017" "4.6.5 26-01-2017" "4.6.4 11-01-2017" "4.6.3 07-09-2016" "4.6.2 16-08-2016" "4.6.1 24-06-2024" "4.6 30-01-2024" "4.5.32 12-10-2023" "4.5.31 16-05-2023" "4.5.30 17-10-2022" "4.5.29 30-08-2022" "4.5.28 11-03-2022" "4.5.27 06-01-2022" "4.5.26 13-05-2021" "4.5.25 29-10-2020" "4.5.24 10-06-2020" "4.5.23 29-04-2020" "4.5.22 12-12-2019" "4.5.21 14-10-2019" "4.5.20 05-09-2019" "4.5.19 13-03-2019" "4.5.18 13-12-2018" "4.5.17 05-07-2018" "4.5.16 03-04-2018" "4.5.15 16-01-2018" "4.5.14 29-11-2017" "4.5.13 31-10-2017" "4.5.12 19-09-2017" "4.5.11 16-05-2017" "4.5.10 20-04-2017" "4.5.9 06-03-2017" "4.5.8 26-01-2017" "4.5.7 11-01-2017" "4.5.6 07-09-2016" "4.5.5 21-06-2016" "4.5.4 06-05-2016" "4.5.3 26-04-2016" "4.5.2 12-04-2016" "4.5.1 24-06-2024" "4.5 30-01-2024" "4.4.33 12-10-2023" "4.4.32 16-05-2023" "4.4.31 17-10-2022" "4.4.30 30-08-2022" "4.4.29 11-03-2022" "4.4.28 06-01-2022" "4.4.27 13-05-2021" "4.4.26 29-10-2020" "4.4.25 10-06-2020" "4.4.24 29-04-2020" "4.4.23 12-12-2019" "4.4.22 14-10-2019" "4.4.21 05-09-2019" "4.4.20 13-03-2019" "4.4.19 13-12-2018" "4.4.18 05-07-2018" "4.4.17 03-04-2018" "4.4.16 16-01-2018" "4.4.15 29-11-2017" "4.4.14 31-10-2017" "4.4.13 19-09-2017" "4.4.12 16-05-2017" "4.4.11 20-04-2017" "4.4.10 06-03-2017" "4.4.9 26-01-2017" "4.4.8 11-01-2017" "4.4.7 07-09-2016" "4.4.6 21-06-2016" "4.4.5 06-05-2016" "4.4.4 02-02-2016" "4.4.3 06-01-2016" "4.4.2 08-12-2015" "4.4.1 24-06-2024" "4.4 30-01-2024" "4.3.34 12-10-2023" "4.3.33 16-05-2023" "4.3.32 17-10-2022" "4.3.31 30-08-2022" "4.3.30 11-03-2022" "4.3.29 06-01-2022" "4.3.28 13-05-2021" "4.3.27 29-10-2020" "4.3.26 10-06-2020" "4.3.25 29-04-2020" "4.3.24 12-12-2019" "4.3.23 14-10-2019" "4.3.22 05-09-2019" "4.3.21 13-03-2019" "4.3.20 13-12-2018" "4.3.19 05-07-2018" "4.3.18 03-04-2018" "4.3.17 16-01-2018" "4.3.16 29-11-2017" "4.3.15 31-10-2017" "4.3.14 19-09-2017" "4.3.13 16-05-2017" "4.3.12 20-04-2017" "4.3.11 06-03-2017" "4.3.10 26-01-2017" "4.3.9 11-01-2017" "4.3.8 07-09-2016" "4.3.7 21-06-2016" "4.3.6 06-05-2016" "4.3.5 02-02-2016" "4.3.4 06-01-2016" "4.3.3 15-09-2015" "4.3.2 18-08-2015" "4.3.1 24-06-2024" "4.3 30-01-2024" "4.2.38 12-10-2023" "4.2.37 16-05-2023" "4.2.36 17-10-2022" "4.2.35 30-08-2022" "4.2.34 11-03-2022" "4.2.33 06-01-2022" "4.2.32 13-05-2021" "4.2.31 29-10-2020" "4.2.30 10-06-2020" "4.2.29 29-04-2020" "4.2.28 12-12-2019" "4.2.27 14-10-2019" "4.2.26 05-09-2019" "4.2.25 13-03-2019" "4.2.24 13-12-2018" "4.2.23 05-07-2018" "4.2.22 03-04-2018" "4.2.21 16-01-2018" "4.2.20 29-11-2017" "4.2.19 31-10-2017" "4.2.18 19-09-2017" "4.2.17 16-05-2017" "4.2.16 20-04-2017" "4.2.15 06-03-2017" "4.2.14 26-01-2017" "4.2.13 11-01-2017" "4.2.12 07-09-2016" "4.2.11 21-06-2016" "4.2.10 06-05-2016" "4.2.9 02-02-2016" "4.2.8 06-01-2016" "4.2.7 15-09-2015" "4.2.6 04-08-2015" "4.2.5 23-07-2015" "4.2.4 07-05-2015" "4.2.3 27-04-2015" "4.2.2 23-04-2015" "4.2.1 24-06-2024" "4.2 30-01-2024" "4.1.41 12-10-2023" "4.1.40 16-05-2023" "4.1.39 17-10-2022" "4.1.38 30-08-2022" "4.1.37 11-03-2022" "4.1.36 06-01-2022" "4.1.35 13-05-2021" "4.1.34 29-10-2020" "4.1.33 10-06-2020" "4.1.32 29-04-2020" "4.1.31 12-12-2019" "4.1.30 14-10-2019" "4.1.29 05-09-2019" "4.1.28 13-03-2019" "4.1.27 13-12-2018" "4.1.26 05-07-2018" "4.1.25 03-04-2018" "4.1.24 16-01-2018" "4.1.23 29-11-2017" "4.1.22 31-10-2017" "4.1.21 19-09-2017" "4.1.20 16-05-2017" "4.1.19 20-04-2017" "4.1.18 06-03-2017" "4.1.17 26-01-2017" "4.1.16 11-01-2017" "4.1.15 07-09-2016" "4.1.14 21-06-2016" "4.1.13 06-05-2016" "4.1.12 02-02-2016" "4.1.11 06-01-2016" "4.1.10 15-09-2015" "4.1.9 04-08-2015" "4.1.8 23-07-2015" "4.1.7 07-05-2015" "4.1.6 27-04-2015" "4.1.5 23-04-2015" "4.1.4 21-04-2015" "4.1.3 18-02-2015" "4.1.2 18-12-2014" "4.1.1 30-11-2022" "4.1 17-10-2022" "4.0.38 30-08-2022" "4.0.37 11-03-2022" "4.0.36 06-01-2022" "4.0.35 13-05-2021" "4.0.34 29-10-2020" "4.0.33 10-06-2020" "4.0.32 29-04-2020" "4.0.31 12-12-2019" "4.0.30 14-10-2019" "4.0.29 05-09-2019" "4.0.28 13-03-2019" "4.0.27 13-12-2018" "4.0.26 05-07-2018" "4.0.25 03-04-2018" "4.0.24 16-01-2018" "4.0.23 29-11-2017" "4.0.22 31-10-2017" "4.0.21 19-09-2017" "4.0.20 16-05-2017" "4.0.19 20-04-2017" "4.0.18 06-03-2017" "4.0.17 26-01-2017" "4.0.16 11-01-2017" "4.0.15 07-09-2016" "4.0.14 21-06-2016" "4.0.13 06-05-2016" "4.0.12 02-02-2016" "4.0.11 06-01-2016" "4.0.10 15-09-2015" "4.0.9 04-08-2015" "4.0.8 23-07-2015" "4.0.7 06-05-2015" "4.0.6 27-04-2015" "4.0.5 23-04-2015" "4.0.4 21-04-2015" "4.0.3 20-11-2014" "4.0.2 04-09-2014" "4.0.1 30-11-2022" "4.0 17-10-2022" "3.9.40 30-08-2022" "3.9.39 11-03-2022" "3.9.37 06-01-2022" "3.9.36 13-05-2021" "3.9.35 29-10-2020" "3.9.34 10-06-2020" "3.9.33 29-04-2020" "3.9.32 12-12-2019" "3.9.31 14-10-2019" "3.9.30 05-09-2019" "3.9.29 13-03-2019" "3.9.28 13-12-2018" "3.9.27 05-07-2018" "3.9.26 03-04-2018" "3.9.25 16-01-2018" "3.9.24 29-11-2017" "3.9.23 31-10-2017" "3.9.22 19-09-2017" "3.9.21 16-05-2017" "3.9.20 20-04-2017" "3.9.19 06-03-2017" "3.9.18 26-01-2017" "3.9.17 11-01-2017" "3.9.16 07-09-2016" "3.9.15 21-06-2016" "3.9.14 06-05-2016" "3.9.13 02-02-2016" "3.9.12 06-01-2016" "3.9.11 15-09-2015" "3.9.10 04-08-2015" "3.9.9 23-07-2015" "3.9.8 07-05-2015" "3.9.7 23-04-2015" "3.9.6 21-04-2015" "3.9.5 20-11-2014" "3.9.4 06-08-2014" "3.9.3 08-05-2014" "3.9.2 16-04-2014" "3.9.1 30-11-2022" "3.9 17-10-2022" "3.8.41 30-08-2022" "3.8.40 11-03-2022" "3.8.39 06-01-2022" "3.8.38 13-05-2021" "3.8.37 29-10-2020" "3.8.36 10-06-2020" "3.8.35 29-04-2020" "3.8.34 12-12-2019" "3.8.33 14-10-2019" "3.8.32 05-09-2019" "3.8.31 21-03-2019" "3.8.30 13-12-2018" "3.8.29 05-07-2018" "3.8.28 03-04-2018" "3.8.27 16-01-2018" "3.8.26 29-11-2017" "3.8.25 31-10-2017" "3.8.24 19-09-2017" "3.8.23 16-05-2017" "3.8.22 20-04-2017" "3.8.21 06-03-2017" "3.8.20 26-01-2017" "3.8.19 11-01-2017" "3.8.18 07-09-2016" "3.8.17 21-06-2016" "3.8.16 06-05-2016" "3.8.15 02-02-2016" "3.8.14 06-01-2016" "3.8.13 15-09-2015" "3.8.12 04-08-2015" "3.8.11 23-07-2015" "3.8.10 07-05-2015" "3.8.9 23-04-2015" "3.8.8 21-04-2015" "3.8.7 20-11-2014" "3.8.6 06-08-2014" "3.8.5 14-04-2014" "3.8.4 08-04-2014" "3.8.3 23-01-2014" "3.8.2 12-12-2013" "3.8.1 30-11-2022" "3.8 17-10-2022" "3.7.41 30-08-2022" "3.7.40 11-03-2022" "3.7.39 06-01-2022" "3.7.38 13-05-2021" "3.7.37 29-10-2020" "3.7.36 10-06-2020" "3.7.35 29-04-2020" "3.7.34 12-12-2019" "3.7.33 14-10-2019" "3.7.32 05-09-2019" "3.7.31 21-03-2019" "3.7.30 13-12-2018" "3.7.29 05-07-2018" "3.7.28 03-04-2018" "3.7.27 16-01-2018" "3.7.26 29-11-2017" "3.7.25 31-10-2017" "3.7.24 19-09-2017" "3.7.23 16-05-2017" "3.7.22 20-04-2017" "3.7.21 06-03-2017" "3.7.20 26-01-2017" "3.7.19 11-01-2017" "3.7.18 07-09-2016" "3.7.17 21-06-2016" "3.7.16 06-05-2016" "3.7.15 02-02-2016" "3.7.14 06-01-2016" "3.7.13 15-09-2015" "3.7.12 04-08-2015" "3.7.11 23-07-2015" "3.7.10 07-05-2015" "3.7.9 23-04-2015" "3.7.8 21-04-2015" "3.7.7 20-11-2014" "3.7.6 06-08-2014" "3.7.5 14-04-2014" "3.7.4 08-04-2014" "3.7.3 29-10-2013" "3.7.2 24-10-2013" "3.7.1 11-09-2013" "3.7 01-08-2013" "3.6.1 21-06-2013" "3.6 24-01-2013" "3.5.2 11-12-2012" "3.5.1 06-09-2012" "3.5 27-06-2012" "3.4.2 13-06-2012" "3.4.1 27-06-2012" "3.4 20-04-2012" "3.3.3 03-01-2012" "3.3.2 12-12-2011" "3.3.1 12-07-2011" "3.3 04-07-2011" "3.2.1 29-06-2011" "3.2 25-05-2011" "3.1.4 26-04-2011" "3.1.3 04-04-2011" "3.1.2 23-02-2011" "3.1.1 26-04-2011" "3.1 07-02-2011" "3.0.6 29-12-2010" "3.0.5 08-12-2010" "3.0.4 30-11-2010" "3.0.3 29-07-2010" "3.0.2 17-06-2010" "3.0.1 15-02-2010" "3.0 04-01-2010" "2.9.2 18-12-2009" "2.9.1 12-11-2009" "2.9 20-10-2009" "2.8.6 12-08-2009" "2.8.5 03-08-2009" "2.8.4 20-07-2009" "2.8.3 09-07-2009" "2.8.2 11-06-2009" "2.8.1 10-02-2009" "2.8 10-12-2008")
pp "Version information"
wp_version=(`grep -oP "WordPress \K[\d.]+" $file || curl -k -L -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-links-opml.php | grep -oP "WordPress/\K[\d.]+"`)
[[ $wp_version && ${#wp_version} -le 7 ]] && cwv
if [[ ! $wp_version ]]; then year=$(curl -k -L -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/license.txt | grep -m1 -oP "Copyright [\d-]+" | cut -d " " -f2 | cut -d "-" -f2); [[ ! $year ]] && { echo "Wordpress version: Version not detected"; return 1; }; if [[ $year == 2024 ]]; then wp_version=${range[0]}; elif [[ $year == 2023 ]]; then wp_version=${range[1]}; elif [[ $year == 2022 ]]; then wp_version=${range[2]}; elif [[ $year == 2021 ]]; then wp_version=${range[3]}; elif [[ $year == 2020 ]]; then wp_version=${range[4]}; elif [[ $year == 2019 ]]; then wp_version=${range[5]}; else wp_version=$wp_version; fi; echo "Wordpress version: $wp_version"; fi
}
plugins(){
flagz=()
releases_plugins=("8-degree-notification-bar 1.1.8" "360-product-rotation 1.5.8" "4-author-cheer-up-donate 1.3" "3-word-address-validation-field 4.0.16" "1-decembrie-1918 1.dec.2012" "ads-by-datafeedrcom 1.2.0" "activecampaign-for-woocommerce 2.10.0" "adaptive-images 0.6.73" "advanced-forms 1.9.3.6" "appmysite 3.13.2" "alex-reservations 2.1.7" "actionwear-products-sync 2.3.3" "abcbiz-addons 2.0.2" "bmi-adultkid-calculator 1.2.2" "broadly 3.0.2" "burst-statistics 2.0.9" "cardoza-wordpress-poll 36" "cmc-migrate 0.0.3" "digiproveblog 4.16" "dn-popup 1.2.2" "delete-comments-by-status 1.5.3" "estatebud-properties-listings 5.5.0" "emails-verification-for-woocommerce 3.0.4" "elementary-addons 2.0.4" "font-awesome 5.0.2" "fancyflickr 1.0" "ga-backend-tracking 2.4.0" "google-analytics-opt-out 2.3.6" "html5-mp3-player-with-mp3-folder-feedburner-playlist 2.8.0" "hide-shipping-method-for-woocommerce 1.5.2" "intelly-welcome-bar 2.0.4" "image-upload-for-bbpress 1.1.19" "jigoshop-exporter 1.5.8" "justrows-free 0.2" "kopa-nictitate-toolkit 1.0.2" "kk-i-like-it 1.7.5.3" "library-instruction-recorder 1.1.4" "lgpd-framework 2.0.2" "more-better-reviews-for-woocommerce 4.0.7" "mailtree-log-mail 1.0.1" "mb-custom-post-type 2.8.2" "notifikacie-sk 1.0" "onlyoffice-docspace 3.1.0" "pb-oembed-html5-audio-with-cache-support 2.6" "pmpro-register-helper 1.8.3" "premmerce-woocommerce-product-bundles 1.0.9" "quiz-master-next 10.2.1" "reverbnation-widgets 2.1" "rsvpmaker 11.6.2" "svegliat-buttons 1.3.0" "sendpulse-web-push 1.3.9" "seznam-webmaster 1.4.8" "spacer 3.0.7" "totalprocessing-card-payments 7.1.8" "tockify-events-calendar 2.3.0" "user-session-synchronizer 1.4.0" "unusedcss 3.1.15" "vk-blocks 1.104.0.1" "wp-back-button 1.1.3" "wpfront-user-role-editor 4.2.2" "wp-404-auto-redirect-to-similar-post 1.0.5" "wp-user-switch 1.1.0" "wp-tooltip 1.0.1" "xpd-reduce-image-filesize 1.0" "xorbin-analog-flash-clock 1.0.2" "your-lightbox 1.0" "youtube-channel 3.25.2" "zingiri-web-shop 2.6.9" "zohocreator 1.0.5")
vulns_plugins=("8-degree-notification-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "1-jquery-photo-gallery-slideshow-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "1-decembrie-1918 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.16 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "4-author-cheer-up-donate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3d-photo-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "360-product-rotation No.known.fix Reflected.XSS MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "6storage-rentals No.known.fix Missing.Authorization MEDIUM" "6storage-rentals No.known.fix Missing.Authorization MEDIUM" "6storage-rentals No.known.fix Missing.Authorization MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "3d-avatar-user-profile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "5-sterrenspecialist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "123-chat-videochat No.known.fix Video.Chat.<=.1.3.1.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "12-step-meeting-list 3.16.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "12-step-meeting-list 3.16.6 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3dvieweronline-wp 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "17track No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "10centmail-subscription-management-and-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "1-click-migration No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "1-click-migration No.known.fix Unauthenticated.Information.Disclsoure MEDIUM" "1-click-migration No.known.fix Cross-Site.Request.Forgery.to.Backup.Process.Cancellation MEDIUM" "1-click-migration No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Database.Backup.in.class-ocm-backup.php MEDIUM" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "404-error-monitor No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.updatePluginSettings.Function MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'material_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'coating_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'infill_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'printer_text' MEDIUM" "3dprint-lite 2.1.3.6 Cross-Site.Request.Forgery MEDIUM" "3dprint-lite 2.1 Settings.Update.via.CSRF MEDIUM" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "360deg-javascript-viewer 1.7.30 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "2d-tag-cloud-widget-by-sujin No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "404-page 1.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "4ecps-webforms No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "4stats No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "1003-mortgage-application No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "404-solution 2.35.20 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.18 Missing.Authentication.to.Sensitive.Information.Exposure MEDIUM" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "3d-flipbook-dflip-lite 2.3.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.3.42 Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "99fy-core 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "99fy-core 1.2.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "1-click-backup-restore-database-by-sunbytes No.known.fix Missing.Authorization MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "3d-presentation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "012-ps-multi-languages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "99robots-header-footer-code-manager-pro 1.0.17 Reflected.Cross-Site.Scripting.via.message MEDIUM" "404page 11.4.8 Reflected.Cross-Site.Scripting MEDIUM" "5centscdn No.known.fix Reflected.Cross-Site.Scripting HIGH" "360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "alex-reservations 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "ai-image-alt-text-generator-for-wp 1.1.2 Missing.Authorization MEDIUM" "ai-image-alt-text-generator-for-wp No.known.fix Subscriber+.Sensitive.Information.Exposure MEDIUM" "ai-image-alt-text-generator-for-wp 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "admin-cleanup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anonymous-restricted-content 1.6.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "awesome-fitness-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ach-invoice-app No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "ai-seo-translator 1.6.3 Cross-Site.Request.Forgery.via.update_integration_option MEDIUM" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "alert-me No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-dewplayer No.known.fix Missing.Authorization MEDIUM" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "apa-register-newsletter-form No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "agendapress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "additional-product-fields-for-woocommerce 1.2.134 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "appmaps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-post-list No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amocrm-webform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-tag-links No.known.fix Cross-Site.Request.Forgery MEDIUM" "amount-left-free-shipping-woocommerce 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adwork-media-ez-content-locker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "append-content No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "adif-log-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-images-search-and-insert No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "acf-yandex-maps-field No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "alley-elementor-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-quiz No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ai-quiz No.known.fix Missing.Authorization MEDIUM" "all-in-one-cufon No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "alphabetic-pagination 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "actionwear-products-sync No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "actionwear-products-sync 2.3.3 Unauthenticated.Full.Patch.Disclosure MEDIUM" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "animation-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Slider.and.Tabs.Widget.Elementor.Template MEDIUM" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "aforms-eats 1.3.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "auto-date-year-month 2.0.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "athemes-addons-for-elementor-lite No.known.fix Contributor+.Local.File.Inclusion HIGH" "athemes-addons-for-elementor-lite 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "availability No.known.fix Cross-Site.Request.Forgery MEDIUM" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "appsplate No.known.fix Unauthenticated.SQL.Injection HIGH" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "arforms-form-builder 1.7.2 HTML.Injection MEDIUM" "arforms-form-builder 1.7.1 Unauthenticated.Stored.XSS MEDIUM" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajar-productions-in5-embed No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ajar-productions-in5-embed 3.1.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "accordion-slider 1.9.13 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "accordion-slider 1.9.12 Authenticted.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Attribute MEDIUM" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-options-pages 0.9.8 Reflected.Cross-Site.Scripting HIGH" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "animated-text-block 1.0.8 Missing.Authorization MEDIUM" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "are-you-robot-recaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alpha-price-table-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ars-affiliate-page 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addfreestats 4.22 Missing.Authorization MEDIUM" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "acymailing 9.11.1 Reflected.Cross-Site.Scripting MEDIUM" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "add-to-cart-button-labels-for-woocommerce 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ai-postpix 1.1.8.1 Subscriber+.Arbitrary.File.Upload HIGH" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "appexperts 1.4.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "appexperts 1.4.5 Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alphabetical-list No.known.fix Settings.Update.via.CSRF MEDIUM" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "a-team-showcase No.known.fix Missing.Authorization MEDIUM" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "admin-form No.known.fix Authenticated.(Admin+).PHP.Object.Injection HIGH" "admin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.22 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alloggio-membership 1.2 Authentication.Bypass CRITICAL" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "ai-preloader No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "ajax-awesome-css No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "activitytime 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "activitytime 1.1.0 Unauthenticated.SQL.Injection HIGH" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ar-for-wordpress 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-wordpress 7.4 Missing.Authorization.to.Unauthenticated.Limited.File.Upload LOW" "ar-for-wordpress 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "awesome-wp-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-blocks-pro No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "age-gate 3.6.0 Missing.Authorization MEDIUM" "age-gate 3.5.4 Unauthenticated.Local.PHP.File.Inclusion.via.'lang' CRITICAL" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "ark-core No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "advanced-reorder-image-text-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "adminify 4.0.1.7 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "aa-audio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "alphaomega-captcha-anti-spam No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awesome-logo-carousel-block 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sliderId.Parameter MEDIUM" "avatar No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "avatar No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "amazon-auto-links 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "app-ads-txt 1.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "apppresser 4.4.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "apppresser 4.4.7 Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "apppresser 4.4.5 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "addonskit-for-elementor 1.1.7 Contributor+.Stored.XSS MEDIUM" "appbanners No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "ahmeti-wp-timeline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor-builder 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "author-box-after-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "advanced-video-player-with-analytics No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content-generation 1.2.6 Missing.Authorization MEDIUM" "awcode-toolkit 1.0.19 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "agile-store-locator 1.5.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "agile-store-locator 1.5.3 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "archive-page 1.0.3 Contributor+.Stored.XSS MEDIUM" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adsense-privacy-policy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "add-whatsapp-button 2.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-custom-google-tag-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aoa-downloadable No.known.fix Unauthenticated.SSRF HIGH" "aoa-downloadable No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "animated-number-counters 2.2 Editor+.Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "auto-iframe 2.0 Contributor+.XSS.via.Shortcode MEDIUM" "auto-iframe 1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.tag.Parameter MEDIUM" "amazing-service-box-visual-composer-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager-google-recaptcha-integration 1.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "all-push-notification No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-push-notification No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "all-push-notification No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "awesomepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avif-support 1.1.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "avif-support 1.1.1 Author+.Stored.XSS.via.SVG.Uplaod MEDIUM" "add-custom-content-after-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "audio-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ap-google-maps No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "aba-payway-woocommerce-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "anant-addons-for-elementor 1.1.9 Arbitrary.Plugin.Installation.via.CSRF MEDIUM" "anant-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "authors-list 2.0.6.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "authors-list 2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "article-directory No.known.fix Admin+.Stored.XSS LOW" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "admin-bookmarks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-wp-query-search-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.7 Missing.Authorization MEDIUM" "arconix-faq 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "ajax-extend No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "advanced-control-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-control-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "awesome-logos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-logos No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-featured-images-from-videos 1.2.5 Missing.Authorization MEDIUM" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "appointment-booking-calendar 1.3.93 Missing.Authorization MEDIUM" "appointment-booking-calendar 1.3.93 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "adminquickbar 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "alink-tap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "acf-google-font-selector-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "apptivo-business-site No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "apptivo-business-site No.known.fix Cross-Site.Request.Forgery.to.IP.Address.Block MEDIUM" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "advanced-dynamic-pricing-for-woocommerce 4.9.5 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.9.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "altima-lookbook-free-for-woocommerce No.known.fix Refletced.Cross-Site.Scripting MEDIUM" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "all-images-ai 1.0.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "anchor-episodes-index 2.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor_episodes.Shortcode MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "am-lottieplayer 3.5.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Lottie.File MEDIUM" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "add-linked-images-to-gallery-v01 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "abcbiz-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "automatorwp 5.2.6 Authenticated.(Administrator+).SQL.Injection.via.field_conditions HIGH" "automatorwp 5.2.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "automatorwp 5.1.0 Reflected.Cross-Site.Scripting.via.a-0-o-search_field_value CRITICAL" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "ajax-search-lite 4.12.5 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.4 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amadiscount No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "animated-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "admin-menu-post-list No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auxin-portfolio 2.3.5 Contributor+.Stored.XSS MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-lazy-load No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "author-bio-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "aeropage-sync-for-airtable 3.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "aeropage-sync-for-airtable 3.3.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "awesome-timeline No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "automatic-ban-ip No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "anac-xml-render No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "advanced-accordion-block 5.0.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "apa-banner-slider No.known.fix Cross-Site.Request.Forgery.to.SLQ.Injection HIGH" "azurecurve-shortcodes-in-comments No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-wp-writer 3.8.4.5 Cross-Site.Request.Forgery MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "af-tell-a-friend No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "ai-for-seo 1.2.10 Missing.Authorization MEDIUM" "author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "all-in-one-seo-pack 4.8.2 Contributor+.Stored.XSS.via.Post.Meta.Description.and.Canonical.URL MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-online-ordering-and-delivery-platform No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "advanced-woo-labels 2.16 Contributor+.Stored.XSS MEDIUM" "advanced-woo-labels 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ayyash-studio No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ahmeti-wp-guzel-sozler No.known.fix Cross-Site.Request.Forgery MEDIUM" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "ahime-image-printer No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "autowp-ai-content-writer-rewriter 2.0.9 Cross-Site.Request.Forgery MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "aco-product-labels-for-woocommerce 1.5.11 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-login-and-registration-modal-popup 2.25 Reflected.XSS MEDIUM" "ajax-login-and-registration-modal-popup 2.24 Author+.Stored.XSS MEDIUM" "auto-post-after-image-upload No.known.fix Missing.Authorization MEDIUM" "activedemand No.known.fix Missing.Authorization MEDIUM" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "allow-php-execute No.known.fix Authenticated.(Editor+).PHP.Code.Injection HIGH" "avaibook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "anywhere-elementor 1.2.12 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-surveys No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "ai-text-to-speech 3.0.4 Missing.Authorization MEDIUM" "affiliate-tools-viet-nam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "app-builder 5.3.8 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "auto-seo 2.6.6 Stored.XSS.via.CSRF HIGH" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "advanced-search-by-my-solr-server No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awesome-studio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "activecampaign-subscription-forms 8.1.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "attach-gallery-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "advance-wp-query-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "add-categories-post-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Admin+.SQL.Injection MEDIUM" "ajax-comment-form-cst No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "axeptio-sdk-integration 2.5.5 Unauthenticated.Local.File.Inclusion CRITICAL" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amberlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "authors-autocomplete-meta-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autolisticle-automatically-update-numbered-list-articles 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ab-google-map-travel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aec-kiosque 1.9.4 Reflected.Cross-Site.Scripting MEDIUM" "as-english-admin No.known.fix Open.Redirection MEDIUM" "awesome-hooks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "awesome-contact-form7-for-elementor 3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-fancybox No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aria-font No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ashe-extra 1.3 Missing.Authorization MEDIUM" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "announcer 6.0.1 Missing.Authorization MEDIUM" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Private.Templates.Content.Disclosure MEDIUM" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "agecheckernet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliateimportereb No.known.fix Reflected.XSS.via.Search HIGH" "affiliateimportereb No.known.fix Reflected.XSS HIGH" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "accounting-for-woocommerce 1.6.9 Unauthenticated.Local.File.Inclusion CRITICAL" "accounting-for-woocommerce 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accounting-for-woocommerce 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "admin-menu-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "arabic-webfonts No.known.fix Missing.Authorization MEDIUM" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "advanced-options-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "audio4-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ali2woo-lite 3.5.4 Open.Redirect HIGH" "ali2woo-lite 3.4.7 Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.4 PHP.Object.Injection.via.CSRF HIGH" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "additional-order-filters-for-woocommerce 1.22 Reflected.Cross-Site.Scripting MEDIUM" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "awesome-support 6.3.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "awesome-support 6.3.2 Missing.Authorization MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "appointmind 4.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "appreview No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.4 Reflected.Cross-Site.Scripting HIGH" "adthrive-ads 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.1 Missing.Authorization.to.Unauthenticated.Data/Settings.Reset MEDIUM" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "alert-box-block 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Box.Block MEDIUM" "alert-box-block 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-what-should-we-write-about-next No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "advanced-what-should-we-write-about-next No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-load-next-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "animation-addons-for-elementor-pro 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "adifier-system 3.1.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "activity-link-preview-for-buddypress 1.6.0 Activity.Link.Preview.For.BuddyPress.<.1.6.0.-.Unauthenticated.Server-Side.Request.Forgery HIGH" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "animategl No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ameliabooking 1.2.20 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.2.17 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "ameliabooking 1.2.5 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "ai-responsive-gallery-album No.known.fix Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aio-shortcodes 1.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ask-me-anything-anonymously No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amz-configurator-core No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "analytics-tracker 1.1.1 XSS MEDIUM" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "amazon-associate-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "absolute-links No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "activity-reactions-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "alttext-ai 1.9.94 Missing.Authorization MEDIUM" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "az-content-finder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atarapay-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "accept-sagepay-payments-using-contact-form-7 2.1 Unauthenticated.Information.Exposure MEDIUM" "applicantpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aggregator-advanced-settings No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "allpost-contactform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "appointy-appointment-scheduler No.known.fix Cross-Site.Request.Forgery.to.Settings.Change MEDIUM" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "analytics-insights 6.3 Open.Redirect MEDIUM" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "admin-menu-organizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsmiddle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "auto-attachments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "acf-onyx-poll 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "affiliator-lite No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ahathat No.known.fix Cross-Site.Request.Forgery.to.AHA.Page.Deletion MEDIUM" "ahathat No.known.fix Authenticated.(Administrator+).SQL.Injection.via.id.Parameter MEDIUM" "ahathat No.known.fix Reflected.XSS.via.REQUEST_URI MEDIUM" "ahathat No.known.fix Admin+.SQL.Injection MEDIUM" "auto-post-thumbnail 4.1.3 Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 4.1.4 Author+.SSRF MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "aqua-svg-sprite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "acnoo-flutter-api No.known.fix Authentication.Bypass CRITICAL" "advanced-notifications 1.2.8 Missing.Authorization MEDIUM" "advanced-advertising-system No.known.fix Open.Redirect MEDIUM" "advanced-advertising-system No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "autopilot 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "arconix-shortcodes 2.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.17 Reflected.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "arconix-shortcodes 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "asgaros-forum No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "asgaros-forum 3.1.0 Subscriber+.Authorization.Bypass MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-pdf-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "abbie-expander No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alt-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-site-enhancements 7.6.10 Password.Protection.Bypass MEDIUM" "admin-site-enhancements 7.6.10 Limit.Login.Attempt.Bypass.via.IP.Spoofing MEDIUM" "admin-site-enhancements 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements 7.6.3 Missing.Authorization LOW" "admin-site-enhancements 7.5.2 Authenticated.Stored.Cross-Site.Scripting.via.SVG MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "akismet-htaccess-writer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "absolute-reviews 1.1.4 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Criteria.Name MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "aiomatic-automatic-ai-content-writer 2.3.9 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.9.-.Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "aiomatic-automatic-ai-content-writer 2.3.7 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrator.Actions MEDIUM" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "affiliate-links-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "anyguide No.known.fix Cross-Site.Request.Forgery MEDIUM" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "arca-payment-gateway 1.3.4 Stored.XSS.via.CSRF HIGH" "awesome-twitter-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "advanced-data-table-for-elementor 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "asmember No.known.fix Admin+.Stored.XSS LOW" "another-events-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "accessibility-toolbar No.known.fix Cross-Site.Request.Forgery MEDIUM" "ajax-rating-with-custom-login No.known.fix Unauthenticated.SQL.Injection HIGH" "audio-album 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "altra-side-menu No.known.fix Abitrary.Menu.Deletion.via.CSRF MEDIUM" "altra-side-menu No.known.fix Admin+.SQL.Injection MEDIUM" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "adbuddy-adblocker-detection No.known.fix Admin+.Stored.XSS LOW" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "academist-membership 1.2 Authentication.Bypass CRITICAL" "advanced-settings 3.0.2 Cross-Site.Request.Forgery MEDIUM" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "assist24it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-database No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "auto-featured-image-from-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "amazon-product-price No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "affiliatex 1.2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awesome-responsive-photo-gallery 1.2 Missing.Authorization MEDIUM" "awesome-responsive-photo-gallery 2.1 Reflected.Cross-Site.Scripting MEDIUM" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "ai-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ays-popup-box 4.9.8 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "ays-popup-box 4.7.8 Admin+.Stored.XSS LOW" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "aco-woo-dynamic-pricing 4.5.9 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "adverts-click-tracker No.known.fix Missing.Authorization MEDIUM" "admin-note No.known.fix Cross-Site.Request.Forgery MEDIUM" "ar-for-woocommerce 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.5.10 Admin+.Stored.XSS LOW" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "add-rss No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "ad-blocking-detector No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ad-inserter 2.8.1 Ad.Manager.and.AdSense.Ads..<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.38 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "advertising-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "aw-woocommerce-kode-pembayaran No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "authentication-via-otp-using-firebase No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "add-comments No.known.fix Admin+.Stored.XSS LOW" "analyse-uploads No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "abcapp-creator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "ai-engine 2.8.4 2.8.3.-.Subscriber+.Privilege.Escalation.via.MCP HIGH" "ai-engine 2.6.5 Admin+.SQLi MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "allada-tshirt-designer-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "admin-management-xtended 2.4.7 Contributor+.Stored.XSS MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "aawp-obfuscator No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "avchat-3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "atelier-create-cv No.known.fix Settings.Update.via.CSRF MEDIUM" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "about-author 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "authldap 2.6.2 Admin+.Stored.XSS LOW" "affiliate-disclosure-statement No.known.fix Cross-Site.Request.Forgery MEDIUM" "atarim-visual-collaboration 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 4.0.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 4.1.0 Missing.Authorization.to.Authenticated.(Subscriber+).Project.Page/File.Deletion MEDIUM" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "awesome-progess-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auxin-elements 2.17.5 Missing.Authorization MEDIUM" "auxin-elements 2.17.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Staff.Widget MEDIUM" "auxin-elements 2.17.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aux_contact_box.and.aux_gmaps.Shortcodes MEDIUM" "auxin-elements 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.and.Icon.Picker.Widgets MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements No.known.fix Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awsa-shipping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.97.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.92.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "adsensei-b30 No.known.fix Reflected.Cross-Site.Scripting HIGH" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "admin-sms-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "add-to-all 2.2.0 Contributor+.Stored.XSS MEDIUM" "amilia-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aptivada-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "audio-comparison-lite 3.5 Contributor+.Stored.XSS MEDIUM" "all-in-one-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "api-bing-map-2018 5.0 CSRF MEDIUM" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "add-admin-css 2.5 Unauthenticated.Full.Path.Dislcosure MEDIUM" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "anac-xml-viewer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-translation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "asgard No.known.fix Reflected.XSS HIGH" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "adventure-bucket-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-ribbon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "apus-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update.in.import_page_options HIGH" "aweber-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "add-custom-page-template No.known.fix Authenticated.(Administrator+).PHP.Code.Injection.to.Remote.Code.Execution HIGH" "azz-anonim-posting No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "arrow-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "at-internet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-content-generator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "apptha-slider-gallery No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "acf-link-picker-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amazon-showcase-wordpress-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "amministrazione-aperta 3.8 Admin+.LFI LOW" "all-bootstrap-blocks 1.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.20 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "agile-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "advanced-css3-related-posts-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alt-monitoring No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "audiocase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "advanced-blog-post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "accordion-title-for-elementor 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "arielbrailovsky-viralad No.known.fix Unauthenticated.SQL.Injection HIGH" "arielbrailovsky-viralad No.known.fix Unauthenticated.SQL.Injection HIGH" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "author-box-with-different-description No.known.fix Cross-Site.Request.Forgery MEDIUM" "ai-auto-tool No.known.fix Subscriber+.SQLi HIGH" "ai-auto-tool 2.1.3 Missing.Authorization MEDIUM" "amr-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-buddy-online-appointment-booking-by-accrete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aweos-wp-lock 1.4.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-backgrounds No.known.fix Contributor+.Content.Injection LOW" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "attire-blocks 1.9.7 Cross-Site.Request.Forgery MEDIUM" "attire-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "aweber-web-form-widget 7.3.21 Admin+.Stored.XSS LOW" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "a4-barcode-generator 3.4.11 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "aparat-responsive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "a1post-bg-shipping-for-woocommerce 1.5.1 Privilege.Escalation.via.CSRF HIGH" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.7 Admin+.Stored.XSS LOW" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "aajoda-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "awesome-shortcodes 1.7.3 Reflected.XSS HIGH" "acf-frontend-form-element 3.25.18 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.25.2 Unauthenticated.SQL.Injection MEDIUM" "acf-frontend-form-element 3.25.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "acf-frontend-form-element 3.25.1 Unauthenticated.Privilege.Escalation HIGH" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-content-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-to-header No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amp-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "ajax-filter-posts No.known.fix Missing.Authorization MEDIUM" "ajax-filter-posts 3.4.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ajax-filter-posts No.known.fix Missing.Authorization.to.Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.12 Contributor+.Stored.XSS MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "awesome-shortcodes-for-genesis No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "accordion-slider-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awin-advertiser-tracking 2.0.1 Product.Feed.Generation.via.CSRF MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "advanced-category-and-custom-taxonomy-image 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_tax_image.Shortcode MEDIUM" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acl-floating-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ableplayer 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.preload.Parameter MEDIUM" "ableplayer 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration 7.90 Unauthenticated.PHP.Object.Injection HIGH" "all-in-one-wp-migration 7.87 Authenticated.(Administrator+).Arbitrary.PHP.Code.Injection HIGH" "all-in-one-wp-migration 7.87 Unauthenticated.Information.Disclosure.via.Error.Logs MEDIUM" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "accredible-certificates 1.5.0 Authenticated.(Administrator+).SQL.Injection.via.orderby.Parameter MEDIUM" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "amin-chat-button 1.4.2 Stored.XSS.via.CSRF HIGH" "ai-image 1.5.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auphonic-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "addons-for-divi 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "amen No.known.fix Admin+.Stored.XSS LOW" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner-pro 3.2.11 Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "accelerated-mobile-pages 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.99.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "admail No.known.fix Missing.Authorization MEDIUM" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ab-categories-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adirectory 2.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "adirectory 1.9 Unauthenticated.PHP.Object.Injection HIGH" "adirectory 1.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "apimo No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "acf-city-selector No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "acf-city-selector 1.15.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "aicomments 1.4.2 Cross-Site.Request.Forgery MEDIUM" "animate No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "ai-image-generator-lab No.known.fix Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "advanced-woo-search 3.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aws_search_terms.Shortcode MEDIUM" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "arkhe-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arkhe-blocks 2.27.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block.attributes MEDIUM" "arkhe-blocks 2.27.0 Contributor+.Stored.XSS MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aumenu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "amazing-neo-icon-font-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "aryo-activity-log 2.11.2 Unauthenticated.Stored.XSS.via.Event.Context HIGH" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "addon-elements-for-elementor-page-builder 1.14 Contributor+.Sensitive.Information.Disclosure LOW" "addon-elements-for-elementor-page-builder 1.13.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.table_saved_sections MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Missing.Authorization MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amazon-product-in-a-post-plugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "achilles-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-ftp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "ald-login-page 1.3 .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affs No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "anytrack-affiliate-link-manager 1.5.5 Missing.Authorization MEDIUM" "aprils-call-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "appizy-app-embed 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "axle-demo-importer No.known.fix Author+.Arbitrary.File.Upload CRITICAL" "add-infos-to-the-events-calendar 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-speed-increaser No.known.fix Cross-Site.Request.Forgery MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "accordions 2.3.12 Contributor+.PHP.Object.Injection MEDIUM" "accordions 2.2.100 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "ajax-load-more 7.4.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.3.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.3 Ajax.Load.More.<.7.1.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "a-gateway-for-pasargad-bank-on-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliate-links 3.1.0 Missing.Authorization.to.Unauthenticated.Import/Export.and.PHP.Object.Injection HIGH" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "admin-renamer-extended No.known.fix CSRF MEDIUM" "attesa-extra 1.4.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aio-time-clock-lite 1.3.326 Cross-Site.Request.Forgery MEDIUM" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "ai-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "attendance-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "appten-image-rotator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-iframe 2025.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Host.Header MEDIUM" "advanced-iframe 2025.0 Unauthenticated.Settings.Update MEDIUM" "advanced-iframe 2025.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "admire-extra 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-upload-images 3.3.1 CSRF MEDIUM" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "ai-post-generator No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Post/Page.Deletion MEDIUM" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "animated-al-list No.known.fix Reflected.XSS HIGH" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appsero-helper No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "appsero-helper 1.3.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "add-product-frontend-for-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-site-builder No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation CRITICAL" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-event-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "amr-personalise No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ad-inserter-pro 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "anything-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "access-code-feeder No.known.fix CSRF MEDIUM" "apk-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "addfunc-mobile-detect No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accept-authorize-net-payments-using-contact-form-7 2.3 Unauthenticated.Information.Exposure MEDIUM" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "azurecurve-floating-featured-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.7.4 Cross-Site.Request.Forgery MEDIUM" "affiliate-toolkit-starter 3.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atkp_product.Shortcode MEDIUM" "affiliate-toolkit-starter 3.6 Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "azonbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automation-web-platform 3.0.18 Unauthenticated.Privilege.Escalation CRITICAL" "admin-site-enhancements-pro 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements-pro 7.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "automate-hub-free-by-sperse-io No.known.fix Cross-Site.Request.Forgery.to.Activation.Status.Update MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-gallery-singsys No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "apply-with-linkedin-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apply-with-linkedin-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "acme-divi-modules No.known.fix Missing.Authorization MEDIUM" "analyticswp 2.1.5 Unauthenticated.SQL.Injection HIGH" "analyticswp No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "analyticswp No.known.fix Missing.Authorization MEDIUM" "analyticswp 2.1.0 Unauthenticated.SQL.Injection HIGH" "advanced-post-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "apartment-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "apartment-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "apartment-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "apartment-management No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "apartment-management No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "apartment-management No.known.fix Unauthenticated.SQL.Injection HIGH" "apartment-management No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agency-toolkit 1.0.25 Missing.Authorization MEDIUM" "agency-toolkit 1.0.24 Unauthenticated.Arbitrary.Options.Update CRITICAL" "accessibe 2.6 Reflected.Cross-Site.Scripting MEDIUM" "appointify No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "admin-and-client-message-after-order-for-woocommerce 13.3 Authenticated.(Subscriber+).Limited.File.Upload.to.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "auction-nudge 7.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "author-discussion No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "ap-plugin-scripteo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ap-plugin-scripteo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ap-plugin-scripteo 4.89 Multi-Purpose.WordPress.Advertising.Manager.<.4.89.-.Unauthenticated.SQL.Injection HIGH" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db 2.0.3 Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "ablocks 1.9.3 Contributor+.Stored.XSS MEDIUM" "ablocks 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "advanced-angular-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.52 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "abbs-bing-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "abundatrade-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "apply-online 2.6.7.2 Missing.Authorization MEDIUM" "apply-online 2.6.3 Unauthenticated.Application.File.Access MEDIUM" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "assistant 1.5.1.1 Authenticated.(Editor+).PHP.Object.Injection HIGH" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "advanced-tag-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "arprice No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arprice 4.2 Unauthenticated.PHP.Object.Injection HIGH" "arprice 4.2 Subscriber+.PHP.Object.Injection HIGH" "arprice 4.2 Unauthenticated.SQL.Injection HIGH" "arprice 4.2 Subscriber+.SQLi HIGH" "arprice 4.2 Reflected.Cross-Site.Scripting HIGH" "author-work-in-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allaccessible 1.3.5 Subscriber+.Privilege.Escalation HIGH" "allaccessible 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "all-in-menu No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "april-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "april-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "april-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "add-google-plus-one-social-share-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content 3.8.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "all-embed-addons-for-elementor 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "axima-payment-gateway No.known.fix Cross-Site.Request.Forgery MEDIUM" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "aphorismus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ayecode-connect 1.3.9 Missing.Authorization MEDIUM" "addons-for-elementor 8.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piechart_settings.Parameter MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anthologize No.known.fix Cross-Site.Request.Forgery MEDIUM" "anthologize 0.8.3 Cross-Site.Request.Forgery MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "animated-counters No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "anonymize-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accessibility-task-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aklamator-infeed No.known.fix Reflected.XSS HIGH" "aklamator-infeed No.known.fix Admin+.Stored.XSS LOW" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "automatic-internal-links-for-seo 1.2.2 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-widget-after-content 2.5 Admin+.Stored.XSS LOW" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "admin-dashboard-rss-feed 3.4 Administrator+.Stored.XSS LOW" "ari-fancy-lightbox 1.3.18 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "affiliate-coupons 1.7.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-typekit No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "addressbook No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "atomchat No.known.fix Missing.Authorization MEDIUM" "atomchat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "atomchat 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atomchat.Shortcode MEDIUM" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "autocompleter No.known.fix Cross-Site.Request.Forgery MEDIUM" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "aeroscroll-gallery No.known.fix Unauthenticated.Directory.Traversal MEDIUM" "ai-content 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content-pipelines No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "all-in-one-performance-accelerator No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "all-in-one-performance-accelerator No.known.fix Missing.Authorization MEDIUM" "auto-scroll-for-reading No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "advanced-sermons 3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "algori-pdf-viewer 1.0.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "amo-team-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.amoteam_skills.Shortcode MEDIUM" "awesome-event-booking 2.8.5 Reflected.Cross-Site.Scripting MEDIUM" "awesome-event-booking 2.7.5 Missing.Authorization MEDIUM" "awesome-event-booking 2.8.0 Cross-Site.Request.Forgery MEDIUM" "awesome-event-booking 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "abcsubmit No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "awesome-tool-tip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-image-to-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arena_embed_amp.Shortcode MEDIUM" "arena-liveblog-and-chat-tool 0.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "absolute-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "accept-stripe-payments-using-contact-form-7 2.6 Unauthenticated.Information.Exposure MEDIUM" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "advanced-google-recaptcha 1.30 Authenticated.(Subscriber+).Limited.SQL.Injection.via.'sSearch'.Parameter MEDIUM" "advanced-google-recaptcha 1.28 Built-in.Math.CAPTCHA.Bypass MEDIUM" "advanced-google-recaptcha 1.26 Brute.Force.Protection.IP.Unblock LOW" "albumreviewer No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "auto-prune-posts 3.0.0 Admin+.Stored.XSS LOW" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "arforms No.known.fix Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "arforms No.known.fix Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "astra-sites 4.4.10 Cross-Site.Request.Forgery MEDIUM" "astra-sites 4.4.1 Author+.Stored.XSS MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "aio-contact No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "aio-contact No.known.fix Missing.Authorization MEDIUM" "arcadeready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "ajax-random-posts No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "administrator-z 2025.03.30 Authenticated.(Admin+).Directory.Traversal LOW" "administrator-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "administrator-z No.known.fix Contributor+.Stored.XSS MEDIUM" "administrator-z 2025.03.27 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "administrator-z 2024.10.21 Subscriber+.SQL.Injection HIGH" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ancient-world-linked-data-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "bootstrap-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "backlink-monitoring-manager No.known.fix Reflected.XSS HIGH" "broadly No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bulk-user-editor No.known.fix Missing.Authorization MEDIUM" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "basepress-migration-tools No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "blizzard-quotes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "broken-images-redirection No.known.fix Cross-Site.Request.Forgery MEDIUM" "bluetrait-event-viewer No.known.fix Settings.Update.via.CSRF MEDIUM" "bet-wc-2018-russia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-email-assign-templates 1.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-email-assign-templates No.known.fix Missing.Authorization.to.Authorization.Bypass MEDIUM" "bp-email-assign-templates 1.6 Reflected.XSS HIGH" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "boot-modal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "bp-better-messages 2.7.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "bp-better-messages 2.7.5 Unauthenticated.Limited.Server-Side.Request.Forgery.in.nice_links MEDIUM" "bp-better-messages 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "bus-ticket-booking-with-seat-reservation 5.4.4 Cross-Site.Request.Forgery MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "breezing-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bmi-adultkid-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "bulk-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulk-term-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "bbpress 2.6.12 Cross-Site.Request.Forgery.to.Limited.Privilege.Escalation MEDIUM" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "beacon-by No.known.fix Cross-Site.Request.Forgery MEDIUM" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "brodos-net-onlineshop No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bitformpro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "bitformpro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "blog-summary No.known.fix Contributor+.Stored.XSS MEDIUM" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.21 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.20 Reflected.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "b2i-investor-tools 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "borderless 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "borderless 1.6.1 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "borderless 1.6.0 Missing.Authorization.to.Icon.Font.Deletion MEDIUM" "borderless 1.5.9 Editor+.Stored.XSS MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-members-only No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bma-lite-appointment-booking-and-scheduling No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "bulletin-announcements 3.12 Reflected.Cross-Site.Scripting HIGH" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "best-bootstrap-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bns-twitter-follow-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buybox-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beam-me-up-scotty No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beam-me-up-scotty 1.0.22 Reflected.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "bukza 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "block-spam-by-math-reloaded No.known.fix Missing.Authorization MEDIUM" "block-spam-by-math-reloaded No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bvd-easy-gallery-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "beautiful-link-preview No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "best-posts-summary No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker-seo 1.2.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bp-greeting-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bizcalendar-web 1.1.0.35 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "browser-address-bar-color 3.4.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "bodi0s-easy-cache 0.9 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bot-for-telegram-on-woocommerce 1.2.7 Missing.Authorization MEDIUM" "bot-for-telegram-on-woocommerce No.known.fix Subscriber+.Authentication.Bypass HIGH" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "blog-stats-by-w3counter No.known.fix Cross-Site.Request.Forgery MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bee-layer-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "bitcoin-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "benaa-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "benaa-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "benaa-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bookingor No.known.fix Missing.Authorization MEDIUM" "beaf-before-and-after-gallery 4.6.11 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "blocks-post-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "button-block 1.1.6 Missing.Authorization MEDIUM" "button-block 1.2.0 Contributor+.Stored.XSS MEDIUM" "button-block 1.1.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "button-block 1.1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "buying-buddy-idx-crm 2.0.0 PHP.Object.Injection.via.CSRF HIGH" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bmo-expo No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boat-rental-system No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "badr-naver-syndication No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup-backup 1.4.6.1 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialize_replace' HIGH" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url MEDIUM" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "block-logic No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "bertha-ai-free No.known.fix Missing.Authorization MEDIUM" "bertha-ai-free 1.12.11 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bg-patriarchia-bu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "biltorvet-dealer-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "boombox-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookster 1.2.0 Unauthenticated.Appointment.Status.Update MEDIUM" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "bit-assist 1.5.5 Unauthenticated.Path.Traversal MEDIUM" "bit-assist 1.5.3 Subscriber+.Arbitrary.File.Read.via.fileID.Parameter MEDIUM" "bit-assist 1.5.3 Authenticated.(Subscriber+).SQL.Injection.via.id.Parameter MEDIUM" "bit-assist 1.5.3 Admin+.Arbitrary.File.Read MEDIUM" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "business-contact-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bradmax-player 1.1.28 Contributor+.Stored.XSS MEDIUM" "booqable-rental-reservations No.known.fix Cross-Site.Request.Forgery MEDIUM" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "beautiful-taxonomy-filters No.known.fix Unauthenticated.SQL.Injection HIGH" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "back-link-tracker No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blockstrap-page-builder-blocks No.known.fix Bootstrap.Blocks.<=.0.1.36.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "blogbuzztime-for-wp No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bebetter-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "booknetic 4.1.5 Staff.Creation.via.CSRF HIGH" "booknetic No.known.fix Cross-Site.Request.Forgery MEDIUM" "bigmart-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "business-directory-plugin 6.4.15 Easy.Listing.Directories.for.WordPress.<.6.4.15.-.Insecure.Direct.Object.Reference.to.Listing.Arbitrary.Image.Addition MEDIUM" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "blighty-explorer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "booking-system-trafft 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blu-logistics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "binlayerpress No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "brid-video-easy-publish 3.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "brid-video-easy-publish No.known.fix Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "brid-video-easy-publish 3.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.brid_override_yt.Shortcode MEDIUM" "brid-video-easy-publish 3.8.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "banner-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "beacon-for-helpscout No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.16.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.15.19 Addons.For.Elementor.(Revolution.of.a.slider,.Hero.Slider,.Ecommerce.Slider.<.3.15.19.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Blog.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-author-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-me-now No.known.fix Reflected.XSS HIGH" "bulk-me-now No.known.fix Message.Deletion.via.CSRF MEDIUM" "bulk-me-now No.known.fix Stored.XSS.via.Shortcode HIGH" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bknewsticker No.known.fix Cross-Site.Request.Forgery MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "branding No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulkpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.56 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "breaking-news-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breaking-news-wp No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "browser-theme-color 1.4 Settings.Update.via.CSRF MEDIUM" "blrt-wp-embed No.known.fix Reflected.Cross-Site.Scripting HIGH" "blrt-wp-embed No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "boostify-header-footer-builder 1.3.7 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.20 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.16 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "big-boom-directory 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.22 Reflected.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "bws-smtp 1.2.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bigbuy-wc-dropshipping-connector 2.0.1 Unauthenticated.Full.Path.Disclosute MEDIUM" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "bp-messages-tool 2.5 Reflected.Cross-Site.Scripting MEDIUM" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "boxers-and-swipers No.known.fix Author+.Stored.XSS MEDIUM" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "best-restaurant-menu-by-pricelisto 1.4.3 Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "bard-extra 1.2.8 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bet-sport-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "block-controller No.known.fix Reflected.Cross-Site.Scripting HIGH" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "bverse-convert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "browsing-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "byconsole-woo-order-delivery-time 2.5.2 Unauthenticated.Full.Path.Dsiclosure MEDIUM" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "blog-designer-pack 4.0.1 Unauthenticated.Local.File.Inclusion CRITICAL" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bit-integrations 2.5.0 Open.Redirect HIGH" "blue-captcha 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "bible-embed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "business No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbp-core 1.2.6 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bloom 1.1.1 Privilege.Escalation HIGH" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "bitspecter-suite 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-docs 2.2.5 Subscriber+.Arbitrary.Document.Read/Update MEDIUM" "buddypress-docs 2.2.4 Reflected.Cross-Site.Scripting HIGH" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "better-protected-pages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "browser-update-notify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Cross-Site.Request.Forgery.to.Email.Address.Update/Account.Takeover HIGH" "ba-book-everything 1.6.21 Unauthenticated.Arbitrary.User.Password.Reset MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bold-page-builder 5.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.additional_settings.Parameter MEDIUM" "bold-page-builder 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'data-text'.Parameter MEDIUM" "bold-page-builder 5.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.6 Authenticated.(Editor+).Path.Traversal LOW" "bold-page-builder 5.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.4 Missing.Authorization MEDIUM" "bold-page-builder 5.1.1 -.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "bbp-api No.known.fix Missing.Authorization MEDIUM" "bulk-featured-image No.known.fix Missing.Authorization MEDIUM" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-package 1.6.73 Reflected.Cross-Site.Scripting.via.Locale.Parameter MEDIUM" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "bounce-handler-mailpoet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booster-plus-for-woocommerce 7.2.5 Reflected.Cross-Site.Scripting MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress 14.2.1 Authenticated.(Subscriber+).Directory.Traversal HIGH" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bakkbone-florist-companion 7.3.0 Reflected.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "boldgrid-backup 1.17.0 Authenticated.(Admin+).Command.Injection HIGH" "boldgrid-backup 1.16.9 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "boldgrid-backup 1.16.7 Authenticated.(Administrator+).Remote.Code.Execution.via.Backup.Settings HIGH" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "b-slider 1.1.24 Gutenberg.Slider.Block.for.WP.<.1.1.24.-.Authenticated.(Contributor+).Private.Post.Disclosure.via.bsb-slider.Shortcode MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-humanity No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "brizy-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "brizy-pro No.known.fix Missing.Authorization MEDIUM" "brizy-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "backup-database No.known.fix Admin+.Stored.XSS LOW" "brizy No.known.fix Contributor+.Stored.XSS MEDIUM" "brizy 2.6.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "brizy 2.6.5 Authenticated.(Contributor+).Arbitrary.File.Upload.via.storeUploads CRITICAL" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "bsk-gravityforms-blacklist 4.0 SQLi.via.CSRF MEDIUM" "bsk-gravityforms-blacklist 3.9 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "broadstreet 1.51.8 Reflected.XSS HIGH" "broadstreet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "broadstreet No.known.fix Subscriber+.Stored.XSS HIGH" "broadstreet No.known.fix Cross-Site.Request.Forgery MEDIUM" "broadstreet 1.51.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.zone.Parameter MEDIUM" "bdthemes-element-pack-lite 5.11.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.29 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.15 Addons.for.Elementor.<.5.10.15.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.13 Missing.Authorization MEDIUM" "bdthemes-element-pack-lite 5.10.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Lightbox.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+.Stored.Cross-Site.Scripting.via.Open.Map.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "bilingual-linker 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyboss-platform-pro 2.7.10 Authentication.Bypass.via.Apple.OAuth.provider CRITICAL" "bulk-image-resizer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Options.Update MEDIUM" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-editor 1.0.8.6 Authenticated.(Editor+).Path.Traversal LOW" "bulk-editor 1.0.8.4 Authenticated.(Editor+).CSV.Path.Traversal LOW" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "blogger-image-import No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "basepress 2.16.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Database.Update MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-menu-edit 1.3.1 Missing.Authorization MEDIUM" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-calendar-pro 11.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "build-app-online No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "book-a-place No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "bang-tinh-lai-suat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "b-blocks 2.0.1 The.ultimate.block.collection.<.2.0.1.-.Contributor+.Stored.XSS MEDIUM" "background-takeover 4.1.5 Directory.Traversal HIGH" "bybrick-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-bp-registration No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "badgearoo No.known.fix Reflected.XSS HIGH" "badgearoo No.known.fix Admin+.Stored.XSS LOW" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "buddyforms 2.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'buddyforms_nav'.Shortcode MEDIUM" "buddyforms 2.8.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.13 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms 2.8.10 Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "bulk-resize-media No.known.fix CSRF MEDIUM" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "bannerlid No.known.fix Reflected.XSS HIGH" "buooy-sticky-header No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blue-wrench-videos-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "booking-and-rental-manager-for-woocommerce 2.3.9 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.3.7 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.9 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "booking-and-rental-manager-for-woocommerce 2.2.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "booking-and-rental-manager-for-woocommerce 2.2.2 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "bstone-demo-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bunnycdn 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business-card-block 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "blog-manager-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "betterlinks 2.1.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "bulk-page-stub-creator 1.2 Reflected.Cross-Site.Scripting HIGH" "bug-library 2.1.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bft-autoresponder 2.7.2.5 Reflected.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "booking-calendar 3.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "booking-calendar 3.2.20 Authenticated.(Contributor+).SQL.Injection MEDIUM" "booking-calendar 3.2.16 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "bring-fraktguiden-for-woocommerce 1.11.5 Missing.Authorization MEDIUM" "better-wlm-api 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "better-wlm-api 1.1.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bne-gallery-extended 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.gallery.Shortcode MEDIUM" "browse-as No.known.fix Subscriber+.Authentication.Bypass.via.Cookie HIGH" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "basic-interactive-world-map No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-finder 2.5.1 Authenticated.(Author+).Blind.Server-Side.Request.Forgery MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Export MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Order.Deletion MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Import MEDIUM" "bns-featured-category No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "bulk-role-change No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "blaze-online-eparcel-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "book-a-room No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "beaver-builder-lite-version 2.8.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.3 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Widget MEDIUM" "beaver-builder-lite-version 2.8.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3.7 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Group.Module MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "bmlt-meeting-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map 2.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "bauernregeln No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddy-press-force-password-change No.known.fix Subscriber+.Account.Takeover.via.Password.Update MEDIUM" "bp-activity-plus-reloaded No.known.fix Missing.Authorization MEDIUM" "bp-activity-plus-reloaded 1.1.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "blockspare 3.2.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-search 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "bbcode-deluxe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bubble-menu 4.0.3 Cross-Site.Request.Forgery MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "bp-member-type-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "banner-system No.known.fix Missing.Authorization MEDIUM" "banner-system No.known.fix Privilege.Escalation HIGH" "banner-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bruteguard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizlibrary No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "blur-text 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "best-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bpmnio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bbpress2-shortcode-whitelist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bamboo-enquiries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "block-editor-bootstrap-blocks 6.6.2 Reflected.Cross-Site.Scripting.via.tab MEDIUM" "bootstrap-collapse No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "broken-link-checker 2.4.5 Subscriber+.Plugin.Status.Dashboard.View MEDIUM" "broken-link-checker 2.4.2 Admin+.SSRF MEDIUM" "broken-link-checker 2.4.1 Reflected.XSS HIGH" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "booking-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Missing.Authorization MEDIUM" "booking-system 2.9.9.5.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Stored.XSS.via.CSRF HIGH" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5..Unauthenticated.Blind.Stored.XSS MEDIUM" "bu-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bitly-linker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bp-social-connect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "bus-booking-manager 4.2.3 Administrator+.Stored.XSS LOW" "boom-fest 2.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "bread-butter 7.5.880 Contributor+.Stored.XSS MEDIUM" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "baiduseo No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bandsintown 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bravo-search-and-replace No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "beyot-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "beyot-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "beyot-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "banner-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "bulk-categories-assign No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "breaking-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "bridge-core 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bridge-core 3.3.1 Missing.Authorization MEDIUM" "bridge-core 3.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bridge-core 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bridge-core 3.1.0 Reflected.XSS HIGH" "better-wp-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'bbp_topic_title' MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'invitee_name' MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'bp_nouveau_ajax_media_save'.function MEDIUM" "buddyboss-platform 2.8.00 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'link_title' MEDIUM" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 2.7.60 Private.Comment.Exposure.via.IDOR MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "blog2social 8.4.5 Authenticated.(Subscriber+).SQL.Injection.via.'prgSortPostType'.Parameter MEDIUM" "blog2social 8.4.0 Contributor+.Stored.XSS MEDIUM" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bu-section-editing No.known.fix Reflected.XSS HIGH" "bu-section-editing No.known.fix Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "brand-my-footer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bacon-ipsum No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "buk-appointments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bricksable 1.6.60 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "bitcoin-lightning-publisher 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "beerxml-shortcode 0.8 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "bonway-static-block-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "backtotop No.known.fix Cross-Site.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "b-testimonial 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-as-homepage No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bon-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "bellows-accordion-menu 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "bwd-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "bwd-elementor-addons 4.3.19 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "builder-shortcode-extras No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "better-section-navigation 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.7.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "build-private-store-for-woocommerce 1.1 Missing.Authorization MEDIUM" "build-private-store-for-woocommerce 1.1 Cross-Site.Request.Forgery MEDIUM" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bizapp-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "blockwheels No.known.fix Contributor+.Stored.XSS MEDIUM" "bold-pagos-en-linea 3.1.5 Reflected.Cross-Site.Scripting HIGH" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-delete-users-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-delete-users-by-email No.known.fix User.Deletion.via.CSRF HIGH" "book-press No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "book-press No.known.fix Missing.Authorization MEDIUM" "book-press 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bamazoo-button-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dgs.Shortcode MEDIUM" "background-control No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "bit-form 2.18.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bit-form 2.18.1 Open.Redirect HIGH" "bit-form 2.17.5 Authenticated.(Administrator+).Server-Side.Request.Forgery LOW" "bit-form 2.17.4 Missing.Authorization.to.Authenticated.(Subscriber+).Form.Submission.Disclosure MEDIUM" "bit-form 2.15.3 Admin+.Arbitrary.File.Read LOW" "bit-form 2.13.12 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.13.11 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.13.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "biagiotti-membership 1.1 Authentication.Bypass.via.biagiotti_membership_check_facebook_user CRITICAL" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "better-user-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "button-generation 3.1.2 Cross-Site.Request.Forgery MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "background-animation-blocks No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "blogger-301-redirect No.known.fix Unauthenticated.SQL.Injection.via.br HIGH" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "bmlt-tabbed-map 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "backwp No.known.fix Cross-Site.Request.Forgery MEDIUM" "booking 10.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpbc.Shortcode MEDIUM" "booking 10.10.1 Unauthenticated.Post-Confirmation.Booking.Manipulation MEDIUM" "booking 10.9.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'booking'.Shortcode MEDIUM" "booking 10.6.5 Admin+.Stored.XSS LOW" "booking 10.6.3 Admin+.Stored.XSS LOW" "booking 10.6.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bm-builder 3.16.3 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.ux_cb_page_options_save MEDIUM" "bm-builder 3.16.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "bonjour-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "binary-mlm-plan No.known.fix Unauthenticated.SQL.Injection HIGH" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "b-banner-slider No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bg-orthodox-calendar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bwl-advanced-faq-manager 2.1.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "beds24-online-booking 2.0.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.29 Contributor+.Local.File.Inclusion HIGH" "beds24-online-booking 2.0.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.28 Contributor+.Stored.XSS.via.beds24-link.Shortcode MEDIUM" "beds24-online-booking 2.0.26 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.25 Contributor+.Stored.XSS MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "browser-caching-with-htaccess No.known.fix Cross-Site.Request.Forgery MEDIUM" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "blocks No.known.fix Admin+.Stored.XSS LOW" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "button-contact-vr 4.7.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookalet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "belingogeo No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "boombox-theme-extensions 1.8.1 Subscriber+.Privilege.Escalation.via.Password.Reset/Account.Takeover.in.boombox_ajax_reset_password HIGH" "boombox-theme-extensions 1.8.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "beek-widget-extention No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "basticom-framework 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "be-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.23 Unauthenticated.Export.File.Download MEDIUM" "bookingpress-appointment-booking 1.1.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "bdthemes-element-pack 8.0.0 Cross-Site.Request.Forgery MEDIUM" "bdthemes-element-pack 8.0.0 Missing.Authorization MEDIUM" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack 7.19.3 Contributor+.Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "breeze 2.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breeze 2.1.15 Missing.Authorization MEDIUM" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "board-election No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-button-widget 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bunnys-print-css No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "boo-recipes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-and-notification No.known.fix Authentication.Bypass CRITICAL" "booking-calendar-and-notification No.known.fix Unauthenticated.SQL.Injection HIGH" "booking-calendar-and-notification No.known.fix Missing.Authorization.via.wpcb_all_bookings,.wpcb_update_booking_post,.and.wpcb_delete_posts.Functions MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).SQL.Injection.via.tab.Parameter MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "broken-links-remover No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "best-css-compiler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "banner-garden No.known.fix Reflected.XSS HIGH" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blockmeister 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blog-posts-and-category-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "board-document-manager-from-chuhpl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "clients No.known.fix Missing.Authorization MEDIUM" "clients No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "cbxgooglemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "cf7-styler No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.9 Reflected.XSS MEDIUM" "cf7-styler 1.6.9 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "customized-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.URL MEDIUM" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "comment-validation-reloaded No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "chative-live-chat-and-chatbot 1.2 Channel/Org.ID.Update.via.CSRF MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Update MEDIUM" "chatbot-chatgpt 2.1.9 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Assistant.Modification MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Addition MEDIUM" "chatbot-chatgpt 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Deletion MEDIUM" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "canonical-attachments No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-post-limits No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "content-glass-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cliptakes 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "cm-video-lesson-manager 1.8.3 Reflected.XSS HIGH" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "custom-smilies-se No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chatplusjp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-field-for-wp-job-manager 1.5 Cross-Site.Request.Forgery MEDIUM" "custom-field-for-wp-job-manager 1.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "calendapp No.known.fix Reflected.XSS HIGH" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "contentmx-content-publisher No.known.fix Missing.Authorization MEDIUM" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "countdown-time 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-time 1.2.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cf7-dynamics-crm 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "cm-pop-up-banners 1.7.6 Reflected.XSS HIGH" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "cm-table-of-content 1.2.4 Stored.XSS.via.CSRF HIGH" "cm-table-of-content 1.2.3 Settings.Reset.via.CSRF MEDIUM" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "clickbank-storefront No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "control-horas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cart66-lite 1.5.5 XSS MEDIUM" "cozy-addons 2.1.23 Missing.Authorization MEDIUM" "cozy-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "contact-forms 1.9.9 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.9.5 Missing.Authorization.to.Unauthenticated.Form.Submission.Download MEDIUM" "contact-forms 1.9.3 Cross-Site.Request.Forgery.via.process_bulk_action.Function MEDIUM" "contact-forms 1.9.1 Admin+.Stored.XSS LOW" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "cmsmasters-content-composer 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "countdown-for-the-events-calendar 1.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "custom-widget-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cost-of-goods-for-woocommerce 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "cazamba No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "chatwee No.known.fix Missing.Authorization MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked-pro 1.8.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cooked-pro 1.8.0 Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cardealer 4.48 Missing.Authorization MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-cc-avenue-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copy-move-posts No.known.fix Missing.Authorization MEDIUM" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coming-soon-countdown No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "custom-pc-builder-lite-for-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "customer-area 8.2.5 Event.Log.Deletion.via.CSRF MEDIUM" "customer-area 8.2.5 Bulk.Delete.via.CSRF MEDIUM" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-fields-account-registration-for-woocommerce 1.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "cg-scroll-to-top No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "cf7-constant-contact 1.1.6 CSRF MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "companion-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked..Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "calculator-builder 1.6.3 Unauthenticated.Local.File.Inclusion HIGH" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "category-ajax-filter 2.8.3 Unauthenticated.Local.File.Inclusion CRITICAL" "chalet-montagne-com-tools No.known.fix Reflected.XSS HIGH" "chamber-dashboard-business-directory No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.11 Missing.Authorization MEDIUM" "chamber-dashboard-business-directory 3.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "copy-menu No.known.fix Missing.Authorization MEDIUM" "cf-geoplugin 8.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin 8.7.0 Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "clevernode-related-content 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-email-blacklist 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "cm-email-blacklist 1.5.4 Reflected.XSS HIGH" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "cmp-coming-soon-maintenance 4.1.15 Admin+.Arbitrary.File.Upload MEDIUM" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css-live No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "carousel-of-post-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cm-header-footer-script-loader 1.2.5 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cm-header-footer-script-loader 1.2.2 Reflected.XSS HIGH" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "countdown-builder 2.9.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "countdown-builder 2.8.9 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "combo-wp-rewrite-slugs No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "cognito-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "clasify-classified-listing No.known.fix Reflected.XSS HIGH" "clicksend-lead-capture-form No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Message.Deletion MEDIUM" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "cookie-monster No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "cssjockey-add-ons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "charitable 1.8.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.8.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.8.3.1 Reflected.Cross-Site.Scripting MEDIUM" "charitable 1.8.1.15 Insecure.Direct.Object.Reference.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.5.14 Unauthorised.Access HIGH" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "chillpay-payment-gateway No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "crawlomatic-multipage-scraper-post-generator 2.6.9 Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "crawlomatic-multipage-scraper-post-generator 2.6.9 Missing.Authorization MEDIUM" "crawlomatic-multipage-scraper-post-generator 2.6.8.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chessgame-shizzle 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "categorycustomfields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cookie-consent-autoblock No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "changyan No.known.fix Missing.Authorization MEDIUM" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "content-control 2.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-control 2.6.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "content-no-cache 0.1.3 Unauthenticated.Private.Content.Disclosure MEDIUM" "call-to-action-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "currency-converter-widget-pro 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-download-manager 3.0.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "crafthemes-demo-import No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload.in.process_uploaded_files HIGH" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "click-to-chat-for-whatsapp 4.23 Contributor+.Stored.XSS.via.data-no_number.Parameter MEDIUM" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "codesnips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-content-types 1.1.1 Admin+.Stored.XSS LOW" "calais-auto-tagger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "card-elements-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Profile.Card.Widget MEDIUM" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captivatesync-trade 2.0.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "custom-login-page No.known.fix Reflected.XSS HIGH" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "coronavirus-data-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "code-generator-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "crafty-social-buttons 1.5.8 XSS MEDIUM" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-lite 1.1.29 Contributor+.Stored.XSS MEDIUM" "contact-form-lite 1.1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "coschool No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "clockify-lite No.known.fix Missing.Authorization MEDIUM" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "currency-switcher-woocommerce 2.16.3 Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "curatorio 1.9.2 Contributor+.Stored.XSS MEDIUM" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "content-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "constant-contact-forms-by-mailmunch 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cmc-migrate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "clipart No.known.fix Reflected.XSS HIGH" "cc-bmi-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "custom-dashboard-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "code-clone No.known.fix Authenticated.(Administrator+).SQL.Injection.via.snippetId.Parameter MEDIUM" "crazy-call-to-action-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "content-syndication-toolkit-reader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "contact-form-7-select-box-editor-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "cubepoints No.known.fix Cross-Site.Request.Forgery MEDIUM" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "cm-business-directory 1.4.2 Reflected.XSS HIGH" "chatlive No.known.fix Unauthenticated.SQL.Injection HIGH" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "cf7-redirect-thank-you-page 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "caldera-smtp-mailer No.known.fix Missing.Authorization MEDIUM" "c9-admin-dashboard No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "cf7-google-sheets-connector 5.0.18 Missing.Authorization MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cms-press No.known.fix Admin+.Stored.XSS LOW" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "contact-page-with-google-map No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "coins-marketcap 5.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "cs-framework 7.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "cs-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "cardealerpress 6.8.2505.01 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.saleclass.Parameter MEDIUM" "cardealerpress 6.7.2411.00 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "codecolorer 0.10.1 CodeColorer.<.0,10,1..Admin+.Stored.Cross-Site.Scripting LOW" "compact-wp-audio-player 1.9.15 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "compact-wp-audio-player 1.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_embed_player.Shortcode MEDIUM" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "conditional-shipping-for-woocommerce 3.4.1 Cross-Site.Request.Forgery MEDIUM" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "cyber-new-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "common-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "conditional-menus 1.2.1 Reflected.XSS HIGH" "contact-form-7-campaign-monitor-extension No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "custom-functions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cookie-scanner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "callback-request No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization.to.Authenticated.(Contributor+).PHP.Object.Injection HIGH" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization MEDIUM" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "cbxpoll No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "cbxwpsimpleaccounting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cookiehint-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "copy-the-code 4.0.4 Contributor+.Stored.XSS MEDIUM" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "convertplug 3.5.31 ConvertPlus.<.3.5.31.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.4.5 Multiple.Issues HIGH" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "css-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "code-explorer No.known.fix Authenticated.(Admin+).External.File.Reading MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "checkbot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "croma-music 3.6.1 Authenticated.(Subscriber+).Arbitrary.Options.Update.in.ironMusic_ajax HIGH" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cab-grid 1.6 Admin+.Stored.XSS LOW" "custom-page-extensions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cm-ad-changer 2.0.6 Cross-Site.Request.Forgery MEDIUM" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.5 XSS MEDIUM" "chat-viber 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "clicksold-wordpress-plugin No.known.fix Admin+.XSS LOW" "custom-database-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "coupon-lite 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coupon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "cf7-reply-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "contexto No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.3 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cf7-mollie No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "cf7-mollie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "connect-daily-web-calendar No.known.fix Stored.XSS.via.CSRF HIGH" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "custom-admin-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charity-addon-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "charity-addon-for-elementor 1.3.3 Contributor+.Stored.XSS MEDIUM" "charity-addon-for-elementor 1.3.2 .Contributor+.Stored.XSS MEDIUM" "cf7-paystack-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "categorized-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.4.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "custom-smilies No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-bot No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cubewp-forms 1.1.6 Missing.Authorization MEDIUM" "cubewp-forms No.known.fix Missing.Authorization MEDIUM" "cubewp-forms 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "chatroll-live-chat 2.6.0 Contributor+.Stored.XSS MEDIUM" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "car-park-booking-system-for-wordpress No.known.fix Missing.Authorization MEDIUM" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.9 Unauthenticated.Blind.SSRF MEDIUM" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "camoo-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-email-add-on No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "call-now-button 1.4.14 Cross-Site.Request.Forgery MEDIUM" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "caching-compatible-cookie-optin-and-javascript 0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookiebot 4.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Survey.Submission MEDIUM" "cookiebot 3.6.1 CSRF.&.XSS LOW" "chatter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Missing.Authorization MEDIUM" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "custom-shortcode-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.4.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.2 PayPal.&.Stripe.Add-on.<.2.3.2.-.Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "chaport No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-flipbook-from-pdf No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "campus-explorer-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consensu-io 1.0.4 Unauthenticated.Settings.Update MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "cryptocurrency-widgets-for-elementor 1.6.5 Unauthenticated.Local.File.Inclusion HIGH" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "contentoptin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clearbit No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-material-design No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "coaching-staffs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "collapsing-categories 3.0.9 Unauthenticated.SQL.Injection HIGH" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "conversion-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "contest-gallery 26.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "contest-gallery 26.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contest-gallery 25.1.2 Authenticated.(Author+).SQL.Injection MEDIUM" "contest-gallery 24.0.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 24.0.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "contest-gallery 24.0.4 Unauthenticated.SQL.Injection CRITICAL" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copyscape-premium 1.4.0 Stored.XSS.via.CSRF HIGH" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "child-themes-helper No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "clp-custom-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-mirror No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "call-me-now No.known.fix Cross-Site.Request.Forgery MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "critical-site-intel-stats No.known.fix Unauthenticated.SQL.Injection CRITICAL" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "cf7-calendly-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "contact-us-by-lord-linus No.known.fix Admin+.Stored.XSS.via.CSRF HIGH" "contact-us-by-lord-linus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "color-your-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "czater No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "cricket-score 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "custom-widget-classes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cleverreach-wc No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "chart-builder 3.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 2.9.6 Unauthenticated.Local.File.Inclusion.via.source CRITICAL" "chart-builder 2.7.7 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "cj-change-howdy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "competition-form No.known.fix Reflected.XSS HIGH" "competition-form No.known.fix Competition.Deletion.via.CSRF MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.confetti-fall-animation.Shortcode MEDIUM" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "cresta-addons-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-faq 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-star-rating-with-font-awersome No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-css 2.4.2 Cross-Site.Request.Forgery.to.Remote.Code.Exectuiron HIGH" "custom-css 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "chaty-pro 3.3.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "cab-fare-calculator 1.1.7 Admin+.Stored.XSS LOW" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "csv-mass-importer No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "chat2 No.known.fix Stored.XSS.via.CSRF HIGH" "cision-block 4.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "cluevo-lms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Cross-Site.Request.Forgery.to.Module.Deletion MEDIUM" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "custom-comment-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "canalplan-ac No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "crm2go No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cloudflare-cache-purge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "capitalize-my-title No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "comment-approved-notifier-extended 5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "clyp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-simple-rss 2.0.7 CSRF MEDIUM" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "cf7-conditional-fields 2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "cm-on-demand-search-and-replace 1.4.3 Reflected.XSS HIGH" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "calendi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "countdown-wpdevart-extended 1.8.3 Admin+.Stored.XSS LOW" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "content-slider-block 3.1.6 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cal-com No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-store-locator 1.4.8 Reflected.Cross-Site.SCripting MEDIUM" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cubewp-framework 1.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cubewp-framework 1.1.24 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "cubewp-framework No.known.fix Cross-Site.Request.Forgery MEDIUM" "cubewp-framework 1.1.16 Missing.Authorization MEDIUM" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cas-maestro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "captchelfie-captcha-by-selfie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "clear-sucuri-cache No.known.fix Missing.Authorization MEDIUM" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "clickdesigns 2.0.0 Missing.Authorization.to.API.Key.Modification.or.Removal MEDIUM" "covermanager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-posts-order No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "cobwebo-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cache-control-by-cacholong No.known.fix Cross-Site.Request.Forgery MEDIUM" "cache-control-by-cacholong No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cosmosfarm-share-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "c9-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "c9-blocks No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "clickwhale 2.4.7 Missing.Authorization MEDIUM" "clickwhale 2.4.4 Cross-Site.Request.Forgery MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cryout-serious-slider 1.2.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "cc-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "car-demon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codescar-radio-widget No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clink No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "catch-dark-mode No.known.fix Contributor+.Local.File.Inclusion HIGH" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "customize-my-account-for-woocommerce 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "customize-my-account-for-woocommerce 2.7.30 Reflected.Cross-Site.Scripting.via.tab.Parameter MEDIUM" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.livesite-pay.Shortcode MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "cwd-3d-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "classy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "counters-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "credova-financial 2.5.1 Cross-Site.Request.Forgery MEDIUM" "credova-financial 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf7-telegram 0.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Subscription.Approve/Pause/Refuse MEDIUM" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "custom-database-applications-by-caspio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-vcard-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-vcard-generator No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "coub No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customizable-captcha-and-contact-us-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "custom-coming-soon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copyright-safeguard-footer-notice No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "client-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crypto 2.16 Cross-Site.Request.Forgery.to.Authentication.Bypass HIGH" "crypto 2.19 Authentication.Bypass.via.log_in CRITICAL" "crypto 2.20 Authentication.Bypass.via.register CRITICAL" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "contribuinte-checkout 2.0.04 Stored.XSS.via.CSRF HIGH" "category-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "calculate-prices-based-on-distance-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "curated-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.5.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.68 Unauthenticated.SQL.Injection HIGH" "cost-calculator-builder 3.2.68 Authenticated.(Subscriber+).SQL.Injection.via.order_ids.Parameter MEDIUM" "cost-calculator-builder 3.2.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.43 Settings.update.via.CSRF MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "ck-and-syntaxhighlighter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "custom-checkout-fields-for-woocommerce 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chaty 3.3.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "custom-banners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-manager 8.6.5 Unauthenticated.Arbitrary.Double.File.Extension.Upload HIGH" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-security-policy-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "country-flags-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customize-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "calculated-fields-form 5.3.59 Cross-Site.Request.Forgery MEDIUM" "calculated-fields-form 5.2.62 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.62 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.64 Denial.of.Service MEDIUM" "calculated-fields-form 5.2.64 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.46 HTML.Injection MEDIUM" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "callphoner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-protector 4.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "call-now-coccoc-pht-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "cookies-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "cryokey No.known.fix Reflected.Cross-Site.Scripting.via.'ckemail'.Parameter MEDIUM" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "contentstudio No.known.fix Missing.Authorization MEDIUM" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "cf7save-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "cultbooking-booking-engine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "customer-reviews-woocommerce 5.62.0 Missing.Authorization.to.Authenticated.(Subscriber+).Import.Cancellation MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "csv-to-html 3.15 Reflected.Cross-Site.Scripting HIGH" "csv-to-html 3.27 Subscriber+.Arbitrary.File.Upload CRITICAL" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "cart66-cloud No.known.fix Unauthenticated.Information.Exposure MEDIUM" "cart66-cloud No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-submission-dom-tracking No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "creative-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "color-palette No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hex.Parameter MEDIUM" "cpt-ajax-load-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "custom-post-order-category 2.0 Missing.Authorization MEDIUM" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "click-pledge-connect 2.24120000-WP6.7.1 Unauthenticated.SQL.Injection HIGH" "cartboss 4.1.3 Missing.Authorization MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.type.Parameter MEDIUM" "colour-smooth-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contextual-related-posts 4.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "crowdfunding-for-woocommerce 3.1.13 Reflected.Cross-Site.Scripting MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "content-snippet-manager 1.1.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "connector-civicrm-mcrestface 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "connector-civicrm-mcrestface 1.0.11 Missing.Authorization MEDIUM" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "crudlab-scroll-to-top No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cwd-stealth-links No.known.fix Unauthenticated.SQL.Injection HIGH" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "case-study No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "capturly-optimize-your-website No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "covid-19-alert No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "cookiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "country-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "country-blocker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-utm-tracking No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "court-reservation 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "contact-us-page-contact-people No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.style.Parameter MEDIUM" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "cackle No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "cyan-backup 2.5.4 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.General.Settings LOW" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.Remote.Storage.Settings LOW" "cm-answers 3.3.4 Cross-Site.Request.Forgery MEDIUM" "cm-answers 3.2.7 Missing.Authorization MEDIUM" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder-pro 3.2.16 Unauthenticated.SQL.Injection.via.data HIGH" "cost-calculator-builder-pro No.known.fix .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "cm-map-locations 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "cgm-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cc-canadian-mortgage-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "clearout-email-validator 3.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cats-job-listings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captcha-bank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-manager-light No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "connections No.known.fix Authenticated.(Admin+).Arbitrary.Directory.Deletion MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-generator No.known.fix Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "cf7-builder No.known.fix Cross-Site.Request.Forgery MEDIUM" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "chameleon-jobs 2.5.5 Reflected.Cross-Site.Scripting HIGH" "connect-contact-form-7-to-constant-contact-v3 1.5 Reflected.Cross-Site.Scripting MEDIUM" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "cookielay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cookielay.Shortcode MEDIUM" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "content-blocks-builder 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "confirm-user-registration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "css-for-elementor No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "css-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "cm-invitation-codes No.known.fix Missing.Authorization MEDIUM" "church-management No.known.fix Unauthenticated.SQL.Injection HIGH" "church-management No.known.fix Subscriber+.Privilege.Escalation HIGH" "church-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "church-management No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "contact-form-with-shortcode 4.2.6 Reflected.Cross-Site.Scripting MEDIUM" "co-marquage-service-public 0.5.77 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "coronavirus-covid-19-notice-message No.known.fix Admin+.Stored.XSS LOW" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "catch-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "course-migration-for-learndash No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cryptocurrency-widgets-pack No.known.fix Missing.Authorization MEDIUM" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "coreactivity 2.7.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "contact-form-by-supsystic 1.7.30 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.saveAsCopy.AJAX.Action MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Admin+).Remote.Code.Execution HIGH" "contact-form-by-supsystic 1.7.28 CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "crudlab-google-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-star-rating No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-7-dynamic-text-extension 5.0.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-dynamic-text-extension 4.5.1 Information.Disclosure.via.Shortcode MEDIUM" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "cloak-front-end-email 1.9.6 Missing.Authorization MEDIUM" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "control-listings 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "calendar No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "countdown-timer-block No.known.fix Contributor+.Stored.XSS MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "checkout-mestres-wp No.known.fix 8.7.5.-.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 8.6.1 Authenticated.(Admin+).Local.File.Inclusion HIGH" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "cafe-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "custom-script-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "csv-wc-product-import-export No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "cost-calculator-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cmsmasters-elementor-addon 1.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "colibri-page-builder 1.0.332 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.288 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "cxc-sawa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cookiecode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "customize-wpadmin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkout-files-upload-woocommerce 2.2.1 Contributor+.Stored.XSS MEDIUM" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cf7-message-filter 1.6.33 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Creation MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Updates/Deletions MEDIUM" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-content-scrollbar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cardgate 3.2.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cardgate 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "configure-conference-room No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-7-anti-spambot No.known.fix Missing.Authorization MEDIUM" "custom-emails-for-woocommerce 3.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-emailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-date-archives No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "custom-twitter-feeds 2.3.0 Cross-Site.Request.Forgery.to.Cache.Reset.via.ctf_clear_cache_admin.Function MEDIUM" "custom-twitter-feeds 2.2.4 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.2.3 Admin+.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "continue-shopping-from-cart-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "counter-box 2.0.7 Authenticated.(Administrator+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "counter-box 2.0.6 Cross-Site.Request.Forgery MEDIUM" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "custom-product-stickers-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "crossword-compiler-puzzles No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crossword-compiler-puzzles No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "cf7-summary-and-print 1.2.6 Settings.Update.via.CSRF MEDIUM" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comfino-payment-gateway 4.1.2 Reflected.Cross-Site.Scripting HIGH" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clearfy 2.3.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "clearfy 2.3.3 Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.'setup-wbcr_clearfy' MEDIUM" "clearfy 2.2.5 Missing.Authorization MEDIUM" "clearfy 2.3.3 Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "code-snippets-cpt No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "convert-docx2post No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "codebard-help-desk No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "codebard-help-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codebard-help-desk 1.1.2 Cross-Site.Request.Forgery MEDIUM" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Editor+).Local.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Contributor+).Limited.Local.PHP.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-settings No.known.fix Admin+.Stored XSS LOW" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "cbxpetition 2.0.0 Unauthenticated.SQLi HIGH" "category-icon No.known.fix Authenticated.(Author+).XML.External.Entity.Injection MEDIUM" "category-icon 1.0.2 Author+.Arbitrary.File.Download MEDIUM" "category-icon 1.0.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "catch-duplicate-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "christian-science-bible-lesson-subjects 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "christmas-panda 1.1.0 Cross-Site.Request.Forgery MEDIUM" "circle-image-slider-with-lightbox 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "cookie-notice 2.4.18 Admin+.Stored.XSS LOW" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "cb-logo-slider 4.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cubepm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "category-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "compare-ninja-comparison-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "charitydonation-thermometer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "ctabs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-ready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "custom-list-table-example No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "crelly-slider 1.4.7 Admin+.Stored.XSS LOW" "crelly-slider 1.4.6 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "captcha 4.4.5 Backdoored MEDIUM" "cities-shipping-zones-for-woocommerce 1.2.8 Authenticated.(Shop.Manager+).Local.File.Inclusion HIGH" "client-documentation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "contact-form-to-any-api 1.2.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form HIGH" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "contact-form-to-email 1.3.53 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "crm-customer-relationship-management-by-vcita 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Susbcriber+).Widget.Toggle MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "custom-wp-rest-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "candifly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "connatix-video-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "css-js-files 1.5.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "clicface-trombi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.nom.Parameter MEDIUM" "comments-with-hypercommentscom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-list-widget No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "cp-contact-form-with-paypal 1.3.53 Cross-Site.Request.Forgery MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "carrrot No.known.fix Admin+.Stored.XSS LOW" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocloud-crypto-payment-gateway No.known.fix Crypto.Payment.Gateway.<=.2.1.2.-.Missing.Authorization MEDIUM" "cnzz51la-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "correosoficial 1.3.0.3 Unauthenticated.Arbitrary.File.Download HIGH" "custom-related-posts 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-related-posts 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Post.Search.and.Relation.Updates MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "cf7-manual-spam-blocker No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "client-power-tools 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "coupon-referral-program No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "coupon-referral-program No.known.fix Sensitive.Information.Disclosure MEDIUM" "cleanup-light 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "complete-google-seo-scan No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "cart-tracking-for-woocommerce 1.0.18 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cart-tracking-for-woocommerce 1.0.17 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "cf7-repeatable-fields 2.0.2 Repeatable.Fields.<.2.0.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.field_group.Shortcode MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cosmic-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-lockdown No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "cj-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codeflavors-vimeo-video-post-lite 2.3.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "community-yard-sale No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-bulkquick-edit No.known.fix Cross-Site.Request.Forgery MEDIUM" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "category-d3-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checklist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-spreadsheets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-spreadsheets No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "currency-switcher-for-woocommerce 0.0.8 Cross-Site.Request.Forgery MEDIUM" "cue 2.4.5 Missing.Authorization MEDIUM" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ce21-suite 2.2.1 Unauthenticated.Privilege.Escalation CRITICAL" "ce21-suite No.known.fix Missing.Authorization.to.Unauthenticated.Plugin.Settings.Change MEDIUM" "ce21-suite No.known.fix JWT.Token.Disclosure CRITICAL" "ce21-suite 2.2.1 Authentication.Bypass CRITICAL" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chesstempoviewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "card-games No.known.fix CSRF.Bypass NONE" "custom-post-type-templates-for-elementor 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cf7-salesforce 1.4.5 Unauthenticated.Full.Path.Disclosure MEDIUM" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "cleantalk-spam-protect 6.44 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.45 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "campus-directory 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cits-support-svg-webp-media-upload No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cits-support-svg-webp-media-upload No.known.fix Cross-Site.Request.Forgery.to.Font.Assignment.Deletion MEDIUM" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "cookie-notice-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "coblocks 3.1.14 Missing.Authorization MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "codehaveli-bitly-url-shortener No.known.fix Cross-Site.Request.Forgery MEDIUM" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "content-audit-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "causes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comparepress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "checkout-field-visibility-for-woocommerce No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "computer-repair-shop 3.8214 Missing.Authorization MEDIUM" "computer-repair-shop 3.8120 Authenticated.(Customer+).Privilege.Esclation.via.Account.Takeover CRITICAL" "computer-repair-shop 3.8122 Missing.Authorization.to.Account.Takeover/Privilege.Escalation HIGH" "computer-repair-shop 3.8116 Unauthenticated.Arbitrary.File.Upload CRITICAL" "custom-top-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cloud No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.4.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.3.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.2.7 Unauthenticated.Privilege.Escalation.via.Password.Recovery CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.2.1 Stored.XSS LOW" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "cpt-to-map-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "coinpayments-payment-gateway-for-woocommerce 1.0.18 Unauthenticated.PHP.Object.Injection CRITICAL" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "custom-skins-contact-form-7 No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Update.and.Skin.Creation MEDIUM" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "cart-lift 3.1.6 Reflected.XSS HIGH" "contact-form-7-round-robin-lead-distribution No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "category-posts 4.9.20 Admin+.Stored.XSS LOW" "category-posts 4.9.18 Admin+.Stored.XSS LOW" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "contact-form-master No.known.fix Reflected.XSS HIGH" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-facebook-feed 4.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'data-color'.Attribute MEDIUM" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "contact-form-7 6.0.6 Order.Replay.Vulnerability MEDIUM" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "clinked-client-portal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinked-client-portal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-calendar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "canvasflow No.known.fix Reflected.XSS HIGH" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "conditional-payments-for-woocommerce 3.3.1 Cross-Site.Request.Forgery MEDIUM" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "custom-icons-for-elementor 0.3.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "coming-soon 6.18.16 Subscriber+.Sensitive.Information.Exposure MEDIUM" "coming-soon 6.18.4 Editor+.Stored.XSS MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "chronoforms No.known.fix CSRF MEDIUM" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "clover-online-orders 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.moo_receipt_link.Shortcode MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "cryptocurrency-price-widget 1.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "collect-and-deliver-interface-for-woocommerce 5.5.6 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "code-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ct-real-estate-core 3.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "classified-listing 4.0.5 Unauthenticated.Settings.Exposure MEDIUM" "classified-listing 3.1.16 Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update HIGH" "classified-listing 3.1.17 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "comments-import-export-woocommerce 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "comments-import-export-woocommerce 2.3.9 Authenticated.(Author+).Arbitrary.File.Read.via.Directory.Traversal MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "crm-memberships No.known.fix Admin+.Stored.XSS LOW" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "comments-on-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.75 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.77 Admin+.Stored.XSS.via.Custom.Styles LOW" "cp-polls 1.0.77 Admin+.Stored.Cross-Site.Scripting LOW" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "contentlock 1.0.4 Settings.Update.via.CSRF MEDIUM" "contentlock 1.0.4 Email.Adding.via.CSRF MEDIUM" "contentlock 1.0.4 Groups/Emails.Deletion.via.CSRF MEDIUM" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "common-tools-for-site No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "check-pincode-for-woocommerce 1.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-manager No.known.fix Reflected.XSS.Vulnerability HIGH" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "custom-post-type-gui No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "church-admin 5.0.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 5.0.10 Unauthenticated.Information.Disclosure MEDIUM" "church-admin 5.0.19 Unauthenticated.SQL.Injection HIGH" "church-admin 5.0.9 Missing.Authorization MEDIUM" "church-admin 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "cs-element-bucket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-taxonomy-category-and-term-fields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "course-booking-system No.known.fix Reflected.Cross-Site.Scripting HIGH" "course-booking-system 6.1.1 Missing.Authorization MEDIUM" "course-booking-system 6.0.7 Unauthenticated.SQL.Injection HIGH" "cf7-zendesk 1.1.4 Cross-Site.Request.Forgery MEDIUM" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "cf7-multi-step 2.7.8 Unauthenticated.SQL.Injection HIGH" "crudlab-facebook-like-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-forms-anti-spam 2.2.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Change MEDIUM" "contact-forms-anti-spam 2.1.3 Advanced.Spam.protection.<.2.1.3.-.Admin+.Stored.XSS LOW" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "chatbot 6.2.4 Admin+.Stored.XSS LOW" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "category-post-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "create-with-code 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "create-custom-dashboard-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-custom-dashboard-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "custom-url-shorter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "dashi 3.1.9 Missing.Authorization MEDIUM" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "dark-mode 1.7 Stored.XSS MEDIUM" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "dr-affiliate No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "demo-importer-plus 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "display-remote-posts-block 1.1.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "dino-game 1.2.0 Contributor+.Stored.XSS MEDIUM" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "dsgnwrks-twitter-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dejureorg-vernetzungsfunktion 1.98.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "distance-based-shipping-calculator 2.0.23 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization MEDIUM" "distance-based-shipping-calculator 2.0.22 Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.24 Subscriber+.SQL.Injection HIGH" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "devformatter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.CSS MEDIUM" "drag-and-drop-custom-sidebar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "dzs-zoomsounds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dzs-zoomsounds No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.and.Settings.Manipulation HIGH" "dzs-zoomsounds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.PHP.Object.Injection HIGH" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "digital-license-manager 1.7.4 Reflected.Cross-Site.Scripting.via.remove_query_arg.Function MEDIUM" "dashboard-notepads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dn-sitemap-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "digital-marketing-agency-templates-for-elementor No.known.fix Cross-Site.Request.Forgery.to.Import MEDIUM" "doneren-met-mollie 2.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "dynamic-to-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "datamentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor No.known.fix Missing.Authorization MEDIUM" "dethemekit-for-elementor 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "delucks-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delucks-seo No.known.fix Subscriber+.Arbitrary.File.Read MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Unauthenticated.Information.Exposure MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Deletion MEDIUM" "dc-woocommerce-multi-vendor 4.2.20 Missing.Authorization.to.Unauthenticated.Table.Rates.Deletion MEDIUM" "dc-woocommerce-multi-vendor 4.2.15 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "dc-woocommerce-multi-vendor 4.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Cross-Site.Request.Forgery.to.Vendor.Updates MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Missing.Authorization.to.Forged.Vendor.Profile.Deletion.Email.Sending MEDIUM" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "daily-prayer-time-for-mosques 2024.09.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "demo-user-dzs-showcase-your-admin-safely No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "dicom-support 0.10.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "dn-footer-contacts No.known.fix Cross-Site.Request.Forgery MEDIUM" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "do-that-task No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digital-lottery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "digiwidgets-image-editor No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "ds-site-message 1.14.5 Stored.XSS.via.CSRF HIGH" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "domain-theme No.known.fix Cross-Site.Request.Forgery MEDIUM" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "drop-in-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "dynamic-widgets 1.6.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "dont-break-the-code No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "directorypress-frontend 2.8.0 Cross-Site.Request.Forgery.to.Listing.Status.Update MEDIUM" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-caps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dhvc-form 2.4.8 Unauthenticated.Privilege.Escalation CRITICAL" "datasets-manager-by-arttia-creative No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "dsgvo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "dima-take-action No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "don8 No.known.fix Admin+.Stored.XSS LOW" "dr-flex 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-post-and-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-post-and-page No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "delete-post-revision No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "debranding No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "debranding No.known.fix Privilege.Escalation HIGH" "display-post-meta No.known.fix Display.Post.Meta.<=.2,4,4.-Reflected.Cross-Site.Scripting MEDIUM" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "digits 8.4.6.1 Auth.Bypass.via.OTP.Bruteforcing CRITICAL" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "dts-simple-share No.known.fix Admin+.XSS LOW" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-file-upload-for-elementor-forms 1.5.0 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "database-backup 2.37 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "database-backup 2.36 Authenticated.(Administrator+).Sensitive.Information.Exposure HIGH" "database-backup 2.33 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "duogeek-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "document No.known.fix Missing.Authorization MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "distance-rate-shipping-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "droip No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "droip No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "display-terms-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "disc-golf-manager No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "display-template-name No.known.fix Cross-Site.Request.Forgery MEDIUM" "da-reactions 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "display-widgets 2.7 Backdoored MEDIUM" "dynamic-url-seo 1.2 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-url-seo 1.2 Cross-Site.Request.Forgery MEDIUM" "dynamic-url-seo 1.2 Reflected.XSS HIGH" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "dot-htmlphpxml-etc-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dp-alterminator-missing-alt-manager No.known.fix Missing.ALT.manager.<=.1.0.2.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "drivr-google-drive-file-picker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "devrix-dark-site 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "device-detector 4.2.1 Reflected.Cross-Site.Scripting.via.id MEDIUM" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dx-sales-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dollie 6.2.1 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Stored.XSS.via.CSRF HIGH" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drozd-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "docxpresso No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "debug-log-manager 2.3.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "dynamic-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "download-manager 3.3.19 Authenticated.(Author+).Stored.Cross-site.Scripting.via.wpdm_user_dashboard.Shortcode MEDIUM" "download-manager 3.3.13 Author+.Arbitrary.File.Deletion HIGH" "download-manager 3.3.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "download-manager 3.3.09 Authenticated.(Author+).Path.Traversal.to.Limited.File.Overwrite MEDIUM" "download-manager 3.3.07 Unauthenticated.Data.Exposure MEDIUM" "download-manager 3.3.04 Missing.Authorization MEDIUM" "download-manager 3.3.04 Unauthenticated.Download.of.Password-Protected.Files MEDIUM" "download-manager 3.3.04 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "download-manager 3.3.03 Admin+.Stored.XSS LOW" "download-manager 3.3.00 Contributor+.Stored.XSS LOW" "download-manager 3.2.99 Admin+.Stored.XSS LOW" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.51 Open.Redirect MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) HIGH" "dokan-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "dropdown-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dp-intro-tours 6.5.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "disable-admin-notices No.known.fix Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.7 Cross-Site.Request.Forgery.to.Account.Deletion MEDIUM" "dsgvo-all-in-one-for-wp 4.6 Contributor+.Stored.XSS MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dn-cookie-notice No.known.fix Cross-Site.Request.Forgery MEDIUM" "documentpress-display-any-document-on-your-site No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "data-dash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "donate-visa No.known.fix Missing.Authorization MEDIUM" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "donations-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "dp-addthis No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "debt-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator 5.71 Unauthenticated.Local.File.Inclusion CRITICAL" "debounce-io-email-validator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator 5.6.6 Reflected.Cross-Site.Scripting MEDIUM" "dzs-ajaxer-lite-dynamic-page-load No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 IP.Spoofing MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-tool No.known.fix Missing.Authorization MEDIUM" "debug-tool No.known.fix Unauthenticated.Arbitrary.File.Creation CRITICAL" "debug-tool No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "disabler 4.0.0 CSRF MEDIUM" "dzs-enable-debug No.known.fix Cross-Site.Request.Forgery MEDIUM" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "disqus-popular-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dadata-ru No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "debug-bar-extender No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "dpepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dforms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "download-html-tinymce-button No.known.fix Reflected.XSS HIGH" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "dyapress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "duplicate-theme No.known.fix CSRF MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "displayproduct No.known.fix Unauthenticated.SQL.Injection HIGH" "doppler-form 2.4.7 Missing.Authorization MEDIUM" "doppler-form No.known.fix Stored.XSS.via.CSRF HIGH" "doppler-form No.known.fix Contributor+.Stored.XSS MEDIUM" "ds-cf7-math-captcha 3.0.1 Reflected.XSS HIGH" "dsdownloadlist No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "database-sync No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "dh-local-seo No.known.fix Unauthenticated.SQL.Injection HIGH" "ditty-news-ticker 3.1.52 Author+.Stored.XSS LOW" "ditty-news-ticker 3.1.47 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "depay-payments-for-woocommerce 2.12.18 Missing.Authorization.to.Information.Exposure MEDIUM" "download-plugin 2.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).User.Metadata.and.Comment.Download MEDIUM" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "debug 1.11 CSRF MEDIUM" "dx-auto-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.7 Unauthenticated.Arbitrary.File.Upload.via.upload.Function CRITICAL" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.5 Unauthenticated.Arbitrary.File.Move CRITICAL" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "dobsondev-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.15 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "domain-for-sale 3.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class_name.Parameter MEDIUM" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "dashing-memberships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "document-data-automation 1.6.2 Cross-Site.Request.Forgery MEDIUM" "df-draggable No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "dap-to-autoresponders-daar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "doofinder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "different-shipping-and-billing-address-for-woocommerce 1.6 Unauthenticated.PHP.Object.Injection CRITICAL" "different-shipping-and-billing-address-for-woocommerce 1.5 Unauthenticated.SQL.Injection HIGH" "different-shipping-and-billing-address-for-woocommerce 1.3 Unauthenticated.SQL.Injection HIGH" "display-medium-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_medium_posts.Shortcode MEDIUM" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "devoluciones-packback No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "duplicate-title-validate 1.4 Subscriber+.SQL.Injection HIGH" "domain-sharding No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "digitimber-cpanel-integration 1.4.8 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "dk-pdf 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "defend-wp-firewall 1.1.1 Missing.Authorization MEDIUM" "disable-auto-updates No.known.fix Cross-Site.Request.Forgery.to.Auto-update.Disable MEDIUM" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "download-monitor 5.0.23 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "download-monitor 5.0.14 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "download-monitor 5.0.13 Missing.Authorization.to.API.Key.Manipulation MEDIUM" "download-monitor 5.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Shop.Enable MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "debrandify 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "dms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Reflected.XSS HIGH" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "dezdy-mcommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "demo-awesome No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Activation MEDIUM" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devnex-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "digipass No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "dofollow-case-by-case No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dofollow-case-by-case No.known.fix Cross-Site.Request.Forgery MEDIUM" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "display-product-variations-dropdown-on-shop-page No.known.fix Missing.Authorization MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "duplicate-pp 3.5.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "dancepress-trwa No.known.fix Cross-Site.Request.Forgery MEDIUM" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "duplicate-title-checker No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "dvk-social-sharing 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "docpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "dn-shipping-by-weight 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "dn-shipping-by-weight 1.2 Settings.Update.via.CSRF MEDIUM" "depicter 3.6.2 Unauthenticated.SQLi.via.'s'.Parameter HIGH" "depicter 3.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Missing.Authorization MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "dzs-videogallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dzs-videogallery No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "dzs-videogallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "dynamictags 1.4.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "donate-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "donate-me No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-original-image No.known.fix Cross-Site.Request.Forgery MEDIUM" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-post No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "dx-auto-save-images No.known.fix CSRF MEDIUM" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "daisycon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daisycon 4.9.0 Contributor+.SQL.Injection MEDIUM" "developer-toolbar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "disable-elementor-editor-translation 1.0.3 Missing.Authorization MEDIUM" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "delete-comments-by-status No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "definitive-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dominion-domain-checker-wpbakery-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "dental-optimizer-patient-generator-app No.known.fix Reflected.XSS HIGH" "dr-widgets-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.9.0 Unauthenticated.Arbitrary.File.Upload.via.Insufficient.Blacklist.Checks HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.9 Unauthenticated.PHP.Object.Injection.via.PHAR.to.Arbitrary.File.Deletion HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.8 Unauthenticated.Arbitrary.File.Deletion HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.6 Limited.Arbitrary.File.Deletion MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "designo No.known.fix Cross-Site.Request.Forgery MEDIUM" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28..Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dtc-documents No.known.fix Cross-Site.Request.Forgery MEDIUM" "darkmysite No.known.fix Cross-Site.Request.Forgery MEDIUM" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "dd-roles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "database-toolset No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Backup.Files MEDIUM" "database-toolset No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "database-toolset No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "docspress 2.5.3 Missing.Authorization MEDIUM" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "dreamstime-stock-photos 4.2 Reflected.Cross-Site.Scripting MEDIUM" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "daily-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "directorist 8.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Publishing MEDIUM" "directorist 8.2 Privilege.Escalation.and.Account.Takeover HIGH" "directorist 8.1 Unauthenticated.User.Information.Exposure MEDIUM" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "dropdown-multisite-selector 0.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "database-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "data-tables-generator-by-supsystic 1.10.37 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "dsgvo-youtube 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "devexhub-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "dynamic-product-categories-design 1.1.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "directorypress 3.6.23 Cross-Site.Request.Forgery MEDIUM" "directorypress 3.6.20 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "directorypress 3.6.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "directorypress 3.6.11 Contributor+.SQL.Injection HIGH" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "daily-proverb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "docket-cache 24.07.03 Unauthenticated.Local.File.Inclusion CRITICAL" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "deny-all-firewall 1.1.7 CSRF HIGH" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "dynamic-post-grid-elementor-addon 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "designer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "designer 1.5.0 Contributor+.Local.File.Inclusion HIGH" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "discount-and-dynamic-pricing 2.3.0 Cross-Site.Request.Forgery MEDIUM" "dl-leadback No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "db-tables-importexport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "display-future-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "dragon-calendar-free-version No.known.fix Cross-Site.Request.Forgery MEDIUM" "designthemes-core-features No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "designthemes-core-features 4.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.via.dt_process_imported_file HIGH" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dpt-oauth-client No.known.fix CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "dynamicconditions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "display-metadata No.known.fix Contributor+.Stored.XSS MEDIUM" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dokme No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "dorzki-notifications-to-slack No.known.fix Missing.Authorization MEDIUM" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dd-post-carousel 1.4.12 Contributor+.Stored.XSS MEDIUM" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "ddirections No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "easy-tweet-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "edd-google-sheet-connector-pro 1.4 Access.Code.Update.via.CSRF MEDIUM" "eduadmin-booking 5.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "editor-custom-color-palette 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ethereumico 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ethereum-ico.Shortcode MEDIUM" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "email-customizer-for-woocommerce-with-drag-drop-builder No.known.fix WooCommerce.Email.Customizer.<=.3.0.34.-.Authenticated.(Subscriber+).Missing.Authorization.to.SQL.Injection MEDIUM" "event-countdown-timer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-videos No.known.fix Admin+.Stored.XSS LOW" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "events-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elo-rating-shortcode 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-notifier 1.2.1 XSS MEDIUM" "embedded-cdn 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "emailpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "embedder No.known.fix 1.3.5.-.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "easy-real-estate No.known.fix Privilege.Escalation CRITICAL" "easy-real-estate No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "etemplates No.known.fix Unauthenticated.SQL.Injection CRITICAL" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "extensions-for-cf7 3.2.1 Authenticated.(Admin+).Sever-Side.Request.Forgery LOW" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "external-video-for-everybody No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-youtube-gallery 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-notify-lite 1.1.37 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-notify-lite 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "elementskit 3.7.9 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "embed-pdf-viewer 2.4.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.height.and.width.Parameters MEDIUM" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "estatik No.known.fix Contributor+.Local.File.Inclusion HIGH" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "easy-replace No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-contact No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "emma-emarketing-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce 4.2 Shop.manager+.Stored.XSS MEDIUM" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "elemenda No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-filtering No.known.fix Reflected.Cross-Site.Scripting HIGH" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "element-ready-lite 6.6.3 Cross-Site.Request.Forgery MEDIUM" "element-ready-lite 6.4.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "element-ready-lite 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "element-ready-lite 6.4.3 .Open.Redirect MEDIUM" "element-ready-lite 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ect-add-to-cart-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "easy-mls-listings-import 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "expresstechsoftwares-memberpress-discord-add-on 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-monster 1.4.4 Information.Exposure.Via.Visitors.List.Export MEDIUM" "event-monster 1.4.4 Unauthenticated.Information.Exposure MEDIUM" "event-monster 1.4.0 Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster No.known.fix Admin+.Stored.XSS LOW" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "elfsight-testimonials-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "elfsight-testimonials-slider No.known.fix Missing.Authorization MEDIUM" "elfsight-testimonials-slider No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "easy-paypal-events-tickets 1.3 Cross-Site.Request.Forgery MEDIUM" "easy-paypal-events-tickets 1.2.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "elastic-email-subscribe-form No.known.fix Missing.Authorization MEDIUM" "events-manager 6.6.4.2 Missing.Authorization MEDIUM" "events-manager 6.6.4 Unauthenticated.SQL.Injection.via.Event.Status.Parameter HIGH" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "elfsight-contact-form No.known.fix Unauthenticated.Information.Exposure MEDIUM" "events-addon-for-elementor 2.2.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "events-addon-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 2.2.1 Contributor+.Stored.XSS MEDIUM" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "eazydocs No.known.fix Missing.Authorization MEDIUM" "eazydocs No.known.fix Contributor+.Local.File.Inclusion HIGH" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "easy-eu-cookie-law No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ehive-objects-image-grid 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "event-espresso-decaf 5.0.31.decaf Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "eveeno 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "emails-verification-for-woocommerce 2.9.5 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "emails-verification-for-woocommerce 2.9.6 Authentication.Bypass.via.Shortcode HIGH" "emails-verification-for-woocommerce 2.9.0 Unauthenticated.SQL.Injection HIGH" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "email-reminders 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "easy-social-share-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-chart-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "embed-power-bi-reports 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic 1.5.0 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic 1.5.0 Shop.manager+.SQL.Injection MEDIUM" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "error-log-viewer-wp No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "error-log-viewer-wp 1.0.4 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "elite-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elite-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "elegant-visitor-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-quotes 1.2.3 Unauthenticated.SQL.Injection HIGH" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "employee-directory 4.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easy-bet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-rss No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "everest-backup 2.3.4 Cross-Site.Request.Forgery MEDIUM" "everest-backup 2.2.14 Unauthenticated.Backup.Download HIGH" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "eventON No.known.fix Missing.Authorization MEDIUM" "eventON 4.9.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.9.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "exhibit-to-wp-gallery No.known.fix Reflected.XSS HIGH" "external-featured-image-from-bing No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "ebecas No.known.fix Admin+.Stored.XSS LOW" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-swagger-ui No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "embed-any-document 2.7.6 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.embeddoc.Shortcode MEDIUM" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "elex-helpdesk-customer-support-ticket-system No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "elex-helpdesk-customer-support-ticket-system 3.2.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "email-notification-on-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "endomondowp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.7.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.7.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.and.Image.Comparison.Widgets MEDIUM" "exclusive-addons-for-elementor 2.7.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "exclusive-addons-for-elementor 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "email-on-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "export-import-menus 1.9.2 Missing.Authorization.to.Unauthenticated.Menu.Export MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "embed-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eucookielaw 2.7.3 Unauthenticated.Arbitrary.File.Read MEDIUM" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SMTP.Header.Injection MEDIUM" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "easy-page-transition No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventon-lite 2.4.5 Missing.Authorization MEDIUM" "eventon-lite 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "eventon-lite 2.4.1 Unauthenticated.Local.File.Inclusion CRITICAL" "eventon-lite 2.4.2 Contributor+.Local.File.Inclusion HIGH" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "exclusive-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "elementor-pro 3.29.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.25.11 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "evergreen-content-poster 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "envato-elements 2.0.15 Author+.Server-Side.Request.Forgery MEDIUM" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "essential-real-estate No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "essential-real-estate 5.2.1 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-real-estate 5.1.9 Cross-Site.Request.Forgery MEDIUM" "essential-real-estate 5.1.7 Missing.Authorization.to.Authenticated.(Contributor+).Information.Exposure MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-newsletter No.known.fix SQL.Injection CRITICAL" "eventon 4.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.7.-.Cross-Site.Request.Forgery.via.admin_test_email MEDIUM" "events-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "events-calendar-for-google 3.0.0 Contributor+.Local.File.Inclusion HIGH" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "easy-waveform-player 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-keep No.known.fix Email.Deletion.via.CSRF MEDIUM" "email-keep No.known.fix Reflected.XSS HIGH" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ec-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "expand-maker No.known.fix Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "expand-maker 3.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.'Read.More'.Post.Deletion MEDIUM" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "external-markdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "esv-bible-shortcode-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "essential-blocks 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Slider.and.Post.Carousel.Widgets MEDIUM" "essential-blocks 5.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 5.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.8.4 Missing.Authorization MEDIUM" "essential-blocks 5.1.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "ekiline-block-collection 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-demo-importer 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "event-calendars No.known.fix Unauthenticated.Arbitrary.Calendar.Deletion MEDIUM" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "enable-wp-debug-toggle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "exam-matrix No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "esign-genie-for-wp No.known.fix Authenticated.(Admin+).Information.Exposure LOW" "emarksheet 5.4.4 Reflected.Cross-Site.Scripting HIGH" "easy-query No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "email-obfuscate-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "edwiser-bridge 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "export-woocommerce 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "ez-form-calculator-premium No.known.fix WordPress.plugin.<=.2.14.1.2.-.Reflected.Cross-Site.Scripting MEDIUM" "explore-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.16 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "enhanced-paypal-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-replace-image 3.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-custom-admin-bar No.known.fix Reflected.Cross-Site.Scripting.via.msg.Parameter MEDIUM" "easyfonts 1.1.3 Cross-Site.Request.Forgery MEDIUM" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "experto-cta-widget 1.2.1 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "ebook-store 5.8009 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ebook-store No.known.fix Contributor+.Stored.XSS MEDIUM" "ebook-store 5.8002 Reflected.Cross-Site.Scripting MEDIUM" "ebook-store 5.8002 Reflected.Cross-Site.Scripting.via.'step' MEDIUM" "ebook-store 5.8002 Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "ebook-store 5.78 Admin+.Stored.XSS LOW" "easy-flashcards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "export-users No.known.fix CSV.Injection MEDIUM" "emoji-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "elevio No.known.fix Cross-Site.Request.Forgery MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "exertio-framework 1.3.2 Unauthenticated.Arbitrary.User.Password.Update HIGH" "elastik-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easyevent No.known.fix Admin+.Stored.XSS LOW" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "eventer No.known.fix Missing.Authorization MEDIUM" "eventer No.known.fix Unauthenticated.SQL.Injection HIGH" "eventer 3.9.9.3 Subscriber+.SQLi HIGH" "eventer 3.9.9 Reflected.Cross-Site.Scripting MEDIUM" "eventer 3.9.9.5.1 Missing.Authorization.to.Unauthenticated.Event.Ticket.Download MEDIUM" "eventer 3.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Bookings.Export MEDIUM" "eventer 3.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "eventer 3.9.9 Unauthenticated.SQL.Injection.via.eventer_get_attendees HIGH" "eventer 3.9.8 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "ect-product-carousel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "envato-affiliater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecommerce-product-catalog 3.3.44 Cross-Site.Request.Forgery.to.Password.Reset HIGH" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "elex-request-a-quote No.known.fix Missing.Authorization MEDIUM" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "enable-media-replace 4.1.6 Reflected.XSS HIGH" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "embed-documents-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-amazon-product-information No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "embed-rentle 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-shortcode-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "embed-lottie-player 1.2.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "epeken-all-kurir No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-svg-upload No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.8 Missing.Authorization MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "enhanced-youtube-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "event-registration-calendar-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-faqs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-and-integrate-etsy-shop No.known.fix Missing.Authorization MEDIUM" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-site-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "explara-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "easy-media-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.5.4 Arbitrary.Tickets.Deletion.via.CSRF MEDIUM" "event-tickets-with-ticket-scanner 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.12 Authenticated.(Author+).Remote.Code.Execution HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "epicwin-subscribers No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "echoza No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easyappointments No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.SQL.Injection HIGH" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.1.13 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "essential-addons-for-elementor-lite 6.1.13 Contributor+.Stored.XSS.via.Event.Calendar.Widget MEDIUM" "essential-addons-for-elementor-lite 6.1.10 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.1.10 Contributor+.Information.Disclosure LOW" "essential-addons-for-elementor-lite 6.0.15 Reflected.Cross-Site.Scripting HIGH" "essential-addons-for-elementor-lite 6.0.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Author+).Sensitive.Information.Exposure.to.Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ekc-tournament-manager 2.2.2 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ekc-tournament-manager 2.2.2 Delete.Tournaments.via.CSRF MEDIUM" "ekc-tournament-manager 2.2.2 Admin+.Arbitrary.File.Download LOW" "ekc-tournament-manager 2.2.2 Create.Tournaments/Teams.via.CSRF MEDIUM" "elementary-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.2.4 Missing.Authorization MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager-pro-extended No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "easy-fancybox 2.3.16 Contributor+.Stored.XSS MEDIUM" "easy-fancybox 2.3.15 Contributor+.Stored.XSS MEDIUM" "easy-fancybox 2.3.4 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-fancybox 2.3.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "exchange-rates 1.2.3 Missing.Authorization MEDIUM" "ele-blog No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Submission MEDIUM" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "editor-wysiwyg-background-color No.known.fix Missing.Authorization MEDIUM" "email-capture-lead-generation No.known.fix Missing.Authorization MEDIUM" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "embed-twine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "ect-homepage-products No.known.fix Reflected.XSS HIGH" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "elfsight-telegram-chat-cc No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-menu-manager-wpzest No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easync-booking 1.3.22 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "easync-booking 1.3.21 Missing.Authorization MEDIUM" "easync-booking 1.3.15 Subscriber+.PayPal.Settings.Update MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "etruel-del-post-copies 6.0 Missing.Authorization MEDIUM" "emc2-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "en-masse-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "exclusive-divi No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "exit-notifier 1.10.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "ean-for-woocommerce 5.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ean-for-woocommerce 5.4.0 Missing.Authorization MEDIUM" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "embedding-barcodes-into-product-pages-and-orders 2.0.5 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.3 Authenticated.(Subscriber+).Sensitive.Information.Disclosure MEDIUM" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.5.4 Admin+.Stored.XSS LOW" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-popup-lightbox-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "email-template-customizer-for-woo 1.2.9.2 Shop.manager+.Stored.XSS LOW" "ecwid-shopping-cart 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecwid-shopping-cart 6.12.28 Cross-Site.Request.Forgery.to.Send.Deactivation.Message MEDIUM" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "elex-product-feed No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "easy-code-snippets No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "easy-code-snippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "empik-for-woocommerce 1.4.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-form 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "eexamhall No.known.fix CSRF MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "exclusive-content-password-protect No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "ep4-more-embeds No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ebook-download 1.2 Directory.Traversal HIGH" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "ecava-diot-scada No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "embed-ispring No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "easy-school-registration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "easy-broken-link-checker No.known.fix Admin+.Stored.XSS LOW" "easy-broken-link-checker No.known.fix Bulk.Actions.via.CSRF MEDIUM" "easy-broken-link-checker No.known.fix Reflected.XSS HIGH" "easy-broken-link-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "endless-posts-navigation 2.2.8 Cross-Site.Request.Forgery MEDIUM" "events-for-geodirectory 2.3.15 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "email-address-obfuscation 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "email-subscribe 1.2.24 Authenticated.(Administrator+).SQL.Injection MEDIUM" "email-subscribe 1.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.print_email_subscribe_form.Shortcode MEDIUM" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "error-notification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "erocket 1.2.5 Admin+.Stored.XSS LOW" "ezplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "eventbee-rsvp-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "evernote-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "estatik-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik-mortgage-calculator 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "ecpay-ecommerce-for-woocommerce 1.1.2502030 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "easy-paypal-donation 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.4.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "express-pay 1.1.9 Unauthenticated.SQL.Injection.via.type_id HIGH" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "easypromos 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "easy-facebook-likebox-premium No.known.fix Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "enable-shortcodes-inside-widgetscomments-and-experts No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "elisqlreports 5.25.10 Cross-Site.Request.Forgery MEDIUM" "elisqlreports 5.25.10 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "elisqlreports 5.25.10 5.25.08.-.Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "elisqlreports 5.25.08 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-post-duplicator No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "easy-post-duplicator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.4 Arbitrary.File.Upload.via.CSRF HIGH" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 API.Key.Update.via.CSRF MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "email-subscribers 5.7.50 Admin+.Stored.XSS.in.Template LOW" "email-subscribers 5.7.52 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.44 Admin+.SQL.Injection MEDIUM" "email-subscribers 5.7.35 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "email-subscribers 5.7.35 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "envolve-plugin 1.1.0 Unauthenticated.Arbitrary.File.Upload.via.language_file.and.fonts_file CRITICAL" "envolve-plugin 1.1.0 Unauthenticated.Language.File.Deletion MEDIUM" "easy-csv-importer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eelv-redirection 1.5.1 Cross-Site.Request.Forgery.to.Arbitrary.Site.Redirect MEDIUM" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-popups 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-tynt No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "email-form-under-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "envo-extra 1.9.10 Missing.Authorization MEDIUM" "envo-extra 1.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Attendees.Export MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Ticket.Category.and.Ticket.Type.Name HIGH" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Transaction.Log MEDIUM" "eventprime-event-calendar-management 4.0.4.6 Open.Redirect MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.5.0 .Subscriber+.Arbitrary.booking.settings.update MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "easy-form-builder 3.8.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "easy-accordion-block 1.2.5 Missing.Authorization MEDIUM" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "event-post 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.events_cal.Shortcode MEDIUM" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post 5.9.11 Post.Metadata.Update.via.CSRF MEDIUM" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "extender-all-in-one-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eg-attachments No.known.fix Reflected.XSS HIGH" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-post-types No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "easy-booked 2.4.6 Cross-Site.Request.Forgery MEDIUM" "everest-forms 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 3.1.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "everest-forms 3.1.2 Unauthenticated.PHP.Object.Injection HIGH" "everest-forms 3.0.9.5 Unauthenticated.Arbitrary.File.Upload,.Read,.and.Deletion CRITICAL" "everest-forms 3.0.8.1 Admin+.Stored.XSS LOW" "everest-forms 3.0.4.2 Admin+.Stored.XSS LOW" "everest-forms 3.0.3.1 Admin+.Stored.XSS LOW" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "easy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enteraddons 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.2.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons 2.2.0 Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "e-shops-cart2 No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "easy-code-placement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "external-image-replace No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "external-image-replace No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "eu-vat-for-woocommerce 2.12.14 Reflected.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 2.12.14 Missing.Authorization MEDIUM" "eu-vat-for-woocommerce 3.0.0 Reflected.Cross-Site.Scripting HIGH" "email-suscripcion No.known.fix Unauthenticated.SQL.Injection HIGH" "easy-login-woocommerce 2.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.xoo_el_action.Shortcode MEDIUM" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "export-all-post-meta No.known.fix Missing.Authorization MEDIUM" "extensions-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor No.known.fix Reflected.Cross-Site.Scripting HIGH" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "external-database-based-actions No.known.fix Authenticated.(Subscriber+).Authentication.Bypass HIGH" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-google-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor 3.25.11 Contributor+.Stored.XSS MEDIUM" "elementor 3.27.5 Contributor+.Stored.XSS MEDIUM" "elementor 3.25.10 Contributor+.Stored.XSS.via.Typography.Settings MEDIUM" "elementor 3.25.8 Contributor+.Stored.XSS MEDIUM" "elementor 3.24.6 Contributor+.Information.Exposure.via.get_image_alt LOW" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "email-to-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.12 Reflected.XSS HIGH" "enhanced-tooltipglossary 4.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.4 Admin+.Stored.XSS LOW" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "erima-zarinpal-donate No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "explara-membership No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "easy-automatic-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-svg 3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "elementskit-lite 3.5.3 Contributor+.Stored.XSS.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.4.8 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.4.1 Unauthenticated.Information.Exposure MEDIUM" "elementskit-lite 3.4.1 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-language-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easyme-connect No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-wp-tiles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ezyonlinebookings-online-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "esb-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "encyclopedia-lexicon-glossary-wiki-dictionary 1.7.61 Reflected.Cross-Site.Scripting MEDIUM" "emailshroud No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ethiopian-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "event-tickets 5.20.1 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.19.1.2 Missing.Authorization.to.Ticket.Deletion MEDIUM" "event-tickets 5.18.1.1 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "easy-post-to-post-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "epoll-wp-voting 3.5 Subscriber+.Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "easy-liveblogs 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-wp-optimizer No.known.fix Missing.Authorization MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "easy-blocks-pro No.known.fix Missing.Authorization HIGH" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "export-customers-data 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Unauthenticated.SQL.Injection HIGH" "eewee-admincustom No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "eewee-admincustom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "edunext-openedx-integrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "emi-calculator No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "enquiry-quotation-for-woocommerce 2.2.33.34 Authenticated.(Author+).PHP.Object.Injection.in.enquiry_detail.php HIGH" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embedpress 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'provider_name' MEDIUM" "embedpress 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "easy-custom-css No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-social-sharebar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eg-series No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "etsy-importer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-charts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ect-social-share No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "essential-wp-real-estate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-wp-real-estate No.known.fix Reflected.XSS HIGH" "essential-wp-real-estate No.known.fix Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "embed-chessboard No.known.fix Contributor+.Stored.XSS MEDIUM" "enable-accessibility No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-accessibility 1.4.1 CSRF MEDIUM" "edoc-easy-tables No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "epermissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-child-theme-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "extra-options-favicons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "eyewear-prescription-form 4.0.19 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "email-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.0.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Arbitrary.File.Upload HIGH" "essay-wizard-wpcres No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fontFamily.Attribute MEDIUM" "easy-pricing-tables 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "ecab-taxi-booking-manager 1.2.2 Missing.Authorization MEDIUM" "ecab-taxi-booking-manager 1.1.9 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "erp 1.14.0 Missing.Authorization MEDIUM" "erp 1.13.4 Custom+.Unauthorized.Access.to.Terminated.Employee.Information MEDIUM" "erp 1.13.4 Admin+.Stored.XSS LOW" "erp 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "extra-privacy-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "envo-elementor-for-woocommerce 1.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "elite-notification 2.0.0 Subscriber+.Stored.XSS MEDIUM" "elementinvader-addons-for-elementor 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization MEDIUM" "elementinvader-addons-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization.to.Arbitrary.Options.Read MEDIUM" "elementinvader-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementinvader-addons-for-elementor 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exit-popup-free No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eelv-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eelv-newsletter No.known.fix Cross-Site.Request.Forgery MEDIUM" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "eventify No.known.fix Admin+.Stored.XSS LOW" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "education-addon No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.naedu_elementor_template.Shortcode MEDIUM" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-digital-downloads 3.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.edd_receipt.Shortcode MEDIUM" "easy-digital-downloads 3.3.7 Unauthenticated.Private.Post.Title.Disclosure MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Title MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "easy-digital-downloads 3.3.5 3.3.4.-.Improper.Authorization.to.Paywall.Bypass LOW" "easy-digital-downloads 3.3.4 Authenticated.(Admin+).PHAR.Deserialization HIGH" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "easy-elementor-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-twitter-feeds No.known.fix Authenticated.(Contributor+).Post.Exposure MEDIUM" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "formassembly-web-forms 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Reflected.XSS HIGH" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "fwduvp 10.1 Unauthenticated.Arbitrary.File.Download HIGH" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "fluent-boards 1.48 Unauthenticated.PHP.Object.Injection CRITICAL" "frictionless No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fancy-roller-scroller 1.4.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "formfacade 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting HIGH" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-coupons 1.10.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "free-wp-mail-smtp No.known.fix Cross-Site.Request.Forgery MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "fancy-user-listing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "funnelcockpit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "funnelcockpit No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fraudlabs-pro-sms-verification 1.10.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fancy-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "forge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "friendly-functions-for-welcart 1.2.5 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "falang 1.3.62 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "finance-calculator-with-application-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-maker 1.15.34 Admin+.Stored.XSS LOW" "form-maker 1.15.32 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.33 .Admin+.Stored.XSS LOW" "form-maker 1.15.33 Admin+.Stored.XSS.via.Theme.Title LOW" "form-maker 1.15.31 Admin+.Stored.XSS LOW" "form-maker 1.15.28 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "form-maker 1.15.31 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "form-maker 1.15.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS HIGH" "form-maker 1.15.19 Reflected.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "forms-3rdparty-post-again No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "filtr8-magazine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ferma-ru-net-checkout No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "full-screen-menu-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "float-block No.known.fix Admin+.Stored.XSS.via.Widget LOW" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "flower-delivery-by-florist-one 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "frontend-post-submission No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "falcon 2.8.4 Missing.Authorization MEDIUM" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "fast-flow-dashboard 1.2.18 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "friendstore-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "fruitcake-horsemanager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "free-stock-photos-foter No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-tube No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-tube No.known.fix Reflected.XSS HIGH" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "flexytalk-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "fp-rss-category-excluder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-posts-scroll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flash-show-and-hide-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "flipdish-ordering-system No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "fwd-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flashcounter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fluent-smtp 2.2.81 Cross-Site.Request.Forgery MEDIUM" "fluent-smtp 2.2.83 Unauthenticated.PHP.Object.Injection HIGH" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "flexible-blogtitle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.header_size.tag MEDIUM" "futurio-extra 2.0.14 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "futurio-extra 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "fws-ajax-contact-form 1.4.2 Contributor+.Stored.XSS MEDIUM" "feedburner-optin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "file-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "fastspring No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flickr-set-slideshows No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "flickr-set-slideshows No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make No.known.fix Multiple.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ftp-sync No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "freetobook-responsive-widget 1.1.1 Cross-Site.Request.Forgery MEDIUM" "foobox-image-lightbox 2.7.34 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "file-select-control-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "first-comment-redirect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-json No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "file-provider No.known.fix Item.Deletion.via.CSRF MEDIUM" "file-provider No.known.fix Unauthenticated.SQLi HIGH" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "footnotes-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexible-shipping-ups 3.0.0 Missing.Authorization.to.Plugin.API.key.reset MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "fable-extra 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "fable-extra 1.0.7 Unauthenticated.SQL.Injection HIGH" "fable-extra 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "facilita-form-tracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "football-leagues-by-anwppro 0.16.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "friends 3.2.2 Missing.Authorization MEDIUM" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "formatted-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "featured-page-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formularios-de-contacto-salesup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fulltext-search 1.79.264 Missing.Authorization MEDIUM" "fulltext-search 1.79.262 Missing.Authorization MEDIUM" "fulltext-search 1.79.262 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "food-store No.known.fix Reflected.Cross-Site.Scripting HIGH" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "fantastic-elasticsearch No.known.fix Reflected.XSS HIGH" "fonto No.known.fix Authenticated.(Author+).Arbitrary.File.Download MEDIUM" "fonto 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "fusion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "flexible-wishlist 1.2.27 Cross-Site.Request.Forgery.to.Wishlist.Creation/Modification MEDIUM" "flexible-wishlist 1.2.26 Unauthenticated.Stored.Cross-Site.Scripting.via.wishlist_name.Parameter HIGH" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fabrica-reusable-block-instances 1.0.9 Reflected.Cross-Site.Scripting HIGH" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fancy-elementor-flipbox 2.5.2 Contributor+.Stored.XSs.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "flexible-cookies 1.1.9 Cross-Site.Request.Forgery MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "fami-sales-popup No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "flip-boxes 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "faltu-testimonial-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "fw-integration-for-emailoctopus 1.0.8.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fw-integration-for-emailoctopus 1.0.8.2 Contributor+.Stored.XSS MEDIUM" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "fami-woocommerce-compare No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "flickr-slideshow-wrapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fv-descriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "flexi No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "flickr-photostream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "foodbakery-sticky-cart No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "facebook-secret-meta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "flash-album-gallery 2.72 "s".Cross-Site.Scripting HIGH" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "fonts-manager-custom-fonts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "fluent-community 1.3.1 Unauthenticated.PHP.Object.Injection CRITICAL" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "forumwp 2.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "forumwp 2.1.3 Reflected.Cross-Site.Scripting HIGH" "forumwp 2.1.3 Reflected.Cross-Site.Scripting.via.url.Parameter HIGH" "forumwp 2.1.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "form-data-collector 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "fontsampler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "freshmail-newsletter 1.6 Unauthenticated.SQL.Injection HIGH" "flattr No.known.fix Admin+.Stored.XSS LOW" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "fintelligence-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filedownload No.known.fix Multiple.Issues CRITICAL" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "facebook-pagelike-widget 6.4.2 Admin+.Stored.XSS LOW" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fifthsegment-whitelist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "flying-twitter-birds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "favorites 2.3.5 Admin+.Stored.XSS LOW" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "faq-builder-ays 1.7.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "foundation-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flx-dashboard-groups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "falling-things 1.09 Authenticated.(Editor+).SQL.Injection MEDIUM" "facebook-like-send-button 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "firedrum-email-marketing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fancybox-for-wordpress 3.3.6 Unauthenticated.Stored.XSS HIGH" "fancybox-for-wordpress 3.3.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 3.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 3.11.14 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "fusion-builder 3.11.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "fusion-builder 3.11.13 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "float-menu 6.1.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "firework-videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.6.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "fb-status-updater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "fancy-product-designer 6.4.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fancy-product-designer 6.4.4 Unauthenticated.SQL.Injection HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "files-download-delay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "fileorganizer 1.1.5 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "fileorganizer 1.1.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "funnel-builder 3.9.1 Unauthenticated.Local.File.Inclusion CRITICAL" "funnel-builder 3.10.2 Admin+.SQL.Injection MEDIUM" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "free-wp-booster-by-ads-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "filebird 6.4.6 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "filebird 6.3.4 Missing.Authorization MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "fusedesk 6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.successredirect.Parameter MEDIUM" "fusedesk 6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-editor No.known.fix Admin+.Stored.XSS LOW" "front-editor 4.4.8 Admin+.Stored.XSS LOW" "front-editor 4.4.5 Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "funnelforms-free No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "football-pool No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "feedbucket No.known.fix Cross-Site.Request.Forgery MEDIUM" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "free-product-table-for-woocommerce No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "free-product-table-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "feed-instagram-lite 1.0.0.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "fat-rat-collect 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formality 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "formality 1.5.8 Unauthenticated.Local.File.Inclusion CRITICAL" "fluentform 6.0.3 Contributor+.Stored.XSS MEDIUM" "fluentform 6.0.0 IP-Spoofing MEDIUM" "fluentform 5.2.7 Unauthenticated.Stored.XSS.via.Form.Subject HIGH" "fluentform 5.2.1 Admin+.Stored.XSS LOW" "fluentform 5.1.20 Form.Manager+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "footer-flyout-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "frndzk-expandable-bottom-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.text.Parameter MEDIUM" "feedblitz-email-subscription No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fraudlabs-pro-for-woocommerce 2.22.12 Missing.Authorization MEDIUM" "fraudlabs-pro-for-woocommerce 2.22.9 Stored.XSS.via.CSRF HIGH" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "fomo-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "flexmls-idx 3.14.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexmls-idx 3.14.28 Unauthenticated.PHP.Object.Injection CRITICAL" "flexmls-idx 3.14.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.API.parameters MEDIUM" "flexmls-idx 3.14.23 Reflected.Cross-Site.Scripting MEDIUM" "font-awesome-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "frontend-login-and-registration-blocks No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "frontend-login-and-registration-blocks No.known.fix Subscriber+.Privilege.Escalation.via.Password.Reset HIGH" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "folder-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filled-in 1.9.3 Stored.XSS.via.CSRF HIGH" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "flickr-shortcode-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "front-end-post-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formidable 6.16.2 Reflected.Cross-Site.Scripting.via.Custom.HTML.Form.Parameter MEDIUM" "formidable 6.14.1 Admin+.Stored.XSS LOW" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "fotomoto No.known.fix Reflected.XSS HIGH" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "frizzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "f12-profiler 1.4.0 Settings.Update.via.CSRF MEDIUM" "full-customer 3.1.26 3.1.25.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "full-customer 3.1.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "full-customer 3.1.23 Reflected.Cross-Site.Scripting MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-upload-types 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "favicon-my-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fb-reviews-widget 2.4 Missing.Authorization MEDIUM" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "filestack-upload 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "formlift 7.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "fast-video-and-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "foogallery 2.4.30 Insecure.Direct.Object.Reference.to.Authenticated.(Custom+).Arbitrary.Post/Page.Updates MEDIUM" "foogallery 2.4.30 Authenticated.(Custom+).Stored.Cross-Site.Scripting.via.Album.Title.Size MEDIUM" "foogallery 2.4.30 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin..FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "frontpage-category-filter No.known.fix Cross-Site.Request.Forgery MEDIUM" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "flipping-cards 1.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "featured-posts-grid No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "fontawesomeio-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "featured-image-pro 5.15 Reflected.XSS HIGH" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-action-buttons 1.0.1 Missing.Authorization MEDIUM" "frontend-dashboard 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "frontend-dashboard 2.2.8 2.2.7.-.Subscriber+.Privilege.Escalation.via.fed_admin_setting_form_function.Function HIGH" "frontend-dashboard 2.2.8 2.2.7.-.Subscriber+.Account.Takeover/Privilege.Escalation.via.ajax_request.Function HIGH" "frontend-dashboard 2.2.7 2.2.6.-.Unauthenticated.Privilege.Escalation.via.fed_wp_ajax_fed_login_form_post.Function CRITICAL" "frontend-dashboard 2.2.6 Unauthenticated.SQL.Injection HIGH" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "foogallery-captions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fundpress 2.0.7 Unauthenticated.PHP.Object.Injection HIGH" "fd-elementor-button-plus No.known.fix Contributor+.Stored.XSS MEDIUM" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "free-download-manager No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "fare-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fat-coming-soon No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "feed-changer 0.3 Admin+.Stored.XSS LOW" "fpw-category-thumbnails No.known.fix Missing.Authorization MEDIUM" "fediverse-embeds 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "facebook-conversion-pixel 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fat-services-booking No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-services-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fat-services-booking No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fat-services-booking No.known.fix Unauthenticated.SQL.Injection HIGH" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "flashfader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faq-and-answers 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formcraft3 3.9.12 Missing.Authorization.to.Plugin.Data.Export.in.formcraft-main.php MEDIUM" "formcraft3 3.9.12 Premium.WordPress.Form.Builder.<.3.9.12.-.Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "flexidx-home-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fwdmsp 8.0 Unauthenticated.Arbitrary.File.Read/Download HIGH" "floatbox-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fluent-support 1.8.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "fluent-support 1.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fluent-support 1.8.1 Insufficient.Authorization.on.Email.Verification MEDIUM" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "filester 1.8.9 Administrator+.Arbitrary.File.Upload MEDIUM" "filester 1.8.7 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "filester 1.8.6 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "filester 1.8.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "flashnews-fading-effect-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "fx-calculators 1.3.8 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "fx-calculators 1.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "facturante No.known.fix Unauthenticated.SQL.Injection HIGH" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "formafzar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "flagged-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "fish-and-ships 1.6 Reflected.Cross-Site.Scripting MEDIUM" "foliopress-wysiwyg No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "fiverr-official-search-box No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "floating-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flatty-flat-admin-theme No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "flynax-bridge No.known.fix Unauthenticated.Arbitrary.User.Deletion MEDIUM" "flynax-bridge No.known.fix Unauthenticated.Limited.Privilege.Escalation HIGH" "flynax-bridge No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "flynax-bridge No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Update CRITICAL" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "find-content-ids No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "fv-wordpress-flowplayer 7.5.48.7212 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export MEDIUM" "file-manager-advanced 5.3.2 Missing.Authorization.to.Notice.Dismisaal NONE" "file-manager-advanced 5.3.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "file-manager-advanced 5.2.14 5.2.13.-.Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.11 Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Limited.File.Upload MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.fma_locale MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-contact 2.8 Admin+.Stored.XSS LOW" "find-your-reps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "fs-poster 7.1.8 Missing.Authorization MEDIUM" "fs-poster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fs-poster No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "fs-poster No.known.fix Cross-Site.Request.Forgery MEDIUM" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "f4-improvements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "full-screen-page-background-image-slideshow No.known.fix Admin+.Stored.XSS LOW" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "flags-widget No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fence-url No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "foogallery-premium 2.4.27 Authenticated.(Contributor+).Directory.Traversal HIGH" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "flexo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-by-made-it 2.8.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "fm-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "fw-food-menu No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "front-end-only-users No.known.fix Unauthenticated.Information.Exposure MEDIUM" "front-end-only-users No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "front-end-only-users No.known.fix Authenticated.(Admin+).SQL.injection MEDIUM" "front-end-only-users No.known.fix Reflected.XSS HIGH" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.forgot-password.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "forminator 1.44.2 Contributor+.Stored.DOM-Based.XSS.via.id.and.data-size.Parameters MEDIUM" "forminator 1.42.1 Contributor+.Stored.XSS.via.'limit' MEDIUM" "forminator 1.42.1 Order.Replay.Vulnerability MEDIUM" "forminator 1.39.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "forminator 1.38.3 Reflected.XSS.via.Title.Parameter HIGH" "forminator 1.38.3 Admin+.Stored.XSS LOW" "forminator 1.36.1 Unauthenticated.Arbitrary.Quiz.Submissions.Update MEDIUM" "forminator 1.36.0 Missing.Authorization.to.Authenticated.(Contributor+).Form.Update.and.Creation HIGH" "forminator 1.36.0 Draft.Quiz.Creation.via.CSRF MEDIUM" "forminator 1.36.0 Draft.Custom.Form.Creation.via.CSRF MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.20.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "fresh-framework No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "fresh-framework No.known.fix Missing.Authorization MEDIUM" "fast-ebay-listings 2.12.16 Open.Redirect MEDIUM" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "file-manager-advanced-shortcode No.known.fix Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.Shortcode HIGH" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "flo-forms No.known.fix Missing.Authorization MEDIUM" "flo-forms 1.0.43 Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "firsth3tagadsense No.known.fix Missing.Authorization MEDIUM" "file-manager 6.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Uploads MEDIUM" "file-manager 6.5.8 Authenticated.(Subscriber+).Limited.JavaScript.File.Upload MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "floating-social-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "feed-comments-number No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "fw-gallery No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF MEDIUM" "feather-login-page 1.1.2 Missing.Authorization.to.Non-Arbitrary.User.Deletion HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "featured-image-plus 1.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Featured.Image.Update MEDIUM" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "fyrebox-shortcode No.known.fix Stored.XSS.via.CSRF HIGH" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "full-circle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fancy-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "fix-rss-feed No.known.fix Cross-Site.Request.Forgery MEDIUM" "file-away No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "file-away No.known.fix Missing.Authorization.to.Unauthenticated.File.Upload.via.upload.Function CRITICAL" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "featured-product-by-category-name No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Cross-Site.Request.Forgery MEDIUM" "flat-ui-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.flatbtn.Shortcode MEDIUM" "formaloo-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "gdpr-framework 2.2.0 Admin+.Stored.XSS LOW" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "greencon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "gumlet-video 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "googl-url-shorter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "genki-announcement No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "gs-projects 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "goqsmile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gloria-assistant-by-webtronic-labs No.known.fix Cross-Site.Request.Forgery MEDIUM" "gdy-modular-content 0.9.93 Reflected.Cross-Site.Scripting MEDIUM" "green-money-payment-gateway 3.0.10 3.0.9.-.Unauthenticated.Information.Exposure MEDIUM" "gs-portfolio 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gdpr-cookie-notice No.known.fix Missing.Authorization MEDIUM" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gf-salesforce-crmperks No.known.fix Open.Redirect MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "giveaway-boost No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "gift-cards-for-woocommerce-pro 2.9.2 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "gmo-social-connection No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-distance-calculator 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks 3.1.4 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "google-maps-travel-route No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "git-sync No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "gravatarlocalcache No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "greek-multi-tool 2.3.2 Missing.Authorization MEDIUM" "greek-multi-tool 2.3.2 Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "glofox-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "glomex-oembed 0.9.2 Contributor+.Stored.XSS MEDIUM" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gt-tabs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "greek-namedays-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-accordion-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-woo-brands 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "get-post-content-shortcode No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.post_content.Shortcode MEDIUM" "gulri-slider 3.5.9 Reflected.Cross-Site.Scripting MEDIUM" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-cse No.known.fix Admin+.Stored.XSS LOW" "gutentor 3.4.7 Admin+.SQL.Injection MEDIUM" "gutentor 3.4.4 Contributor+.Stored.XSS MEDIUM" "gutentor 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gs-instagram-portfolio No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Injection MEDIUM" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "gutenkit-blocks-addon 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenkit-blocks-addon 2.1.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-map-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "gallerio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallerio No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "guten-post-layout 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "gna-search-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "getresponse 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "generateblocks 2.0.0 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.'get_image_description' MEDIUM" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gutenify No.known.fix Contributor+.Stored.XSS MEDIUM" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gs-coach 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "google-listings-and-ads 2.8.7 Information.Disclosure.via.Publicly.Accessible.PHP.Info.File MEDIUM" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "glance-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gnucommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gnucommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "gdpr-compliant-recaptcha-for-all-forms 4.1.2 Cross-Site.Request.Forgery MEDIUM" "gtm-server-side 2.1.20 Reflected.Cross-Site.Scripting MEDIUM" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-captcha 1.79 CAPTCHA.Bypass MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gs-logo-slider 3.7.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "gs-logo-slider 3.7.1 Settings.Update.via.Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "gravityforms 2.9.2 2.9.1.3.-.Unauthenticated.Stored.Cross-Site.Scripting.via.'style_settings'.parameter MEDIUM" "gravityforms 2.9.2 Unauthenticated.Stored.Cross-Site.Scripting.via.'alt'.parameter HIGH" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "giveaways-contests-by-promosimple No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "get-bookings-wp No.known.fix Missing.Authorization MEDIUM" "get-bookings-wp No.known.fix Appointments.&.Bookings.Plugin.Basic.Version.<=.1.1.27.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "globe-gateway-e4 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "gs-dribbble-portfolio 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graceful-email-obfuscation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "genesis-style-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goodbarber 1.0.27 Open.Redirect MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Access.Code.Update.via.CSRF MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "gf-salesmate-add-on 2.0.4 Missing.Authorization MEDIUM" "gf-salesmate-add-on 2.0.4 Unauthenticated.SQL.Injection HIGH" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "gb-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gb-gallery-slideshow No.known.fix Missing.Authorization MEDIUM" "geo-my-wp 4.5.1 Missing.Authorization.via.get_field_options_ajax MEDIUM" "geo-my-wp 4.5 Admin+.Arbitrary.File.Upload MEDIUM" "geo-my-wp 4.5.0.4 Reflected.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "gdpr-personal-data-reports No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdlr-hotel No.known.fix Unauthenticated.SQL.Injection HIGH" "gdlr-hotel No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gdlr-hotel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "go-to-top No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-seo-author-snippets No.known.fix Cross-Site.Request.Forgery MEDIUM" "google-seo-author-snippets No.known.fix Missing.Authorization MEDIUM" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "google-typography No.known.fix Missing.Authorization MEDIUM" "giga-messenger-bots No.known.fix Reflected.XSS HIGH" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "gboy-custom-google-map No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "good-url-preview-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "graphicsly No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "googleanalytics No.known.fix Cross-Site.Request.Forgery MEDIUM" "googleanalytics 3.2.2 Missing.Authorization.to.Unauthenticated.Feature.Deactivation MEDIUM" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goodlayers-core 2.1.3 Subscriber+.Stored.XSS.via.SVG.Upload HIGH" "goodlayers-core 2.0.10 Contributor+.Stored.XSS MEDIUM" "goodlayers-core 2.0.8 Reflected.Cross-Site.Scripting.via.'font-family' MEDIUM" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gutenium No.known.fix Contributor+.Stored.XSS MEDIUM" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-tools No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-forminator 1.0.13 Reflected.XSS HIGH" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "game-review-block 4.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "gs-books-showcase 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "graph-lite No.known.fix Missing.Authorization MEDIUM" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "google-plus-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "genoo 6.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "gdlr-hostel No.known.fix Unauthenticated.SQL.Injection HIGH" "gdlr-hostel No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gdlr-hostel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "golf-tracker No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "greenshift-animation-and-page-builder-blocks 11.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 11.4.6 11.4.5.-.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 10.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Server-Side.Request.Forgery.and.Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.9.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "greenshift-animation-and-page-builder-blocks 9.8 Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-font-fix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-maps-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-voucher 4.5.0 Missing.Authorization.to.Unauthenticated.Price,.Date,.and.Note.Updates MEDIUM" "gift-voucher 4.4.5 Author+.Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "gf-excel-import 1.18.1 Reflected.Cross-Site.Scripting HIGH" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "go-social No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "giveasap No.known.fix Cross-Site.Request.Forgery MEDIUM" "giveasap 2.48.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "grid-plus No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.via.grid_plus_load_by_category HIGH" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "googledrive-folder-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "google-maps-gpx-viewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gmap-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "gallery-for-ultimate-member No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "gallery-for-ultimate-member 1.1.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gallery-for-ultimate-member 1.1.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gallery-for-ultimate-member 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "goodlayers-blocks 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gf-dynamics-crm 1.1.5 Open.Redirect MEDIUM" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "glossy No.known.fix Reflected.XSS HIGH" "glasses-for-woocommerce No.known.fix Reflected.Cross-Site.Scipting MEDIUM" "guitar-tuner No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutensee 1.0.7 Contributor+.Stored.XSS MEDIUM" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "geoflickr 1.4 Reflected.Cross-Site.Scripting MEDIUM" "gp-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "grey-owl-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gmap-point-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "geo-targetly-geo-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "get-a-quote-button-for-woocommerce 1.5 Unauthenticated.Arbitrary.Shortcode.Execution.via.fire_contact_form HIGH" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "geodatasource-country-region-dropdown 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-plus-share-and-plusone-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "good-old-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-map-professional No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-map-professional No.known.fix Reflected.XSS HIGH" "google-visualization-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gravityformswebhooks 1.7.0 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "gaxx-keywords No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting HIGH" "gnupress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.9.15 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_prompts HIGH" "gpt3-ai-content-generator 1.8.97 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_ai_forms HIGH" "gpt3-ai-content-generator 1.8.90 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "getsocial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "gdpr-consent-manager 1.0.1 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "g5plus-auteur No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "g5plus-auteur No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "g5plus-auteur No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gs-woo-variation-swatches 3.0.5 Missing.Authorization MEDIUM" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-styles 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "getshop-ecommerce No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "groundhogg 4.1.2 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "groundhogg 4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.label.Parameter MEDIUM" "groundhogg 3.7.3.6 Authenticated.(Author+).Arbitrary.File.Upload.via.gh_big_file_upload.Function HIGH" "groundhogg 3.7.3.4 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 2.0.9.11 Authenticated.Reflected.XSS HIGH" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-videos 2.4.3 Authenticated.(Administrator+).SQL.Injection HIGH" "gallery-videos 2.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "geoportail-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "gallery-images-ape No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "gift-message-for-woocommerce 1.7.9 Cross-Site.Request.Forgery MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "gift-certificate-creator No.known.fix Reflected.Cross-Site.Scripting.via.receip_address.Parameter MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "gd-rating-system 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.extra_class.Parameter MEDIUM" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "give-donation-modules-for-divi 2.0.1 Sensitive.Information.Dislcosure MEDIUM" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "globalquran No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "gtm-kit 2.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gmapsmania No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gallery-voting 1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.4 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-transliteration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gianism 5.2.1 Admin+.Stored.XSS LOW" "gatormail-smart-forms 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gold-addons-for-elementor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).License.Activation/Deactivation MEDIUM" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "guten-free-options No.known.fix Reflected.XSS HIGH" "guten-free-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gutena-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gn-publisher 1.5.6 Reflected.XSS HIGH" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-docs-rsvp-guestlist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "g-meta-keywords No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gap-hub-user-role No.known.fix Cross-Site.Request.Forgery MEDIUM" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "global-shop-discount-for-woocommerce 2.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-and-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gmaps-for-visual-composer-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "ganohrs-toggle-shortcode 0.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "google-news No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "generate-post-thumbnails No.known.fix Cross-Site.Request.Forgery MEDIUM" "gs-pinterest-portfolio 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "googlemapper-2 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-meta-keyword-and-description No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "global-payments-woocommerce 1.13.3 Reflected.XSS HIGH" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gearside-developer-dashboard No.known.fix Reflected.XSS HIGH" "gravity-forms-toolbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gamipress 7.4.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "gamipress 7.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_do_shortcode().Function HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_ajax_get_logs.Function HIGH" "gamipress 7.3.2 Unauthenticated.SQL.Injection.via.orderby.Parameter HIGH" "gamipress 7.1.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_get_user_earnings HIGH" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenbergs.wordpress/url.package MEDIUM" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "guild-armory-roster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "gutenverse 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.countdown.Block MEDIUM" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "global-translator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "global-translator No.known.fix Cross-Site.Request.Forgery MEDIUM" "gallery 2.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gym-management No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "gym-management No.known.fix Unauthenticated.SQL.Injection HIGH" "gym-management 67.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gym-management 67.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "gotcha-gesture-based-captcha No.known.fix Reflected.Cross-Site.Scripting.via.menu.Parameter MEDIUM" "goanimate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "geodigs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "garden-gnome-package 2.4.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "garden-gnome-package 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "getwid-megamenu 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "gdpr-cookie-consent 3.8.1 Cross-Site.Request.Forgery MEDIUM" "gdpr-cookie-consent 3.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Whitelist.Script MEDIUM" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gs-testimonial 3.3.1 Missing.Authorization MEDIUM" "gs-testimonial 3.3.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "global-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-gallery 9.1.6 WordPress.Responsive.Gallery.<.9.1.6.-.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.12 Google.Website.Translator.<.1.4.12.-.Authenticated.(Admin+).PHP.Object.Injection CRITICAL" "google-org-chart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "green-wp-telegram-bot-by-teplitsa No.known.fix Telegram.Bot.for.WP.<=.1.3.-.Telegram.Bot.Token.Disclosure HIGH" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "gf-custom-style No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed 1.2.5 Unauthenticated.Settings.Update MEDIUM" "gf2pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gp-back-to-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "geocache-stat-bar-widget No.known.fix Admin+.Stored.XSS LOW" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "gou-wc-account-tabs 1.0.1.9 Missing.Authorization MEDIUM" "gf-multi-uploader 1.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "geodirectory 2.8.120 Contributor+.Stored.XSS MEDIUM" "geodirectory 2.8.98 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Display_name.Parameter MEDIUM" "geodirectory 2.3.85 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "geolocator No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-analytics-dashboard-for-wp 8.2.0 Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "gpp-slideshow No.known.fix Missing.Authorization MEDIUM" "gmw-premium-settings 3.1 Admin+.Arbitrary.File.Upload MEDIUM" "gmo-font-agent No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "goldstar No.known.fix Missing.Authorization MEDIUM" "graphina-elementor-charts-and-graphs 3.0.5 Missing.Authorization MEDIUM" "graphina-elementor-charts-and-graphs 3.0.5 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gtbabel 6.6.9 Unauthenticated.Admin.Account.Takeover HIGH" "gtpayment-donation No.known.fix Stored.XSS.via.CSRF HIGH" "give 4.3.1 Missing.Authorization.To.Authenticated.(Contributor+).Campaign.Data.View.And.Modification MEDIUM" "give 3.22.2 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "give 3.22.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Earning.Reports.Disclosure.via.give_reports_earnings.Function MEDIUM" "give 3.20.0 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.19.3 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.4 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.0 Reflected.XSS HIGH" "give 3.16.4 Unauthenticated.PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "give 3.16.2 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.16.2 Authenticated.(GiveWP.Manager+).SQL.Injection.via.order.Parameter MEDIUM" "give 3.16.0 Cross-Site.Request.Forgery MEDIUM" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "gt3-photo-video-gallery 2.7.7.26 Contributor+.Stored.XSS MEDIUM" "gt3-photo-video-gallery 2.7.7.25 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.25.-.Reflected.Cross-Site.Scripting MEDIUM" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "gerryworks-post-by-mail No.known.fix Contributor+.Privilege.Escalation HIGH" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "geo-mashup 1.13.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.geo_mashup_visible_posts_list.Shortcode MEDIUM" "geo-mashup 1.13.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "group-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gf-constant-contact No.known.fix Open.Redirect HIGH" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "google-maps-easy 1.11.19 Author+.XML.Entity.Injection MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "google-1 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "google-drive-wp-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "guardgiant No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 5.0.06 XSS MEDIUM" "goqmieruca No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "gravity-forms-css-themes-with-fontawesome-and-placeholder-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gf-zendesk 1.1.3 Open.Redirect MEDIUM" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "gpx-viewer 2.2.12 Editor+.Path.Traversal LOW" "gpx-viewer 2.2.10 Subscriber+.Arbitrary.File.Creation HIGH" "get-a-quote-for-woocommerce No.known.fix Unauthenticated.Quote.PDF.and.CSV.Download MEDIUM" "google-earth-tours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gantry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "getwid 2.0.12 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "getwid 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "grandconference No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "getastra No.known.fix Missing.Authorization MEDIUM" "google-news-editors-picks-news-feeds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "google-map-on-postpage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.7.2 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Cross-Site.Request.Forgery.(CSRF) CRITICAL" "grid-view-gallery No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "gtg-advanced-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gd-mail-queue 4.4 CVE-2025-24608 MEDIUM" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "go-sphinx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "gallery-lightbox-slider 1.0.0.41 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "hide-shipping-method-for-woocommerce 1.5.2 Missing.Authorization MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "hacklog-remote-attachment No.known.fix Cross-Site.Request.Forgery MEDIUM" "hotlink2watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "hoo-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "hash-elements 1.5.1 Contributor+.Stored.XSS MEDIUM" "hash-elements 1.4.8 Missing.Authorization.to.Unauthenticated.Draft.Post.Title.Exposure MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hyp3rl0cal-city-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hebrewdates 2.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ht-builder 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "houzez-login-register 3.3.0 Subscriber+.Privilege.Escalation.via.Account.Takeover HIGH" "horizontal-scroll-image-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hslide No.known.fix WordPress.Slider.Plugin.<=.1.3.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "hyve-lite 1.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "header-footer 3.3.1 Authenticated.(Administrator+).PHP.Code.Injection.in.Multisite.Environments MEDIUM" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "header-footer-elementor 1.6.47 Contributor+.Stored.XSS.via.Page.Title.Widget MEDIUM" "header-footer-elementor 1.6.46 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "header-footer-elementor 1.6.44 Authenticated.(Contributor+).Information.Disclosure.via.Shortcode MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "hide-my-wp 5.4.02 Unauthenticated.Local.File.Inclusion HIGH" "hide-my-wp 5.4.02 Unauthenticated.Limited.File.Read MEDIUM" "hide-my-wp 5.4.01 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.3.02 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "hola-free-video-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "htaccess-login-block No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hack-info 3.18 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "html5-video-player 2.5.36 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.heading.Parameter MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "ht-contactform 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "hashtagger No.known.fix Missing.Authorization MEDIUM" "happyforms 1.26.3 Admin+.Stored.XSS LOW" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "hospital-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "hospital-management No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "hospital-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hospital-management No.known.fix Unauthenticated.SQL.Injection HIGH" "hospital-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "hospital-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hits-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "hero-banner-ultimate No.known.fix Author+.Local.File.Inclusion HIGH" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "help-scout 6.5.7 Missing.Authorization MEDIUM" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "hello-world 2.2.0 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "heartland-management-terminal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "house-manager No.known.fix Reflected.XSS HIGH" "hash-form 1.2.9 Cross-Site.Request.Forgery MEDIUM" "hash-form 1.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Form.Style.Creation MEDIUM" "hash-form 1.2.0 Drag.&.Drop.Form.Builder.<.1.2.0.-.Unauthenticated.Limited.File.Upload MEDIUM" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hydra-booking 1.1.11 Authenticated.(Contributor+).SQL.Injection MEDIUM" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "hacklog-downloadmanager No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "history-collection No.known.fix Arbitraty.File.Download HIGH" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "html5-chat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "halfdata-optin-downloads No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hunk-companion 1.9.0 Unauthenticated.Plugin.Installation CRITICAL" "hunk-companion 1.8.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "helpgent No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "hide-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "huurkalender-wp 1.6.0 Contributor+.Stored.XSS MEDIUM" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "haxcan No.known.fix CSRF.Bypass MEDIUM" "header-footer-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.9 Admin+.Stored.XSS LOW" "hostel 1.1.5.8 Reflected.XSS MEDIUM" "hostel 1.1.5.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "hostel 1.1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "html5-virtual-classroom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "helloasso 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hide-category-by-user-role-for-woocommerce 2.2 Subscriber+.Arbitrary.Content.Deletion MEDIUM" "hive-support No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.hs_update_ai_chat_settings.and.hive_lite_support_get_all_binbox HIGH" "hive-support No.known.fix Cross-Site.Request.Forgery.via.hs_update_ai_chat_settings.Function MEDIUM" "hive-support No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "hive-support 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "hive-support No.known.fix Subscriber+.Stored.XSS HIGH" "hive-support 1.2.6 Missing.Authorization MEDIUM" "hive-support 1.2.6 Missing.Authorization MEDIUM" "hive-support 1.1.7 Missing.Authorization MEDIUM" "hive-support 1.1.3 Cross-Site.Request.Forgery MEDIUM" "hive-support 1.1.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hive-support 1.1.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hover-video-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "history-log-by-click5 No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "history-log-by-click5 No.known.fix Unauthenticated.SQL.Injection HIGH" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hipaatizer 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hello-in-all-languages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "hm-testimonial 1.5 Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotspots No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hesabfa-accounting 2.2.0 Cross-Site.Request.Forgery MEDIUM" "hesabfa-accounting 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "highlight 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "ht-team-member 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-team-member 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htteamember.Shortcode MEDIUM" "hq-rental-software No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "happy-elementor-addons 3.16.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.15.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison MEDIUM" "happy-elementor-addons 3.12.4 Missing.Authorization MEDIUM" "happy-elementor-addons 3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "hypotext No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "history-timeline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hls-player 1.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hover-image-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hm-cool-author-box-widget 3.0.1 Cross-Site.Request.Forgery MEDIUM" "hm-cool-author-box-widget 3.0.0 Missing.Authorization MEDIUM" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "hq60-fidelity-card No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ht-mega-for-elementor 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.8.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget HIGH" "ht-mega-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block_css.and.inner_css MEDIUM" "ht-mega-for-elementor 2.6.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.template_id MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "hack-me-if-you-can No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "html5-video-player-with-playlist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Directory.Deletion MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmapsprem No.known.fix Customizable.Google.Maps.Plugin.<=.2.3.9.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hb-audio-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html-forms 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html-forms 1.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "html-forms 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "html5-lyrics-karaoke-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "happiness-reports-for-help-scout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hockeydata-los No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "hide-links No.known.fix Unauthenticated.Shortcode.Execution MEDIUM" "horizontal-line-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "hms-testimonials 2.0.11 CSRF MEDIUM" "hide-it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hostfact-bestelformulier-integratie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hitpay-payment-gateway 4.1.4 Information.Exposure.via.Log.Files MEDIUM" "heat-trackr 1.01 XSS MEDIUM" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "helloprint 2.1.0 Subscriber+.Arbitrary.File.Deletion HIGH" "helloprint 2.1.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "helloprint 2.0.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "header-images-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "hmh-footer-builder-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hot-random-image 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link.Parameter MEDIUM" "hot-random-image 1.9.3 Path.Traversal.to.Authenticated.(Contributor+).Limited.Arbitrary.Image.Access.via.path.Parameter MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hacklog-remote-image-autosave No.known.fix Cross-Site.Request.Forgery MEDIUM" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "h5pxapikatchu 0.4.15 Missing.Authorization MEDIUM" "hurrakify 8.0.1 Unauthenticated.Server-Side.Request.Forgery HIGH" "hd-quiz-save-results-light 0.6 Missing.Authorization MEDIUM" "hestia-nginx-cache 2.4.1 Missing.Authorization MEDIUM" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hr-management-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "hss-embed-streaming-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "hurrytimer 2.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Name MEDIUM" "hurrytimer 2.11.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Publication MEDIUM" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "houzez-property-feed 2.5.5 Unauthenticated.Arbitrary.File.Download HIGH" "houzez-property-feed 2.4.22 Cross-Site.Request.Forgery.to.Property.Feed.Export.Deletion MEDIUM" "hamburger-icon-menu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hd-quiz 2.0.0 Editor+.Stored.XSS LOW" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "horoscope-and-tarot 1.3.1 Contributor+.Stored.XSS MEDIUM" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.36 Authentication.Bypass HIGH" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "host-php-info No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "hybrid-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "htaccess-file-editor 1.0.20 Unauthenticated.Information.Exposure MEDIUM" "htaccess-file-editor 1.0.19 Missing.Authorization MEDIUM" "hello-event-widgets-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hypercomments No.known.fix Unauthenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation.in.homey_register CRITICAL" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "hm-portfolio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "ht-event No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.HT.Event:.Sponsor MEDIUM" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "https-links-in-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "helpie-faq 1.28 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "hyperlink-group-block 2.0.2 Contributor+.Stored.XSS MEDIUM" "hyperlink-group-block 1.17.6 Contributor+.Stored.XSS MEDIUM" "hrm 2.2.6 Multiple.Issues HIGH" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "ideapush 8.73 Missing.Authorization MEDIUM" "ideapush 8.72 Missing.Authorization.to.Board.Term.Deletion MEDIUM" "ideapush 8.71 Cross-Site.Request.Forgery MEDIUM" "ideapush 8.69 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "intelly-welcome-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "instagram-feed 6.9.1 Contributor+.Stored.XSS.via.'data-plugin'.Attribute MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "igumbi-online-booking 1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "indeed-api No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "infocob-crm-forms 2.4.1 Authenticated.(Editor+).Arbitrary.File.Download MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "i-plant-a-tree 1.7.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "i-plant-a-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-widget 4.4.11 Admin+.Stored.XSS LOW" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ibryl-switch-user No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "import-users-from-csv-with-meta 1.27.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "import-users-from-csv-with-meta 1.27.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "image-horizontal-reel-scroll-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-upload-for-bbpress 1.1.20 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "integrate-firebase 0.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "import-facebook-events 1.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-uk-map 3.4.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ip2location-world-clock 1.1.10 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon-list-block 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "image-gallery-box-by-crudlab No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "interactive-page-hierarchy No.known.fix Missing.Authorization MEDIUM" "instant-chat-wp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "image-hover-effects-elementor-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ip-based-login 2.4.1 Log.Deletion.via.CSRF MEDIUM" "ip-based-login 2.4.1 Admin+.Stored.XSS LOW" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "instant-appointment No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "instant-appointment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Unauthenticated.SQL.Injection HIGH" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "icafe-library No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "import-eventbrite-events 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "info-cards 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insert-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "ip-locator 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Reflected.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "indeed-wp-superbackup 2.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "indeed-wp-superbackup 2.4 Missing.Authorization MEDIUM" "indeed-wp-superbackup 2.4 Missing.Authorization.to.Unauthenticated.Back-Up.File.Download HIGH" "indeed-wp-superbackup 2.4 Migrate.for.WordPress.<.2.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "ipblocklist No.known.fix CSRF MEDIUM" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "image-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "internal-link-shortcode No.known.fix Unauthenticated.SQL.Injection HIGH" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "imagenius No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "idsk-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "insert-headers-and-footers-script 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "import-export-for-woocommerce No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "import-export-for-woocommerce No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "icons-enricher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "iwp-client 1.13.1 Unauthenticated.Limited.Directory.Traversal.to.Arbitrary..txt.File.Reading MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-users-to-mailchimp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-web-tracker No.known.fix Cross-Site.Request.Forgery MEDIUM" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "interactive-us-map No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "inline-text-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-web-form-javascript No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-wall 3.1 Reflected.Cross-Site.Scripting MEDIUM" "image-resizer-on-the-fly No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "integrations-of-zoho-crm-with-elementor-form No.known.fix Open.Redirect MEDIUM" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-map-of-africa No.known.fix Cross-Site.Request.Forgery MEDIUM" "indeed-learning-pro No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "image-mapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "images-optimize-and-upload-cf7 2.2.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "icegram 3.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.32 Author+.Stored.XSS MEDIUM" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "infinite-scroll No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "include-url No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "include-url No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "increase-sociability No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS LOW" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS.via.Widgets LOW" "instagram-slider-widget 2.2.5 Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "intelliwidget-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "integration-of-zoho-crm-and-contact-form-7 No.known.fix Open.Redirect MEDIUM" "indieblocks 0.13.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.kind.Parameter MEDIUM" "indieblocks 0.13.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "inline-footnotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ithemelandco-woo-report 1.5.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "insert-or-embed-articulate-content-into-wordpress No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.30000000254.3000000025 Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000025 Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ione360-configurator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "infility-global No.known.fix Subscriber+.SQL.Injection HIGH" "infility-global 2.9.9 Reflected.XSS HIGH" "infility-global 2.9.9 Reflected.XSS.via.set_type.Parameter HIGH" "infility-global 2.9.9 Subscriber+.Plugin.Settings.Update MEDIUM" "instabot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "intelly-posts-footer-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "intelly-posts-footer-manager 2.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-spreadsheets-from-microsoft-excel 10.1.5 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "instantio 3.3.17 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "instantio 1.2.6 CSRF.Bypass MEDIUM" "iframe-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms 2.0.2 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "infusionsoft-official-opt-in-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "infusionsoft-official-opt-in-forms 1.0.12 Admin+.Stored.XSS LOW" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "import-external-images No.known.fix CSRF MEDIUM" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "ip2location-country-blocker 2.38.9 Unauthenticated.Information.Disclosure MEDIUM" "ip2location-country-blocker 2.38.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "iamport-payment No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "image-content-show-hover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iamport-for-woocommerce 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "inline-tweets No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "irm-newsroom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmcalendarview'.Shortcode MEDIUM" "irm-newsroom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmeventlist'.Shortcode MEDIUM" "irm-newsroom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmflat'.Shortcode MEDIUM" "ims-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iksweb 3.8 Admin+.Stored.XSS LOW" "incredible-font-awesome No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "ia-map-analytics-basic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-entre-eduzz-e-wc-powers No.known.fix 1.7.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "in-stock-mailer-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ink-official No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "integration-dynamics 1.3.24 Contributor+.RCE.and.Arbitrary.File.Read CRITICAL" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "image-source-control-isc 2.28.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.29.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "igit-related-posts-with-thumb-images-after-posts No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ibtana-visual-editor No.known.fix Contributor+.Stored.XSS MEDIUM" "ibtana-visual-editor 1.2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "ip-loc8 No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inet-webkit 1.2.3 Missing.Authorization MEDIUM" "if-menu 0.19.2 Missing.Authorization.to.License.Key.Update MEDIUM" "info-boxes-shortcode-and-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "imagemeta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "icon-widget-with-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "interview No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "interactive-uk-regional-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "internal-links-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "idonate No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "idonate 2.0.0 Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "immotoolbox-connect 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "ideal-wp-login-logo-changer 1.1.8 Cross-Site.Request.Forgery MEDIUM" "iphone-webclip-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "improved-sale-badges-free-version No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "icestats No.known.fix Cross-Site.Request.Forgery MEDIUM" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-html-here No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-export-with-custom-rest-api No.known.fix 2.0.3.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.process_handler.Function CRITICAL" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "intelly-related-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "image-magnify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-redirection 1.33.4 Missing.Authorization.to.Unauthenticated.Settings.Export MEDIUM" "ifolders 1.5.1 Admin+.XSS MEDIUM" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "iworks-pwa 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "image-export No.known.fix Directory.Traversal CRITICAL" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "if-so 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "if-so 1.9.2.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.8.0.3 Contributor+.Shortcode.Stored.XSS MEDIUM" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "images-optimizer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "interactive-geo-maps 1.6.25 Reflected.Cross-Site.Scripting HIGH" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inlinkz-scripter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "iteras 1.8.1 Stored.XSSS.via.CSRF HIGH" "ie-css3-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this 3.9.1 CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "image-alt-text 3.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Image.Alt.Text.Update MEDIUM" "idraw No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "icegram-rainmaker 1.3.19 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "inline-svg-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "integration-for-contact-form-7-and-google-sheets 1.1.0 Cross-Site.Request.Forgery MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.16.16 Lite.Edition.<.1.16.16.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.style.and.mode.Parameters MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "ibuildapp No.known.fix Reflected.XSS HIGH" "ider-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iconize No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "insert-php 2.5.1 Woody.code.snippets..Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php 2.5.1 Admin+.Stored.XSS MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "instawp-connect 0.1.0.86 Unauthenticated.Local.PHP.File.Inclusion HIGH" "instawp-connect 0.1.0.83 Unauthenticated.Local.File.Inclusion CRITICAL" "instawp-connect 0.1.0.84 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indeed-membership-pro 12.8 Unauthenticated.PHP.Object.Injection HIGH" "indeed-membership-pro 12.8 Unauthenticated.Privilege.Escalation CRITICAL" "indeed-membership-pro 12.8 Reflected.Cross-Site.Scripting HIGH" "ig-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-variables 2.9.6 Cross-Site.Request.Forgery MEDIUM" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "inlocation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "inprosysmedia-likes-dislikes-post No.known.fix Unauthenticated.SQL.Injection HIGH" "inprosysmedia-likes-dislikes-post No.known.fix Unauthenticated.SQL.Injection HIGH" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "insertify No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "ics-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-file No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "include-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "improve-my-city No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "isee-products-extractor 2.1.4 .Reflected.Cross-Site.Scripting HIGH" "increase-upload-file-size-maximum-execution-time-limit 3.0 Reflected.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.17 Reflected.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "idealien-category-enhancements No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infinite-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-maps 0.99 Cross-Site.Request.Forgery MEDIUM" "instantsearch-for-woocommerce 3.0.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "internal-link-finder 5.1.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "internal-link-finder 5.1.3 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "include-mastodon-feed 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-mastodon-feed 1.9.6 Contributor+.Stored.XSS MEDIUM" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "image-classify No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "imithemes-listing 3.4 Unauthenticated.Privilege.Escalation.via.Unverified.Password.Reset CRITICAL" "issuupress No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "interactive-map-of-florida No.known.fix Missing.Authorization MEDIUM" "imbachat-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "intelligent-importer 5.1.4 Reflected.Cross-Site.Scripting MEDIUM" "ignitiondeck 1.10.0 Missing.Authorization MEDIUM" "invoice-payment-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "icdsoft-reseller-store 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "imagemagick-engine 1.7.11 Administrator+.OS.Command.Injection MEDIUM" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "iframe-to-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Post.Title.Update MEDIUM" "image-gallery 1.3.0 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "inline-click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "internal-link-builder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "infographic-and-list-builder-ilist 5.0.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "infunding No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "image-map-pro 6.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro 6.0.21 Missing.Authorization.to.Authenticated.(Contributor+).Map.Project.Add/Update/Delete MEDIUM" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "ical-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "issuu-panel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "infugrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "implied-cookie-consent No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "idx-broker-platinum 3.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idx-broker-platinum 3.2.3 Contributor+.Stored.XSS MEDIUM" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "inpost-gallery 2.1.4.4 Cross-Site.Request.Forgery MEDIUM" "inpost-gallery 2.1.4.3 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.inpost_gallery_get_shortcode_template MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "iwjob No.known.fix Missing.Authorization MEDIUM" "iwjob No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "ichart 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "jigoshop-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jp-students-result-system-premium No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "jlayer-parallax-slider-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "justrows-free No.known.fix Reflected.XSS HIGH" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2..Authenticated.SQL.Injection HIGH" "jsm-show-post-meta 4.6.1 Missing.Authorization MEDIUM" "jupiterx-core 4.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Inline.SVG MEDIUM" "jupiterx-core 4.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jupiterx-core 4.8.12 Unauthenticated.PHP.Object.Injection.via.PHAR HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "jupiterx-core 4.8.8 Authenticated.(Contributor+).SVG.Upload.to.Local.File.Inclusion.(Remote.Code.Execution) HIGH" "jupiterx-core 4.8.6 Missing.Authorization.to.Authenticated.Library.Sync MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Unauthenticated.Popup.Template.Export MEDIUM" "jupiterx-core 4.7.8 Limited.Unauthenticated.Authentication.Bypass.to.Account.Takeover HIGH" "jupiterx-core 4.6.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 4.6.9 Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "just-post-preview No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jobcareer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrative.Actions HIGH" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "jet-menu 2.4.9.1 Missing.Authorization MEDIUM" "jet-skinner-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board-manager 2.1.61 Missing.Authorization MEDIUM" "job-board-manager No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board-manager 2.1.60 Cross-Site.Request.Forgery MEDIUM" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jet-blocks 1.3.16.1 Missing.Authorization MEDIUM" "jet-blocks 1.3.16.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "jet-reviews 2.3.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "jwp-a11y No.known.fix Admin+.Stored.XSS LOW" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "jet-elements 2.7.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.4.2 Missing.Authorization MEDIUM" "jet-elements 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "js-vehicle-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "js-support-ticket 2.9.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "js-support-ticket 2.9.3 Missing.Authorization MEDIUM" "js-support-ticket 2.9.2 Unauthenticated.Arbitrary.File.Download HIGH" "js-support-ticket 2.9.3 Unauthenticated.SQL.Injection HIGH" "js-support-ticket 2.9.3 Unauthenticated.Local.File.Inclusion CRITICAL" "js-support-ticket 2.8.9 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "js-support-ticket 2.8.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "js-support-ticket 2.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "jet-woo-builder 2.1.18.1 Missing.Authorization MEDIUM" "jet-woo-builder 2.1.18.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "jobwp 2.4.0 Unauthenticated.SQL.Injection HIGH" "jobwp 2.4.0 Cross-Site.Request.Forgery MEDIUM" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "jet-tricks 1.5.1.1 Missing.Authorization MEDIUM" "joy-of-text No.known.fix Missing.Authorization MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "jsp-store-locator No.known.fix Deletion.via.Missing.CSRF MEDIUM" "jsp-store-locator No.known.fix Contributor+.SQL.Injection HIGH" "jobhunt-notifications No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "json-structuring-markup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "jet-compare-wishlist 1.5.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jobboardwp 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "jet-footer-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jetpack-boost 3.4.8 Contributor+.Stored.XSS MEDIUM" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "js-jobs No.known.fix Unauthenticated.SQL.Injection HIGH" "js-jobs No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "js-jobs No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "js-jobs No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "js-jobs No.known.fix Authenticated.Insecure.Direct.Object.Reference MEDIUM" "js-jobs No.known.fix Missing.Authorization MEDIUM" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "jet-engine 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-engine 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.list_tag.Parameter MEDIUM" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "jma-youtube-playlists-with-schema No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "jigoshop-store-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "jc-importer 2.14.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "js-twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "jsfiddle-shortcode 1.1.3 Contributor+.XSS.via.Shortcode MEDIUM" "javo-core 3.0.0.266 Unauthenticated.Privilege.Escalation.in.ajax_signup CRITICAL" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jetpack-feedback-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "joomsport-sports-league-results-management 5.6.18 Reflected.Cross-Site.Scripting.via.page HIGH" "joomsport-sports-league-results-management 5.6.4 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "jayj-quicktag 1.3.2 CSRF HIGH" "jk-html-to-pdf No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jetpackcrm-ext-woo-connect 2.13 Unauthorized.Invoice.Disclosure LOW" "justified-image-grid No.known.fix Unauthenticated.Server-Side.Request.Forgery MEDIUM" "jf3-maintenance-mode 2.1.0 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "jetpack 14.1-a.1 Unauthenticated.DOM-XSS MEDIUM" "jetpack 12.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.5.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.4.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.0.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.7.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.3.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.1.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.5.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.2.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.6.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.8.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.7.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.4.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.3.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 3.9.10 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.2.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.8.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.9.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.3.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.0.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.0.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.7.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8 Unauthenticated.Arbitrary.Block.&.Shortcode.Execution MEDIUM" "jetpack 13.8 Contributor+.Stored.XSS MEDIUM" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "jiangqie-official-website-mini-program No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "job-listings No.known.fix Unauthenticated.Privilege.Escalation.via.register_action.Function CRITICAL" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jet-tabs 2.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "jb-horizontal-scroller-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-smart-filters 3.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blog 2.4.3.1 Missing.Authorization MEDIUM" "jet-blog 2.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "jquery-drop-down-menu-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ar.Parameter MEDIUM" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "job-board-light No.known.fix Missing.Authorization MEDIUM" "job-board-light No.known.fix Authenticated.(Employer+).Insecure.Direct.Object.Reference MEDIUM" "job-board-light 1.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "just-wp-variables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "jcarousel-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "jetpack-debug-helper 2.0.1 Missing.Authorization MEDIUM" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jiangqie-free-mini-program No.known.fix Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "jet-woo-product-gallery 2.1.22.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "just-writing-statistics 5.4 Missing.Authorization MEDIUM" "just-writing-statistics 4.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "job-postings 2.7.12 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "job-postings 2.7.11 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.8 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "jt-express 2.0.15 Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "jw-player-7-for-wp 2.3.4 Missing.Authorization MEDIUM" "jet-popup 2.0.12 Missing.Authorization MEDIUM" "jibu-pro No.known.fix Stored.XSS MEDIUM" "jemployee No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "jet-search 3.5.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "justified-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Button.and.Countdown.Widgets MEDIUM" "jeg-elementor-kit 2.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Countdown.and.Off-Canvas MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.sg_content_template MEDIUM" "jeg-elementor-kit 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "kk-i-like-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kiotvietsync No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kiotvietsync 1.8.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kopa-nictitate-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ki-live-video-conferences No.known.fix Missing.Authorization MEDIUM" "ki-live-video-conferences No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "kbucket 4.2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kbucket 4.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "kush-micro-news No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "kento-ads-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kama-spamblock 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "konami-easter-egg No.known.fix Cross-Site.Request.Forgery MEDIUM" "koalendar-free-booking-widget 1.0.3 Contributor+.Stored.XSS.via.height.Parameter MEDIUM" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "knowledgebase 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knowledgebase 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "keywords-highlight-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "k-elements 5.4.0 Authentication.Bypass CRITICAL" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "koko-analytics 1.3.13 Reflected.Cross-Site.Scripting MEDIUM" "kapost-byline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "kata-plus 1.5.4 Unauthenticated.PHP.Object.Injection HIGH" "kata-plus 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kata-plus 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kumihimo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kiwichat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "kikfyre-events-calendar-tickets No.known.fix Missing.Authorization MEDIUM" "kivicare-clinic-management-system 3.6.8 Authenticated.(Doctor+).SQL.Injection.via.'u_id'.Parameter MEDIUM" "kivicare-clinic-management-system 3.6.5 Authenticated.(Doctor/Receptionist+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.5 Unauthenticated.SQL.Injection HIGH" "kivicare-clinic-management-system 3.6.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.7 Patient+.Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kundgenerator 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "kevins-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "kadence-woocommerce-email-designer 1.5.15 Admin+.Arbitrary.File.Upload MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "kargo-entegrator 1.1.15 Authenticated.(Shop.Manager+).SQL.Injection MEDIUM" "kvcore-idx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.4.10.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "king-addons 24.12.59 Missing.Authorization MEDIUM" "ksher-payment 1.1.3 Missing.Authorization MEDIUM" "ksher-payment 1.1.2 Missing.Authorization MEDIUM" "kredeum-nfts 1.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "kangu 2.2.10 Reflected.XSS HIGH" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "king-ie No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kama-clic-counter 4.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kama-clic-counter 3.5.0 XSS MEDIUM" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "keymaster-chord-notation-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "kstats-reloaded No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kento-wp-stats No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "keycaptcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "knr-author-list-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "kh-easy-user-settings No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "kk-youtube-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knowledgebase-helpdesk-pro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "killer-theme-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kb-support No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "kb-support 1.6.8 Unauthenticated.Open.Redirect MEDIUM" "kb-support 1.6.7 Subscriber+.Multiple.Administrator.Actions HIGH" "kb-support 1.6.7 Unauthenticated.Ticket.Reply.Exposure MEDIUM" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "korea-for-woocommerce 1.1.12 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "keep-backup-daily 2.1.1 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "keep-backup-daily No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "kubio 2.5.2 Unauthenticated.Local.File.Inclusion CRITICAL" "kubio 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kings-tab-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kali-forms 2.4.3 Contributor+.Stored.XSS MEDIUM" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "klarna-checkout-for-woocommerce 2.13.5 DoS.via.Excessive.Logging MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kadence-blocks 3.4.10 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.3.2 Missing.Authorization MEDIUM" "kadence-blocks 3.4.3 Authenticated.(contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "kadence-blocks 3.2.54 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.54 Admin+.Stored.XSS LOW" "kadence-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Widget MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting.via.'add_query_arg' MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "key4ce-osticket-bridge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kineticpay-for-woocommerce 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "kintpv-connect 8.141 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kv-send-email-from-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "lgpd-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "library-instruction-recorder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "license-envato 1.1.0 Unauthenticated.Local.File.Inclusion CRITICAL" "license-envato 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "ltl-freight-quotes-sefl-edition 3.2.5 Unauthenticated.SQL.Injection HIGH" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "lunar-sell-photos-online No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "legal-pages 1.4.6 Missing.Authorization MEDIUM" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "local-magic No.known.fix Unauthenticated.SQL.Injection HIGH" "local-magic No.known.fix Missing.Authorization MEDIUM" "lbg-audio3-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "leartes-try-exchange-rates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "links-in-captions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loginplus No.known.fix Missing.Authorization MEDIUM" "loginplus No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "ltl-freight-quotes-fedex-freight-edition 3.4.2 Unauthenticated.SQL.Injection HIGH" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "locateandfilter 1.6.17 Missing.Authorization MEDIUM" "locateandfilter 1.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "listdom 4.1.0 Open.Redirect MEDIUM" "listdom 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode.Parameter MEDIUM" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "lj-custom-menu-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "ltl-freight-quotes-day-ross-edition 2.1.11 Unauthenticated.Stored.Cross-Site.Scripting.via.'expiry_date'.Parameter HIGH" "like-on-vkontakte No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "local-shipping-labels-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "lis-video-gallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "login-logger No.known.fix Cross-Site.Request.Forgery MEDIUM" "liveforms 4.8.5 Missing.Authorization MEDIUM" "liveforms No.known.fix Entry.Deletion.via.CSRF MEDIUM" "liveforms No.known.fix Missing.Authorization MEDIUM" "liveforms 4.8.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "launchpage-app-importer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "library-management-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "library-management-system No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "linkpreview No.known.fix Cross-Site.Request.Forgery MEDIUM" "learnpress-import-export 4.0.5 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "logo-manager-for-enamad 0.7.2 Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad 0.7.1 Stored.XSS.via.CSRF HIGH" "layoutboxx No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.22 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Worldwide.Express.Edition.<.5.0.21.-.Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Unauthenticated.SQL.Injection HIGH" "lh-ogp-meta-tags No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.51 Unauthenticated.PHP.Object.Injection CRITICAL" "locatoraid 3.9.48 Reflected.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ltl-freight-quotes-saia-edition 2.2.11 Unauthenticated.SQL.Injection HIGH" "lupsonline-link-netwerk No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "list-posts-by-category No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "loan-comparison 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "link-library 7.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-library 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Additional.Parameters MEDIUM" "link-library 7.7.3 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "lazyload-background-images No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "legull No.known.fix Reflected.XSS HIGH" "libro-de-reclamaciones-y-quejas 1.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "libro-de-reclamaciones-y-quejas No.known.fix Stored.XSS.via.CSRF HIGH" "location-piker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "loginizer-security 1.9.3 Authentication.Bypass HIGH" "ltl-freight-quotes-purolator-freight-edition 2.2.4 Unauthenticated.SQL.Injection HIGH" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linear No.known.fix Cross-Site.Request.Forgery.to.Cache.Reset MEDIUM" "linear No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linear 2.8.1 Contributor+.Stored.XSS MEDIUM" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "list-one-category-of-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "labinator-content-types-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "login-lockdown 2.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.IP.Whitelisting MEDIUM" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lsd-google-maps-embedder No.known.fix Cross-Site.Request.Forgery.Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "luckywp-table-of-contents 2.1.11 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.7 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.5 Admin+.Stored.XSS MEDIUM" "luckywp-table-of-contents 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Contributor+.Stored.XSS MEDIUM" "leira-cron-jobs 1.2.10 Reflected.Cross-Site.Scripting MEDIUM" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "linkid No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "leaky-paywall 4.21.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "lbg-audio2-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "location-click-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "list-children 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "likecoin 3.3.0 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "localgrid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lenix-elementor-leads-addon 1.8.3 Unauthenticated.Stored.Cross-Site.Scripting.via.URL.Form.Field HIGH" "linklaunder-seo-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ledenbeheer-external-connection 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "local-sync 1.1.7 Missing.Authorization MEDIUM" "library-bookshelves 5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "leira-roles 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "logs-de-connexion No.known.fix Admin+.SQL.Injection LOW" "logs-de-connexion No.known.fix Log.Deletion.via.CSRF MEDIUM" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "like-dislike-plus-counter No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "ltl-freight-quotes-rl-edition 3.3.5 Unauthenticated.SQL.Injection HIGH" "lh-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadinfo 2.1 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "lastudio-element-kit 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Compare.and.Google.Maps.Widgets MEDIUM" "lastudio-element-kit 1.5.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.data-lakit-element-link.Parameter MEDIUM" "lastudio-element-kit 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Table.of.Contents.Widget MEDIUM" "lastudio-element-kit 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.4.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "lastudio-element-kit 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "lightview-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "listings-for-buildium No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "login-watchdog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leopard-wordpress-offload-media 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "list-last-changes 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lana-downloads-manager 1.10.0 Admin+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "license-manager-for-woocommerce 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "list-related-attachments-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logo-showcase 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "legoeso-pdf-manager No.known.fix Authenticated.(Author+).SQL.Injection.via.checkedVals.Parameter MEDIUM" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "loggedin 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "live-support-tickets 1.11.1 Unauthenticated.Information.Disclosure MEDIUM" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "loi-hamon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "linked-variation 1.0.4 Missing.Authorization MEDIUM" "link-shield No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "link-shield No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "listamester 2.3.7 Cross-Site.Request.Forgery MEDIUM" "listamester 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "listamester 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "latest-custom-post-type-updates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "len-slider No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "lodgixcom-vacation-rental-listing-management-booking-plugin No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Contact/Widget.Toggle MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting.via.remove_query_arg.Parameter MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lemonade-sna-pinterest-edition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lock-user-account No.known.fix User.Lock.Bypass MEDIUM" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "ltl-freight-quotes-estes-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "lingotek-translation No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "ltl-freight-quotes-globaltranz-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-globaltranz-edition 2.3.13 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "live-stock-prices-for-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.2.7.6 Missing.Authorization MEDIUM" "learnpress 4.2.7.5.1 Authenticated.(LP.Instructor+).Stored.Cross-Site.Scripting.via.Lesson.Name MEDIUM" "learnpress 4.2.7.2 Authenticated.(Subscriber+).Open.Redirect MEDIUM" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.4 Course.Material.Sensitive.Information.Exposure.via.REST.API MEDIUM" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Missing.Authorization MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Unauthenticated.SQL.Injection HIGH" "live-chat-support-by-social-intents No.known.fix Admin+.Stored.XSS LOW" "leaderboard-lite No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "login-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "leenkme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "luzuk-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-to-url-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "libro-de-reclamaciones No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "load-more-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "liveagent 4.4.8 Cross-Site.Request.Forgery MEDIUM" "lu-radioplayer 6.24.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lu-radioplayer 6.24.11.07 Unauthenticated.Arbitrary.File.Read HIGH" "lgpd-compliant-cookie-banner No.known.fix Cross-Site.Request.Forgery MEDIUM" "ltl-freight-quotes-daylight-edition 2.2.7 Unauthenticated.Stored.Cross-Site.Scripting.via.'expiry_date'.Parameter HIGH" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "lazy-load-videos-and-sticky-control No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "linked-variation-for-woocommerce 2.0.0 CSRF MEDIUM" "list-pages-at-depth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lessbuttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-odfl-edition 4.2.11 Unauthenticated.SQL.Injection HIGH" "login-sidebar-widget No.known.fix Open.Redirect MEDIUM" "logo-showcase-ultimate 1.4.5 Contributor+.Local.File.Inclusion HIGH" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "list-urls No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "layouts-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "leadfox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "litespeed-cache 7.1 Editor+.Server-Side.Request.Forgery MEDIUM" "litespeed-cache 6.5.2 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.5.1 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5.1 Author+.Path.Traversal MEDIUM" "litespeed-cache 6.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "landing-page-cat 1.7.9 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.8 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.5 Missing.Authorization MEDIUM" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "list-category-posts No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "list-category-posts 0.90.3 Author+.Stored.XSS LOW" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leader No.known.fix Missing.Authorization MEDIUM" "latex2html 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "latex2html 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "leads-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadcapture No.known.fix Unauthenticated.SQL.Injection HIGH" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "lightweight-and-responsive-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lightweight-and-responsive-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-dashboard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "limit-login-attempts-plus No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "legalweb-cloud 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-freightquote-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-freightquote-edition 2.3.12 Missing.Authorization MEDIUM" "likebtn-like-button 2.6.54 Cross-Site.Request.Forgery MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "leyka 3.31.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leyka 3.31.7 Missing.Authorization MEDIUM" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "language-icons-flags-switcher No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ltl-freight-quotes-abf-freight-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "likebot No.known.fix Admin+.Stored.XSS.via.CSRF LOW" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "latepoint 5.1.93 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "latepoint 5.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "latepoint 5.0.13 Authentication.Bypass HIGH" "latepoint 5.0.12 Unauthenticated.Arbitrary.User.Password.Change.via.SQL.Injection CRITICAL" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "lime-developer-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lazy-blocks 3.8.3 Reflected.XSS HIGH" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "l-squared-hub-wp-virtual-device No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subsciber+).Log.Deletion.and.Session.Termination MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+)Privilege.Escalation HIGH" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "landing-pages-and-domain-aliases No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "linkz-ai 1.2.0 Subscriber+.Plugin.Settings.Update MEDIUM" "linkz-ai 1.2.0 Unauthenticated.Plugin.Settings.Update MEDIUM" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "login-logout-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "lh-copy-media-file 1.09 Reflected.Cross-Site.Scripting MEDIUM" "language-switcher 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "leadboxer 1.4 Reflected.XSS HIGH" "luzuk-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "login-with-vipps 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "lockets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "ltl-freight-quotes-ups-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "lenxel-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lenxel-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lenxel-core 1.2.5 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "lafka-plugin No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Option.Update MEDIUM" "lws-sms No.known.fix Cross-Site.Request.Forgery MEDIUM" "label-grid-tools 1.3.59 Reflected.Cross-Site.Scripting MEDIUM" "lucas-string-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lifterlms 8.0.2 Missing.Authorization.to.Unauthenticated.Post.Trashing MEDIUM" "lifterlms 7.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "lifterlms 8.0.1 Reflected.XSS HIGH" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "loginpress 4.0.0 Arbitrary.Options.Update.via.CSRF HIGH" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.16 Authenticated.Blind.SQL.Injection CRITICAL" "last-viewed-posts 1.0.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "luzuk-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-flight-radar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loginizer 1.9.3 Authentication.Bypass HIGH" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "legal-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadquizzes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "linkmyposts No.known.fix Reflected.XSS HIGH" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "lbg-audio1-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "login-me-now No.known.fix Authentication.Bypass HIGH" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "login-redirect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lock-your-updates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "lh-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leanpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linet-erp-woocommerce-integration 3.6.0 Authenticated.(Admin+).Arbitrary.File.Read.&.Deletion HIGH" "linet-erp-woocommerce-integration 3.5.8 Cross-Site.Request.Forgery MEDIUM" "listapp-mobile-manager No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lava-ajax-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-recaptcha 1.7 IP.Check.Bypass LOW" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "ltl-freight-quotes-freightview-edition 1.0.12 Unauthenticated.Stored.Cross-Site.Scripting.via.'expiry_date'.Parameter HIGH" "limit-bio No.known.fix Stored.XSS.via.CSRF HIGH" "limit-bio No.known.fix Reflected.XSS HIGH" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "lh-qr-codes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "ldap-login-password-and-role-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "liquid-blocks 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logo-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "local-search-seo-contact-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "lucidlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "listings-for-appfolio 1.2.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "laika-pedigree-tree No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Stored.Cross-Site.Scripting.via.Ask.a.Question.Functionality MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Missing.Authorization.to.Privilege.Escalation HIGH" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "list-mixcloud No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "logo-slider-wp 4.6.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Author+.Stored.XSS MEDIUM" "logo-slider-wp 4.1.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "link-whisper 0.7.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "luckywp-scripts-control 1.2.2 Missing.Authorization MEDIUM" "luckywp-scripts-control 1.2.2 CSRF.via.multiple.AJAX.actions LOW" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "ltl-freight-quotes-xpo-edition 4.3.8 Unauthenticated.SQL.Injection HIGH" "limit-max-ips-per-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "lws-affiliation 2.3.5 Missing.Authorization MEDIUM" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "language-field No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "live-2d 1.9.12 Subscriber+.Arbitrary.File.Deletion HIGH" "login-widget-for-ultimate-member 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "leadconnector 3.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "linkedin-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "magic-carousel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meteor-slides No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "mg-parallax-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mail-picker 1.0.15 Unauthenticated.PHP.Object.Injection CRITICAL" "mail-picker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mshop-npay 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mnp_purchase.Shortcode MEDIUM" "martins-free-and-easy-ad-network-get-more-visitors No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mindmeister-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.24 Reflected.Cross-Site.Scripting.via.smc_settings_tab,.unattachfixit-action,.and.woofixit-action.Parameters MEDIUM" "media-library-assistant 3.20 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-friendly-flickr-slideshow 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-friendly-flickr-slideshow 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "mappress-google-maps-for-wordpress 2.94.10 Admin+.Stored.XSS LOW" "mappress-google-maps-for-wordpress 2.94.9 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.94.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Map.Block MEDIUM" "mappress-google-maps-for-wordpress 2.93 Admin+.Stored.XSS.via.Map.Settings LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "my-loginlogout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.8 Editor+.Stored.XSS LOW" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.26.4 Authentication.Bypass HIGH" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "mycustomwidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "maintenance-and-noindex-nofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "mighty-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "message-ticker No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "minimum-password-strength No.known.fix Cross-Site.Request.Forgery MEDIUM" "myanime-widget No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation CRITICAL" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.10 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.5 Contributor+.Arbitrary.File.Upload HIGH" "mapsvg-lite-interactive-vector-maps 8.6.5 Missing.Authorization MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "marmoset-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "magical-addons-for-elementor 1.2.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "media-hygiene 4.0.1 Missing.Authorization MEDIUM" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "memberlite-shortcodes 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.memberlite_accordion.Shortcode MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "multimedia-carousel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "memberful-wp 1.74.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberful-wp 1.73.8 Authenticated.(contributor+).Stored.Cross-Site.Scripting MEDIUM" "moving-media-library 1.23 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Deletion MEDIUM" "my-favorites 1.4.3 Contributor+.Stored.XSS MEDIUM" "my-favorites No.known.fix Contributor+.Stored.XSS MEDIUM" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "mapsvg No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "mapsvg No.known.fix Authenticated.(Contributor+).Privilege.Esclation HIGH" "mapsvg No.known.fix Missing.Authorization MEDIUM" "mapsvg No.known.fix All.Kinds.of.Maps.and.Store.Locator.for.WordPress.<=.8.6.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "mapsvg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg No.known.fix Missing.Authorization MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "master-slider 3.10.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.masterslider_pb.and.ms_slide.Shortcodes MEDIUM" "master-slider No.known.fix Missing.Authorization MEDIUM" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_layer.Shortcode MEDIUM" "master-slider 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_slider.Shortcode MEDIUM" "master-slider 3.10.5 Editor+.Stored.XSS LOW" "master-slider 3.10.0 CSRF.to.slider.deletion MEDIUM" "master-slider 3.10.5 Reflected.Cross-Site.Scripting HIGH" "master-slider 3.10.0 Contributor+.Stored.XSS.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Editor+.Stored.XSS.via.slider.callback LOW" "master-slider 3.10.0 Sliders.Deletion.via.CSRF MEDIUM" "master-slider 3.10.0 Contributor+.Stored.XSS MEDIUM" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "mg-post-contributors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "melapress-login-security-premium 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "multifox-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "mdr-webmaster-tools No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "mobile-navigation No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "miniorange-discord-integration No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "meeting-scheduler-by-vcita No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Cross-Site.Request.Forgery MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.5 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita 4.5 Subscriber+.Settings.Update.&.Stored.XSS MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Unauthenticated.Stored.XSS CRITICAL" "meeting-scheduler-by-vcita 4.5.2 Denial.of.Service.via.CSRF MEDIUM" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "music-pack-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion HIGH" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "multiple-votes-in-one-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "msstiger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "mage-eventpress 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.3.7 Contributor+.PHP.Object.Injection MEDIUM" "mage-eventpress 4.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mage-eventpress 4.3.0 Missing.Authorization MEDIUM" "mage-eventpress 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "material-design-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mdi-icon.Shortcode MEDIUM" "mergado-marketing-pack No.known.fix Stored.XSS.via.CSRF HIGH" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "multiline-files-for-contact-form-7 2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Deactivation MEDIUM" "marquee-style-rss-news-ticker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "mt-addons-for-elementor 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mywebtonet-performancestats No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "moreads-se 1.4.7 XSS MEDIUM" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "mail-mint 1.17.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "my-wp-responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "mstore-api 4.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Posts.Creation MEDIUM" "mstore-api 4.17.5 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "mstore-api 4.16.5 Authenticated.(Subscriber+).HTML.File.Upload.(Stored.Cross-Site.Scripting) MEDIUM" "mstore-api 4.15.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "mybooktable 3.5.4 Cross-Site.Request.Forgery MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "manycontacts-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mancx-askme-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "most-and-least-read-posts-widget 2.5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "most-and-least-read-posts-widget 2.5.19 Cross-Site.Request.Forgery.via.most_and_least_read_posts_options MEDIUM" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "magazine-blocks 1.3.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mfolio-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "mfolio-lite 1.2.2 Missing.Authorization.to.Authenticated.(Author+).File.Upload.via.EXE.and.SVG.Files CRITICAL" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "maan-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mp3-music-player-by-sonaar 5.9.5 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Podcast.RSS.Feed MEDIUM" "mp3-music-player-by-sonaar 5.9 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "maximum-products-per-user-for-woocommerce 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "maxi-blocks 2.1.1 Contributor+.Arbitrary.Options.Update HIGH" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "menu-ordering-reservations 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "mitm-bug-tracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "material-dashboard 1.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "material-dashboard 1.4.6 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "material-dashboard 1.4.6 Unauthenticated.Local.File.Inclusion CRITICAL" "material-dashboard 1.4.6 Unauthenticated.Privilege.Escalation CRITICAL" "mobile-bottom-menu-for-wp 1.4.1 Missing.Authorization MEDIUM" "maniac-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch No.known.fix Reflected.XSS HIGH" "mind-doodle-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-reading-library No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "mejorcluster 1.1.16 Contributor+.Stored.XSS MEDIUM" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "meta-store-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapbox-for-wp-advanced No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "music-store 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "meta-accelerator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'marketplace'.Shortcode MEDIUM" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "mynx-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "muzaara-adwords-optimize-dashboard No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "muzaara-adwords-optimize-dashboard No.known.fix Information.Exposure MEDIUM" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "map-block-leaflet 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "mybookprogress No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mybookprogress No.known.fix Missing.Authorization MEDIUM" "mybookprogress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.book.Parameter MEDIUM" "music-let-loose-mp3-audio-player No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "magical-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-admin-emails No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "makewebbetter-hubspot-for-woocommerce 1.6.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "musicbox No.known.fix Reflected.XSS HIGH" "multiple-post-type-order No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mpto.Shortcode MEDIUM" "machform-shortcode 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "move-addons 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "move-addons 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "masjidal 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system-pro 4.7.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mixcloud-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "monetag-official No.known.fix Missing.Authorization MEDIUM" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "modal-portfolio No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "music-player-for-woocommerce 1.6.0 Missing.Authorization MEDIUM" "mojo-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "mayosis-core 5.4.2 Unauthenticated.Arbitrary.File.Read HIGH" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "mtphr-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multilang-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meta-slider-and-carousel-with-lightbox 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mediaview 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mediaview No.known.fix Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "music-sheet-viewer No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "music-sheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "mad-mimi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mj-contact-us No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meta-tag-manager 3.2 Missing.Authorization MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "mycbgenie-clickbank-storefront No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multiple-location-google-map No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailup-auto-subscribtion 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ms-registration No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ms-registration No.known.fix Missing.Authorization MEDIUM" "media-category-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mas-addons-for-elementor 1.1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "mas-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "masy-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "media-slider 1.4.0 Missing.Authorization MEDIUM" "mshop-naver-talktalk 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.add_plus_friends.and.add_plus_talk.Shortcodes MEDIUM" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "my-default-post-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mlanguage No.known.fix Cross-Site.Request.Forgery MEDIUM" "microblog-poster No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "multi-day-booking-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mystyle-custom-product-designer 3.21.2 Unauthenticated.SQL.Injection HIGH" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "my-favorite-cars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "member-access No.known.fix Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mark-new-posts 7.6 Missing.Authorization.via.save_options MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "modern-events-calendar-lite 7.22 Information.Exposure MEDIUM" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "mediabay No.known.fix WordPress.Media.Library.Folders.<=.1.4.-.Reflected.Cross-Site.Scripting MEDIUM" "media-modal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "mh-board No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "mailclient No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "motor-racing-league No.known.fix Admin+.XSS LOW" "multilevel-referral-plugin-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "multilevel-referral-plugin-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "mobile-contact-bar 3.0.5 Admin+.Stored.XSS LOW" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "metrika No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "minical No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "masterbip-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-feed-reader No.known.fix Cross-Site.Request.Forgery MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-wp-tabs 2.2.7 Admin+.Stored.XSS LOW" "mailchimp-for-wp 4.9.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.9.17 4.9.16.-.Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "melascrivi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marketing-and-seo-booster No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "multi-video-box No.known.fix Reflected.Cross-Site.Scripting.via.video_id.and.group_id.Parameters MEDIUM" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "moose-elementor-kit 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "mass-messaging-in-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-step-form 1.7.24 Missing.Authorization.to.Unauthenticated.Limited.File.Upload MEDIUM" "multi-step-form 1.7.22 Missing.Authorization.via.fw_delete_files MEDIUM" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "mybb-last-topics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.5.29 Contributor+.Local.File.Inclusion HIGH" "masterstudy-lms-learning-management-system 3.5.29 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "my-geo-posts-free No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "mortgage-loan-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 4.0.6 Authenticated.(Editor+).Server-Side.Request.Forgery.via.fileUrl MEDIUM" "multiple-pages-generator-by-porthas 4.0.3 Authenticated.(Editor+).Directory.Traversal.to.Limited.File.Deletion LOW" "multiple-pages-generator-by-porthas 4.0.2 Missing.Authorization MEDIUM" "multiple-pages-generator-by-porthas 3.4.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "mwp-herd-effect 6.2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "multi-crypto-currency-payment No.known.fix Unauthenticated.SQL.Injection HIGH" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "movylo-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-dj-manager 1.7.5.3 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "mobile-dj-manager 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "meetup No.known.fix Authentication.Bypass CRITICAL" "metadata-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "multicarousel No.known.fix Unauthenticated.SQL.Injection HIGH" "master-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "morkva-ua-shipping 1.0.20 Unauthenticated.Local.File.Inclusion CRITICAL" "monarch 1.2.7 Privilege.Escalation HIGH" "monitor-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "medical-addon-for-elementor 1.6.3 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "medical-addon-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "modern-polls No.known.fix Cross-Site.Request.Forgery MEDIUM" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "mercadolibre-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multi-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "mollie-forms 2.7.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "mediavine-control-panel 2.10.7 Unauthenticated.Information.Exposure MEDIUM" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "marketing-automation 1.2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "milat-jquery-automatic-popup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "multi-column-tag-map 17.0.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mctagmap.Shortcode MEDIUM" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "mapfig-premium-leaflet-map-maker No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "melapress-login-security 2.1.1 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "melapress-login-security 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "memorialday 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "msrp-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.10.2 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.FancyBox.5.JavaScript.Library MEDIUM" "modula-best-grid-gallery 2.11.11 Author+.Arbitrary.File.Upload HIGH" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mcjh-button-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "metasync 1.8.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mas-static-content 1.0.9 Authenticated.(Contributor+).Private.Static.Content.Page.Disclosure MEDIUM" "mailin 3.1.88 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "melipayamak No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "magic-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mmx-make-me-christmas No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailpoet 5.5.2 Admin+.Stored.XSS LOW" "mailpoet 5.3.2 Admin+.Stored.XSS LOW" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "map-store-location No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "map-addons-for-elementor-waze-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mark-posts 2.2.5 Missing.Authorization MEDIUM" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "media-downloader 0.4.7.6 Reflected.Cross-Site.Scripting MEDIUM" "media-downloader 0.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "make-email-customizer-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "mipl-wc-multisite-sync 1.1.6 Unauthenticated.Arbitrary.File.Download HIGH" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-forms-by-mailmunch 3.2.4 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "mobilize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailhawk 1.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "m1downloadlist No.known.fix Authenticated.(Contributor+).Sensitive.Information.Disclosure MEDIUM" "m1downloadlist 0.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "memberspace 2.1.14 Reflected.Cross-Site.Scripting MEDIUM" "memberspace 2.1.14 Reflected.XSS MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maxab No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "mycred 2.9.4.3 Missing.Authorization MEDIUM" "mycred 2.9.4.3 Missing.Authorization MEDIUM" "mycred 2.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_send.Shortcode MEDIUM" "mycred 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_link.Shortcode MEDIUM" "mycred 2.7.4 Missing.Authorization.to.Unauthenticated.Database.Upgrade MEDIUM" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "myorderdesk 3.3.0 Contributor+.Stored.XSS MEDIUM" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "md-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "members 3.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "mb-custom-post-type 2.7.7 Admin+.Stored.XSS LOW" "movie-database No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "marekkis-watermark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "map-contact No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "mas-wp-job-manager-company 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "my-wp-brand 1.1.3 Missing.Authorization MEDIUM" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "motors-car-dealership-classified-listings 1.4.72 Unauthenticated.Local.File.Inclusion CRITICAL" "motors-car-dealership-classified-listings 1.4.65 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "motors-car-dealership-classified-listings 1.4.64 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "motors-car-dealership-classified-listings 1.4.67 Missing.Authorization.to.Authenticated.(Subscriber+).Wizard.Set-up MEDIUM" "motors-car-dealership-classified-listings 1.4.72 Contributor+.Stored.XSS MEDIUM" "motors-car-dealership-classified-listings 1.4.72 Contributor+.Local.File.Inclusion HIGH" "motors-car-dealership-classified-listings 1.4.58 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Listing.Template.Creation MEDIUM" "motors-car-dealership-classified-listings 1.4.44 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Custom.Title MEDIUM" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "mashsharer No.known.fix Missing.Authorization MEDIUM" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "market-exporter 2.0.23 Cross-Site.Request.Forgery MEDIUM" "market-exporter 2.0.22 Missing.Authorization MEDIUM" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "miniorange-oauth-oidc-single-sign-on 40.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 30.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 18.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 50.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "master-addons 2.0.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "master-addons 2.0.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "master-addons 2.0.6.8 Free.Widgets,.Hover.Effects,.Toggle,.Conditions,.Animations.for.Elementor.<.2.0.6.8.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.Module MEDIUM" "master-addons No.known.fix Author+.Stored.XSS MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "modal-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modal-survey No.known.fix Unauthenticated.SQL.Injection HIGH" "modal-survey No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "mlr-audio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "metform 3.9.3 Admin+.SSRF MEDIUM" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "minimal-share-buttons 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "manage-user-columns 1.0.6 Cross-Site.Request.Forgery MEDIUM" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "macme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Form.Color.Parameters MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mass-custom-fields-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "melhor-envio-cotacao 2.15.12 Unauthenticated.Sensitive.Information.Exposure.via.Hardcoded.Hash MEDIUM" "mambo-joomla-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "magazine-lister-for-yumpu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "mx-time-zone-clocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "mpl-publisher 2.18.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "minimalistic-event-manager No.known.fix Missing.Authorization MEDIUM" "media-library-plus 8.3.1 Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "minify-html-markup 2.1.11 -.Regular.Expressions.Denial.of.Service MEDIUM" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-mime-type-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "munk-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "mins-to-read No.known.fix Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multi-column-taxonomy-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mightyforms 1.3.10 Missing.Authorization MEDIUM" "mightyforms 1.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.8.4 Admin+.Stored.XSS LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Text.Color LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Button.Width LOW" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mini-course-generator 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mindvalley-pagemash No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "memberpress 1.12.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress 1.11.35 Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-marginalia No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-wp-as-saml-idp 1.15.7 Authenticated.(Administrator+).SQL.Injection HIGH" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "meks-themeforest-smart-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mangboard 1.8.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Board.Header.And.Footer MEDIUM" "mangboard 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "mobile-banner 1.6 CSRF MEDIUM" "marquee-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-app 3.8.3 Missing.Authorization MEDIUM" "multimanager-wp 1.1.0 Authentication.Bypass.via.User.Impersonation CRITICAL" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "muslim-prayer-time-bd 2.5 Settings.Reset.via.CSRF MEDIUM" "mailchimp-top-bar 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "more-link-modifier No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "marketking-multivendor-marketplace-for-woocommerce 2.0.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.25 Missing.Authorization MEDIUM" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "mdc-youtube-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "magicpost 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wb_share_social.Shortcode MEDIUM" "meintopf No.known.fix Reflected.XSS HIGH" "meow-gallery 5.2.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "maxslider 1.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "my-contador-wp 2.1 Missing.Authorization.to.Unauthenticated.User.Registration.CSV.Export MEDIUM" "mainwp-child 5.3 Authentication.Bypass HIGH" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "monkee-boy-wp-essentials No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "marketer-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "medma-matix No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "mp-restaurant-menu 2.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "marketing-performance No.known.fix Reflected.XSS HIGH" "mfplugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "market-360-viewer No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "miniorange-login-openid No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "miniorange-login-openid 200.3.10 Authentication.Bypass HIGH" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "memeone No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "myticket-events No.known.fix Unauthenticated.Limited.File.Read MEDIUM" "mailoptin 1.2.70.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "moka-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "majestic-support 1.1.1 Missing.Authorization MEDIUM" "majestic-support 1.1.1 Unauthenticated.SQL.Injection HIGH" "majestic-support 1.1.1 Missing.Authorization MEDIUM" "majestic-support 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "majestic-support 1.0.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "majestic-support 1.0.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "make-builder 1.1.11 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.make_builder_ajax_subscribe.Function MEDIUM" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "mhr-custom-anti-copy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "migrate-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "myweather No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "media-library-downloader 1.3.2 Missing.Authorization MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-firebase-sms-otp-verification 3.6.1 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Privilege.Escalation.via.Registration.due.to.Administrator.Default.User.Role.Value CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Authentication.Bypass HIGH" "mapplic-lite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mdc-comment-toolbar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "menus-plus No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mytweetlinks No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "metalpriceapi 1.1.5 Contributor+.Remote.Code.Execution HIGH" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-quota No.known.fix Reflected.XSS HIGH" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "modal-window 6.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.iframeBox.Shortcode MEDIUM" "modal-window 6.1.5 Cross-Site.Request.Forgery.to.Settings.Ipdate MEDIUM" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "mobile-app-for-woocommerce No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "members-page-only-for-logged-in-users No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "membership-for-woocommerce 2.8.2 Missing.Authorization MEDIUM" "membership-for-woocommerce 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "mycurator 3.79 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "min-and-max-quantity-for-woocommerce 2.1.0 Missing.Authorization MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "moving-users 1.10 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mini-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "music-player-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.album_buy_url.Parameter MEDIUM" "music-player-for-elementor 2.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Template.Import MEDIUM" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "meinturnierplande-widget-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.3.0 Reflected.XSS HIGH" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "member-database No.known.fix Reflected.XSS HIGH" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "my-auctions-allegro-free-edition No.known.fix Cross-Site.Request.Forgery MEDIUM" "my-auctions-allegro-free-edition 3.6.21 Contributor+.SQLi HIGH" "my-auctions-allegro-free-edition 3.6.19 Reflected.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.18 Reflected.Cross-Site.Scripting MEDIUM" "migrate-shopify-to-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "music-press-pro No.known.fix Missing.Authorization MEDIUM" "music-press-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "ml-slider 3.99.0 Contributor+.Stored.XSS.via.aria-label.Parameter MEDIUM" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Authenticated.(Editor+).PHP.Object.Injection HIGH" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "maintenance-coming-soon-redirect-animation 2.3.0 Missing.Authorization.to.Settings.Update MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Limited.Settings.Update MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "my-tickets 2.0.17 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "my-tickets 2.0.10 Missing.Authorization MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "maintenance-notice 1.0.7 Settings.Reset.via.CSRF MEDIUM" "magic-the-gathering-card-tooltips 3.6.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "magic-the-gathering-card-tooltips 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "myworks-woo-sync-for-quickbooks-online 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "maanstore-api No.known.fix Authentication.Bypass CRITICAL" "mrlegend-typedjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.typespeed.Parameter MEDIUM" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.6.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "mobile-smart No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "magicform No.known.fix WordPress.Form.Builder.<=.1.6.2.-.Missing.Authorization MEDIUM" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "mailmunch 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "my-wp 1.24.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mind3dom-ryebread-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "media-library-tools 1.5.0 Author+.Stored.XSS.via.SVG MEDIUM" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "magic-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "metricool 1.18 Admin+.Stored.XSS LOW" "magayo-lottery-results No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "macro-admin-email-data-optin-calculator No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "my-bootstrap-menu No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "meks-flexible-shortcodes 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-flexible-shortcodes 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "mobile-kiosk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobigatevn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "nmedia-mailchimp-widget No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "notifikacie-sk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ns-simple-intro-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-woocommerce-product-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nps-computy 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "newsletter 8.8.5 Admin+.Stored.XSS.via.Widget LOW" "newsletter 8.8.5 Admin+.Stored.XSS.via.Form LOW" "newsletter 8.8.2 Admin+.Stored.XSS.via.Subscription LOW" "newsletter 8.7.1 Admin+.Stored.XSS LOW" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "navegg No.known.fix Cross-Site.Request.Forgery MEDIUM" "nova-poshta-ttn 1.19.7 Unauthenticated.SQL.Injection HIGH" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "newsticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "notificationx 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.9.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "navayan-csv-export No.known.fix Unauthenticated.SQL.Injection CRITICAL" "notif-bell 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "noveldesign-store-directory No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "nofollow-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "nimbata-call-tracking No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "naver-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ninja-tables 5.0.19 Unauthenticated.PHP.Object.Injection.to.Limited.Remote.Code.Execution MEDIUM" "ninja-tables 5.0.17 Admin+.Stored.XSS LOW" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "nd-booking 3.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-booking 3.7 Unauthenticated.Local.File.Inclusion CRITICAL" "nd-booking 3.3 Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "nix-anti-spam-light No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "nextgen-gallery-voting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nemesis-all-in-one No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Subscriber+.Stored.XSS MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Missing.Authorization MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Admin+.SQL.Injection MEDIUM" "ninja-forms-webhooks 3.0.8 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Form.Webhook MEDIUM" "nopeamedia No.known.fix Cross-Site.Request.Forgery MEDIUM" "nopeamedia 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-ticker-widget-for-elementor 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "newsboard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ni-woocommerce-sales-report-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "notifier 2.6.1 Admin+.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.9.2 Authenticated.(Custom).Limited.Code.Execution.via.get_table_records.Function MEDIUM" "nex-forms-express-wp-form-builder 8.9.2 Authenticated.(Custom).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.8.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nex-forms-express-wp-form-builder 8.7.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.4 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninjateam-telegram 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "ninjateam-telegram 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nokaut-offers-box No.known.fix Admin+.Stored.XSS LOW" "nokaut-offers-box No.known.fix Plugin.Reset.via.CSRF MEDIUM" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "nitropack 1.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Transient.Update MEDIUM" "nitropack 1.17.6 Subscriber+.Limited.Options.Update HIGH" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "norse-runes-oracle 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "norse-runes-oracle 1.4.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "nicebackgrounds No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nc-wishlist-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "n360-splash-screen No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "ni-crm-lead No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-crm-lead No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nova-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "new-contact-form-widget 1.4.7 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.3 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "nepali-post-date No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-page-redirects No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "notifications-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons 1.2.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Canvas.Menu.Elementor.Template MEDIUM" "newsletter-subscriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "novelist 1.2.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "ni-woocommerce-order-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.5 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.SimpleLightbox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.9 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.5 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure CRITICAL" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "noakes-menu-manager 3.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nearby-locations No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "nertworks-all-in-one-social-share-tools No.known.fix Cross-Site.Request.Forgery MEDIUM" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "nite-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "nepali-date-utilities No.known.fix Stored.XSS.via.CSRF HIGH" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ni-woocommerce-product-enquiry No.known.fix Missing.Authorization MEDIUM" "notify-odoo 1.0.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ni-woo-sales-commission No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Commission.Update MEDIUM" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "novo-map No.known.fix CSRF MEDIUM" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newsmanapp 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nm-visitors No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Header HIGH" "nextcart-woocommerce-migration 3.9.5 Unauthenticated.SQL.Injection HIGH" "nextcart-woocommerce-migration 3.9.4 Reflected.Cross-Site.Scripting MEDIUM" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "nooz 1.7.0 Admin+.Stored.XSS LOW" "no-disposable-email No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "new-order-notification-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "notification-for-telegram 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Send.Telegram.Test.Message MEDIUM" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "nabz-image-gallery No.known.fix Unauthenticated.SQL.Injection CRITICAL" "narnoo-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "naver-blog-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "next-page No.known.fix Admin+.Stored.XSS LOW" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nino-social-connect No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "name-directory 1.30.1 Missing.Authorization MEDIUM" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "newpost-catch 1.3.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.npc.Shortcode MEDIUM" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "neon-product-designer-for-woocommerce No.known.fix Unauthenticated.SQL.Injection HIGH" "neon-product-designer-for-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "nasa-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nasa-core 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nasa-core No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "nasa-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nirweb-support No.known.fix Missing.Authorization MEDIUM" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "new-album-gallery 1.6.4 Authenticated.(Editor+).PHP.Object.Injection.via.Gallery.Meta HIGH" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "newspack-newsletters 3.14.0 Open.Redirect MEDIUM" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "next-event-calendar No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nexa-blocks No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "nexa-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "network-favorites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "news-magazine-and-blog-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.10 Authenticated.(Administrator+).Local.File.Inclusion HIGH" "newsletters-lite 4.9.9.9 Authenticated.(Contributor+).SQL.Injection.orderby.Parameter MEDIUM" "newsletters-lite 4.9.9.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "newsletters-lite 4.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "newsletters-lite 4.9.9.8 Reflected.Cross-Site.Scripting.via.To.Parameter MEDIUM" "newsletters-lite 4.9.9.7 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.newsletters_video.Shortcode MEDIUM" "newsletters-lite 4.9.9.2 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.3 Admin+.Command.Injection MEDIUM" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "nepali-date-converter 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "nautic-pages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "nacc-wordpress-plugin 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "network-posts-extended No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.post_height.Parameter MEDIUM" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "no-spam-at-all No.known.fix Missing.Authorization MEDIUM" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.8.25 Contributor+.Stored.XSS MEDIUM" "ninja-forms 3.8.23 Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.20 Unauthenticated.Stored.XSS.via.Form.Calculations HIGH" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.16 Reflected.Self-Based.Cross-Site.Scripting.via.Referer MEDIUM" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nmr-strava-activities 1.0.8 Contributor+.Stored.XSS MEDIUM" "news-ticker-for-elementor No.known.fix Missing.Authorization MEDIUM" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "navigation-du-lapin-blanc No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "netgsm 2.9.33 Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "ninja-page-categories-and-tags No.known.fix Admin+.Stored.XSS LOW" "news-articles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notice-faq No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms No.known.fix Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.5 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "namaste-lms 2.6.3 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "nativery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-element No.known.fix Contributor+.Stored.XSS MEDIUM" "news-element 1.0.6 Unauthenticated.LFI HIGH" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "ninja-gdpr-compliance 2.7.4 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.2 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "notibar 2.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notibar 2.1.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.njt_nofi_text MEDIUM" "notibar 2.1.5 Missing.Authorization.via.ajax_install_plugin MEDIUM" "newsletter2go No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Style.Reset MEDIUM" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "narnoo-commerce-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "navigation-tree-elementor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "new-user-approve 2.6.4 Missing.Authorization MEDIUM" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nicejob 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.7.2 Contributor+.Stored.XSS MEDIUM" "nicejob 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.6.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nextend-social-login-pro 3.1.17 Authentication.Bypass.via.Apple.OAuth.provider CRITICAL" "nextend-social-login-pro 3.1.15 Authentication.Bypass CRITICAL" "nblocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ngg-smart-image-search 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ngg-smart-image-search 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nurelm-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nhrrob-options-table-manager 1.1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "nextgen-cooliris-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "n-media-wp-simple-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninja-tables-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "nias-course No.known.fix Contributor+.Stored.XSS MEDIUM" "news-list No.known.fix Reflected.XSS HIGH" "notice-board-by-towkir No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nanosupport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nanosupport No.known.fix Missing.Authorization MEDIUM" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "newsletter-optin-box 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "opensheetmusicdisplay 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "os-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-notification-for-telegram No.known.fix Missing.Authorization.to.Unauthenticated.Send.Telegram.Test.Message MEDIUM" "oxygen-mydata 1.0.65 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "octrace-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "octrace-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "onlyoffice-docspace 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "opencart-product-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "odihost-easy-redirect-301 No.known.fix Cross-Site.Request.Forgery MEDIUM" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "one-backend-language No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "open-hours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "out-of-stock-badge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "orangebox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "open-graph-metabox No.known.fix CSRF MEDIUM" "os-bxslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "open-ai-search-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-import-export-for-woocommerce 2.6.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "order-import-export-for-woocommerce 2.6.1 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "order-import-export-for-woocommerce 2.6.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "order-import-export-for-woocommerce 2.6.1 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "os-diagnosis-generator No.known.fix Missing.Authorization MEDIUM" "office-locator No.known.fix Unauthenticated.SQL.Injection HIGH" "office-locator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ova-brw 1.8.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ova-brw 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opt-in-hound No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "oz-canonical No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "oppso-unit-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "open-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "oa-social-login 5.10.0 Authentication.Bypass CRITICAL" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "order-status-rules-for-woocommerce 3.7.2 Open.Redirect HIGH" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ota-sync-booking-engine-widget 1.3.0 Settings.Update.via.CSRF MEDIUM" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "orbisius-simple-notice 1.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "optimate-ads No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "oracle-cards 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "our-team-members 2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "onlywire-multi-autosubmitter No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "onlinecontract No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Import MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.4.7 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ocean-extra 2.4.7 Contributor+.Stored.XSS.via.'ocean_gallery_id' MEDIUM" "ocean-extra 2.4.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "oss-upload No.known.fix Cross-Site.Request.Forgery MEDIUM" "occupancyplan No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "occupancyplan No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ownerrez 1.2.1 Cross-Site.Request.Forgery MEDIUM" "order-delivery-pickup-location-date-time-free-version No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "oxygen 4.4 CSRF MEDIUM" "official-saleswizard-crm 1.0.4 Contributor+.Stored.XSS MEDIUM" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "otp-login No.known.fix Authentication.Bypass.via.Weak.OTP HIGH" "opcache No.known.fix Reflected.XSS HIGH" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "online-accessibility No.known.fix Missing.Authorization MEDIUM" "online-accessibility 4.19 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "online-accessibility 4.19 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "online-accessibility 4.19 Missing.Authorization MEDIUM" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "od-photogallery-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "osm No.known.fix Contributor+.Stored.XSS MEDIUM" "osm 6.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osm 6.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.osm_map.and.osm_map_v3.Shortcodes MEDIUM" "osm 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.0.4 Contributor+.SQL.Injection MEDIUM" "osm 6.0.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm 6.0.3 CSRF MEDIUM" "outdooractive-embed 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "openai-tools-for-wp-wc No.known.fix Missing.Authorization MEDIUM" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "om-stripe No.known.fix Reflected.XSS HIGH" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "olympus-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-audit-log-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos..Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "ops-robots-txt 2.0.1 Stored.XSS.via.CSRF HIGH" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "order-delivery-date 12.6.0 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "order-delivery-date 12.4.0 Reflected.XSS HIGH" "order-delivery-date 12.3.1 Unauthenticated.Arbitrary.Option.Update CRITICAL" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oshine-modules 3.3.8 Unauthenticated.Server-Side.Request.Forgery HIGH" "oshine-modules 3.3.8 Reflected.Cross-Site.Scripting MEDIUM" "order-post No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "os-our-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "omnileads-scripts-and-tags-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "onestore-sites No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "onestore-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "order-export-and-more-for-woocommerce 3.25 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "onlyoffice 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ootb-openstreetmap 2.8.4 Contributor+.Stored.XSS.via.ootb_query.Shortcode MEDIUM" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "offsprout-page-builder No.known.fix 2.15.2.-.Contributor+.Privilege.Escalation HIGH" "omnipress 1.5.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "omnipress 1.5.0 Contributor+.Stored.XSS MEDIUM" "ova-events-manager No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "optio-dentistry 2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneelements-ultimate-addons-for-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "option-editor No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "oik 4.15.2 Missing.Authorization MEDIUM" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "ok-poster-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "open-social No.known.fix Admin+.Stored.XSS LOW" "otter-blocks 3.0.7 Unauthetnicated.Path.Traversal.to.Arbitrary.Image.View MEDIUM" "otter-blocks 3.0.4 Gutenberg.Block.<.3.0.4.-.Missing.Authorization MEDIUM" "otter-blocks 3.0.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "order-attachments-for-woocommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-attachments-for-woocommerce 2.5.0 2.4.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "opencart-product-in-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "official-skrill-woocommerce 1.0.67 Settings.Update.via.CSRF MEDIUM" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "order-hours-scheduler-for-woocommerce 4.3.22 Reflected.Cross-Site.Scripting MEDIUM" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opal-woo-custom-product-variation 1.2.1 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "opal-woo-custom-product-variation 1.1.4 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "order-status-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "off-page-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ohio-extra No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "ovation-elements 1.1.3 Missing.Authorization MEDIUM" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-login No.known.fix Unauthenticated.Privilege.Esclation CRITICAL" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "online-appointment-scheduling-software No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "opal-portfolios No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onceki-yazi-linki No.known.fix Cross-Site.Request.Forgery MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "otpless No.known.fix 2.0.59.-.Unauthenticated.Arbitrary.Email.Update.to.Account.Takeover/Privilege.Escalation CRITICAL" "otpless 2.0.59 Reflected.Cross-Site.Scripting MEDIUM" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "opentracker-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "onoffice-for-wp-websites No.known.fix Missing.Authorization MEDIUM" "onoffice-for-wp-websites No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "oliver-pos 2.4.2.4 Sensitive.Information.Exposure.to.Privilege.Escalation CRITICAL" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "orbisius-child-theme-creator 1.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Cloud.Snippet.Update/Delete MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "omnify-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "opti-marketing 2.0.10 Unauthenticated.SQLi HIGH" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pojo-forms 1.4.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.form_preview_shortcode MEDIUM" "power-forms-builder No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "pago-redsys-tpv-grafreak 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice 1.7.6.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "post-grid 2.3.7 Unauthenticated.User.Information.Exposure MEDIUM" "post-grid 2.3.6 Unauthenticated.Paid.Order.Creation MEDIUM" "post-grid 2.3.4 2.3.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "post-grid 2.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.90 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.93 Contributor+.Stored.XSS MEDIUM" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "pricing-tables-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wdo_pricing_tables.Shortcode MEDIUM" "payday No.known.fix Missing.Authorization MEDIUM" "publish-post-email-notification 1.0.2.4 Cross-Site.Request.Forgery MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "pgall-for-woocommerce 5.3.3 Cross-Site.Request.Forgery MEDIUM" "pgall-for-woocommerce 5.2.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pgall-for-woocommerce 5.2.3 Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "pgall-for-woocommerce 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.pafw_instant_payment.Shortcode MEDIUM" "pdfjs-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "powerpack-lite-for-elementor 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.8.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "primer-mydata 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "primer-mydata 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "preloader-sws No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "personizely 0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.widgetId.Parameter MEDIUM" "pingmeter-uptime-monitoring No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "portfolleo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "password-protect-page 1.9.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-views-stats No.known.fix Reflected.Cross-Site.Scripting.via.from.and.to MEDIUM" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "paid-member-subscriptions 2.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.13.8 Authentication.Bypass.via.pms_payment_id CRITICAL" "paid-member-subscriptions 2.13.5 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "paid-member-subscriptions 2.13.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "paid-member-subscriptions 2.12.9 Reflected.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "product-code-for-woocommerce 1.5.1 Cross-Site.Request.Forgery.to.Database.Update MEDIUM" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-files 6.4.6.1 Insecure.Direct.Object.Reference.to.Unauthenticated.Sensitive.Information.Exposure.via.file_download MEDIUM" "pagelayer 2.0.1 Reflected.Cross-Site.Scripting.via.login_url.Parameter MEDIUM" "pagelayer 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "pagelayer 2.0.0 Missing.Authorization.to.Authenticated.(Contributor+).Post.Publication MEDIUM" "pagelayer 1.9.9 Authenticated.(Contributor+).Private.Post.Disclosure.in.pagelayer_builder_posts_shortcode MEDIUM" "pagelayer 1.9.9 Cross-Site.Request.Forgery.(CSRF).To.Post.Contents.Modification MEDIUM" "pagelayer 1.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.9.0 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "postmarkapp-email-integrator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "postmarkapp-email-integrator No.known.fix Missing.Authorization MEDIUM" "pretty-simple-popup-builder 1.0.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.10 Admin+.Stored.XSS LOW" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "post-meta-data-manager No.known.fix Authentciated.(Admin+).Multisite.Privilege.Escalation HIGH" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "publitio No.known.fix Contributor+.Arbitrary.File.Read MEDIUM" "publitio 2.1.9 Missing.Authorization MEDIUM" "publitio 2.1.9 Missing.Authorization MEDIUM" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "predict-when No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "progress-bar 2.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "pixelyoursite 10.1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "pixelyoursite 10.0.2 Settings.Update.via.CSRF MEDIUM" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "paypal-responder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "peachpay-for-woocommerce 1.113.0 Reflected.Cross-Site.Scripting MEDIUM" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "peters-custom-anti-spam-image 3.2.4 Cross-Site.Request.Forgery.via.cas_register_post.Function MEDIUM" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "playerjs 2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "pedalo-connector No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "permalink-finder No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "post-timeline 2.3.10 Reflected.XSS HIGH" "post-timeline 2.3.10 Reflected.Cross-Site.Scripting MEDIUM" "post-timeline 2.2.6 Reflected.XSS HIGH" "password-for-wp 1.6 Stored.XSS.via.CSRF HIGH" "property 1.0.7 1.0.6.-.Missing.Authorization.to.Authenticated.(Author+).Privilege.Escalation.via.property_package_user_role.Metadata.in.PayPal.Registration HIGH" "post-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-video-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-video-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-page-notes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "powers-triggers-of-woo-to-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pin-generator 2.0.1 Missing.Authorization MEDIUM" "pdf-for-wpforms 5.6.1 Missing.Authorization MEDIUM" "pdf-for-wpforms 5.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "pdf-for-wpforms 4.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.yeepdf_dotab.Shortcode MEDIUM" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "power-ups-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "poll-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pcrecruiter-extensions 1.4.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "page-health-o-meter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plethora-tabs-accordions 1.2 Contributor+.Stored.XSS MEDIUM" "plethora-tabs-accordions 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "price-alert-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "psw-login-and-registration No.known.fix Unauthenticated.Account.Takeover/Privilege.Escalation CRITICAL" "psw-login-and-registration No.known.fix Authentication.Bypass CRITICAL" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "phzoom No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "post-status-notifier 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "pojo-accessibility 3.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "post-read-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pta-volunteer-sign-up-sheets 5.5.5 Authenticated.(Admin+).Stored.Cross-site.Scripting MEDIUM" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "papercite No.known.fix Missing.Authorization MEDIUM" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "post-from-frontend No.known.fix Post.Deletion.via.CSRF MEDIUM" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "portfolio-builder-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "post-thumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pure-chat 2.41 Reflected.Cross-Site.Scripting.via.purechatWidgetName.Parameter MEDIUM" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "pixproof No.known.fix Missing.Authorization MEDIUM" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "passbeemedia-web-push-notifications No.known.fix Reflected.XSS HIGH" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-saint No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "peepso-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "post-to-pdf 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.7.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "password-protect-plugin-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "photo-gallery-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "pagerank-tools No.known.fix Reflected.XSS HIGH" "pdf-thumbnail-generator 1.4 Reflected.Cross-Site.Scripting MEDIUM" "pkt1-centro-de-envios 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "post-lockdown 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Disclosure MEDIUM" "pixelstats No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "portfolio-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posten-post-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-customizer-light No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "picsmize No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "podiant No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "paygreen-payment-gateway 1.0.27 Reflected.Cross-Site.Scripting MEDIUM" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pricingtable No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "push-monkey-desktop-push-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-delivery-date-for-woocommerce-lite 2.8.1 Lite.<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "profiler-what-slowing-down No.known.fix Missing.Authentication.to.Unauthenticated.Arbitrary.Plugin.Reactivation.via.State.Restoration MEDIUM" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "pie-register 3.8.4.1 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register 3.8.3.3 Unauthenticated.Arbitrary.File.Upload HIGH" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "postpage-import-export-with-custom-fields-taxonomies 2.0.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "postpage-import-export-with-custom-fields-taxonomies 2.0.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "poeditor 0.9.11 Cross-Site.Request.Forgery HIGH" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "pdf-rechnungsverwaltung No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "pixtypes No.known.fix Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "pure-css-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "protected-wp-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "post-type-x 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-x 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_products.Shortcode MEDIUM" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "planaday-api 11.5 Reflected.Cross-Site.Scripting MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "posts-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "photo-gallery 1.8.35 Photo.Gallery.by.10Web..Mobile-Friendly.Image.Gallery.<.1,8,35.Reflected.Cross-Site.Scripting.via.'image_id'.Parameter MEDIUM" "photo-gallery 1.8.34 Unauthenticated.Stored.XSS HIGH" "photo-gallery 1.8.33 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Admin+.Stored.XSS LOW" "photo-gallery 1.8.29 Admin+.Stored.XSS LOW" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pepro-bacs-receipt-upload-for-woocommerce 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "pgs-core 5.9.0 Missing.Authorization.via.Multiple.Functions HIGH" "pgs-core 5.9.0 Unauthenticated.PHP.Object.Injection CRITICAL" "pgs-core 5.9.0 Unauthenticated.SQL.Injection HIGH" "postmash-custom No.known.fix Unauthenticated.SQL.Injection CRITICAL" "plenigo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "preloader-for-divi 1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "poll-wp 2.4.7 Authenticated.(Administrator+).SQL.Injection.via.'s'.Parameter MEDIUM" "poll-wp 2.4.1 Admin+.SQLi MEDIUM" "poll-wp 2.4.0 Admin+.SQL.Injection MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "pixel-formbuilder No.known.fix Unauthenticated.SQL.Injection HIGH" "pixel-formbuilder No.known.fix Cross-Site.Request.Forgery MEDIUM" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting.via.'res'.Parameter MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting HIGH" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "projectopia-core 5.1.18 Missing.Authorization MEDIUM" "projectopia-core 5.1.17 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "projectopia-core No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "projectopia-core 5.1.8 Missing.Authorization.to.Privilege.Escalation.via.pto_reset_password() CRITICAL" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pin-locations-on-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "product-input-fields-for-woocommerce 1.12.1 Unauthenticated.Limited.File.Upload HIGH" "product-input-fields-for-woocommerce 2.0 .Contributor+.Arbitrary.File.Read MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "paypal-promotions-and-insights No.known.fix Missing.Authorization MEDIUM" "pixnet No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "performance-lab 2.3.0 CSRF MEDIUM" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "pluginpass-pro-plugintheme-licensing No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "portfolio-manager-powered-by-behance No.known.fix Missing.Authorization MEDIUM" "portfolio-manager-powered-by-behance No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "portfolio-manager-powered-by-behance No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "post-duplicator 2.36 Missing.Authorization MEDIUM" "post-duplicator 2.37 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "photo-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popup-maker 1.20.5 Contributor+.Stored.XSS.via.popupID.Parameter MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.0 Missing.Authorization MEDIUM" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "property-hive-stamp-duty-calculator 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-in-page-for-elementor 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion.via.post_type_ajax_handler() HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pcloud-backup No.known.fix Missing.Authorization MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.and.SQLi MEDIUM" "piotnetforms No.known.fix Authenticated.(Editor+).Path.Traversal LOW" "piotnetforms No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "piotnetforms No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "posts-and-products-views 2.1.1 Contributor+.Stored.XSS MEDIUM" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "pagepost-specific-social-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "pastebin-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 3.2.10 Admin+.Stored.XSS LOW" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "payu-india No.known.fix Authentication.Bypass CRITICAL" "payu-india 3.8.4 Unauthenticated.Privilege.Escalation CRITICAL" "payu-india No.known.fix Reflected.Cross-Site.Scripting.via.type HIGH" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "price-calc No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "pie-register-social-site 1.8 Authentication.Bypass.via.WordPress.com.OAuth.provider HIGH" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pwa-for-wp 1.7.73 Missing.Authorization MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pallet-packaging-for-woocommerce 1.1.16 Missing.Authorization MEDIUM" "particle-background No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pretix-widget 1.0.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "publishpress-authors 4.7.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "publishpress-authors 4.7.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "publishpress-authors 4.7.2 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.User.Email.Update.and.Account.Takeover HIGH" "popliup No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "pipdisqus No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "propertyshift No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "push-notification-mobile-and-web-app No.known.fix Missing.Authorization MEDIUM" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoshelter-official-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "pixobe-cartography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pixobe-cartography No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinterest-verify-meta-tag No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "post-and-page-builder 1.27.7 Path.Traversal.to.Authenticated.(Contributor+).Arbitrary.File.Read.via.template_via_url.Function MEDIUM" "post-and-page-builder 1.27.6 Contributor+.Stored.XSS MEDIUM" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "page-specific-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "popping-content-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "private-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "private-content No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "private-content No.known.fix Missing.Authorization MEDIUM" "private-content No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "pafacile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "pepro-ultimate-invoice No.known.fix Insecure.Direct.Object.Reference.to.Unauthenticated.Order.Information.Exposure MEDIUM" "pepro-ultimate-invoice 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "perfect-portal-widgets 3.0.4 Contributor+.Stored.XSS MEDIUM" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "personalize-woocommerce-cart-page 4.0 Missing.Authorization.to.Unuthenticated.Settings.Update MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "product-blocks 4.2.5 Missing.Authorization MEDIUM" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "paypal-gift-certificate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.wpppgc_plugin_options MEDIUM" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "product-notices-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "post-sync No.known.fix Reflected.XSS HIGH" "pronamic-google-maps 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-image-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-block 6.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Shortcode.Export MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "podamibe-twilio-private-call No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "product-websites-showcase No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "postman-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pf-timer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "printus-cloud-printing-for-woocommerce 1.2.7 Missing.Authorization MEDIUM" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "pj-news-ticker 1.9.6 Contributor+.Stored.XSS MEDIUM" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-lister-ebay No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "point-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point-maker 0.1.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "post-carousel-slider-for-elementor 1.6.0 Contributor+.Stored.XSS MEDIUM" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pricer-ninja-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prevent-direct-access 2.8.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "prevent-direct-access 2.8.8.3 2.8.8.2.-.Incorrect.Authorization.to.Authenticated.(Contributor+).Multiple.Media.Actions MEDIUM" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpress-multisite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "plugversions 0.0.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "popup-builder 4.3.5 Admin+.Stored.XSS LOW" "popup-builder 4.3.7 Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pro-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "push-notification-for-wp-by-pushassist No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "privy-crm-integration No.known.fix Missing.Authorization MEDIUM" "plugins-on-steroids No.known.fix Missing.Authorization MEDIUM" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "property-hive-mortgage-calculator 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.price.Parameter MEDIUM" "post-smtp 3.1.3 Authenticated.(Administrator+).SQL.Injection.via.columns.Parameter MEDIUM" "post-smtp 3.1.0 Unauthenticated.Stored.XSS HIGH" "post-smtp 2.9.12 Missing.Authorization.via.regenerate_qrcode() MEDIUM" "post-smtp 2.9.10 Admin+.SQLi MEDIUM" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "plezi 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "pushbiz No.known.fix Reflected.XSS HIGH" "persian-woocommerce-sms 7.1.0 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.3 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pages-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pta-member-directory 1.8.0 Missing.Authorization MEDIUM" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "profilepress-pro 4.11.2 Pro.<.4.11.2.-.Authentication.Bypass HIGH" "posts-in-page 1.3.0 Directory.Traversal HIGH" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "pw-bulk-edit 2.135 Cross-Site.Request.Forgery MEDIUM" "post-custom-templates-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "post-custom-templates-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "password-policy-manager 2.0.5 Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "payment-forms-for-paystack 4.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payment-forms-for-paystack 4.0.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "payment-forms-for-paystack 4.0.0 Contributor+.Stored.XSS MEDIUM" "portfolio-and-projects No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "pet-manager No.known.fix Reflected.XSS HIGH" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "page-and-post-restriction 1.3.7 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "post-meta 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "parallax-image 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.position.Parameter MEDIUM" "parallax-image 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dd-parallax.Shortcode MEDIUM" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "passwords-manager 1.5.1 Unauthenticated.SQL.Injection HIGH" "passwords-manager 1.5.1 Missing.Authorization.to.Authenticated.(Subscriber+).Add.Password.+.Update.Encryption.Key HIGH" "passwords-manager 1.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "popup-seo-optimized No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pripre No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "platformly 1.14 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.2 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.5 Missing.Authorinzation.to.Authenticated.(Subscriber+).Join.Group.Requests.Management MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.Messages.Disclosure MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Deletion MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.1 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "product-countdown-for-woocommerce 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "payments-stripe-gateway No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "page-and-post-lister No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "password-protected 2.7.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "planning-center-online-giving No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "post-and-page-reactions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-import-export-for-woo 2.5.1 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "product-import-export-for-woo 2.5.1 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "product-import-export-for-woo 2.5.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "product-import-export-for-woo 2.5.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "podclankova-inzerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "pollin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pollin No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "payment-qr-woo No.known.fix Missing.Authorization MEDIUM" "pdf-generator-addon-for-elementor-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-generator-addon-for-elementor-page-builder 2.0.1 Unauthenticated.Arbitrary.File.Download HIGH" "pdf-generator-addon-for-elementor-page-builder 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-tabs-for-woocommerce 1.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "paged-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peoplepond No.known.fix CSRF.to.Stored.XSS HIGH" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "page-takeover 1.1.7 Admin+.Stored.XSS LOW" "ploxel 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "postcasa No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "plestar-directory-listing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "parone 1.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-invoicing-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagopar-woocommerce-gateway 2.8.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "popularis-extra 1.2.8 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "popularis-extra 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "postapanduri No.known.fix Unauthenticated.SQL.Injection HIGH" "people-lists 2.0.0 Missing.Authorization MEDIUM" "ps-ads-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-types-carousel-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "printcart-integration 2.4.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "printcart-integration No.known.fix Unauthenticated.SQL.Injection HIGH" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "powies-uptime-robot No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "posts-per-cat 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pardot 2.1.1 Missing.Authorization MEDIUM" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "page-list 5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "personalization-by-flowcraft No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "popup-by-supsystic 1.10.30 Admin+.Remote.Code.Execution MEDIUM" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "push-notification-by-feedify 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.4.6 Reflected.XSS HIGH" "push-notification-by-feedify 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "plexx-elementor-extension 1.3.7 Contributor+.Stored.XSS MEDIUM" "posts-date-ranges No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "philantro 5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.donate.Shortcode MEDIUM" "philantro 5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "proranktracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "posts-table-filterable 1.0.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tableon_popup_iframe_button.Shortcode MEDIUM" "posts-table-filterable 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "posts-table-filterable No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "posts-table-filterable No.known.fix Missing.Authorization MEDIUM" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "product-notes-for-woocommerce 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "poll-maker 5.7.8 Unauthenticated.Race.Condition.to.Multi-Vote MEDIUM" "poll-maker 5.5.4 Admin+.Stored.XSS LOW" "poll-maker 5.6.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "poll-maker 5.5.7 Missing.Authorization MEDIUM" "poll-maker 5.5.5 Unauthenticated.HTML.Injection MEDIUM" "poll-maker 5.5.5 Cross-Site.Request.Forgery.to.Poll.Duplication MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Time-Based.SQL.Injection MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Poll.Settings MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).SQL.Injection.via.Order_by.Parameter MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "pdf2post No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "pdf-viewer-by-themencode 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "parallaxer-lite-parallax-effects-on-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phastpress 1.111 Open.Redirect MEDIUM" "pathomation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pathomation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "productive-commerce No.known.fix Unauthenticated.SQL.Injection HIGH" "porsline 1.1 Contributor+.SQL.Injection MEDIUM" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "posti-shipping 3.10.4 Cross-Site.Request.Forgery MEDIUM" "posti-shipping 3.10.4 Reflected.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.3 Full.Path.Disclosure MEDIUM" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.33 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "piotnet-addons-for-elementor 2.4.32 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "piotnet-addons-for-elementor 2.4.32 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "popup-box 3.2.5 Cross-Site.Request.Forgery MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.3 Cross-Site.Request.Forgery.via.ajax_transcript_delete.Function MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Feed.Name MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.1 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.1.24 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.1.17 Authenticated.(Admin+).Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "product-quantity-dropdown-for-woocommerce 1.3 Cross-Site.Request.Forgery MEDIUM" "playlist-for-youtube 1.40 Editor+.Stored.XSS LOW" "postbox-email-logs 1.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Export MEDIUM" "post-grid-elementor-addon 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "pardakht-delkhah 2.9.9 Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "pretty-file-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pull-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "pakkelabels-for-woocommerce 5.0.4 Missing.Authorization.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plugin-central No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pdf-embedder-fay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prime-addons-for-elementor 2.0.2 Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.pae_global_block.Shortcode MEDIUM" "pods 3.2.8.2 Admin+.SQL.Injection MEDIUM" "pods 3.2.8.1 Admin+.Stored.XSS LOW" "pods 3.2.7.1 Admin+.Stored.XSS LOW" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "persian-woocommerce-shipping 4.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "progress-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "primary-addon-for-elementor 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.6.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "primary-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photo-gallery-builder No.known.fix Missing.Authorization MEDIUM" "pricing-table-addon-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "phplist-form-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pootle-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "profitori No.known.fix 2.1.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "personal-favicon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-feed No.known.fix Reflected.XSS HIGH" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "polldaddy No.known.fix Cross-Site.Request.Forgery MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "popup-surveys No.known.fix Missing.Authorization MEDIUM" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "profile-widget-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "posturinn 1.3.3 Reflected.XSS HIGH" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "polylang-supertext No.known.fix Stored.XSS.via.CSRF HIGH" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-link 3.6.16 Missing.Authorization MEDIUM" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "picture-gallery No.known.fix Unauthenticated.Stored.XSS HIGH" "picture-gallery 1.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videowhisper_picture_upload_guest.Shortcode MEDIUM" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.9.2 Missing.Authorization MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.8 .Unauthenticated.Arbitrary.Filter.Call HIGH" "profit-products-tables-for-woocommerce 1.0.6.7 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.woot_get_smth HIGH" "profit-products-tables-for-woocommerce 1.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.woot_button.Shortcode MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pie-calendar 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piecal.Shortcode MEDIUM" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paytm-donation No.known.fix Admin+.Stored.XSS LOW" "paytm-donation 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "post-status-notifier-lite 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "pop-up No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality 2.12.1 Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "porto-functionality 2.12.1 Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "post-layouts No.known.fix Contributor+.Stored.XSS MEDIUM" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "premium-seo-pack 1.6.002 Authenticated.(Contributor+).SQL.Injection MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "paritypress 1.0.1 Admin+.Stored.XSS LOW" "premium-addons-for-elementor 4.11.9 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.57 Missing.Authorization LOW" "premium-addons-for-elementor 4.10.61 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Video.Box.Widget MEDIUM" "premium-addons-for-elementor 4.10.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Media.Grid.Widget MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "picu 2.4.1 Missing.Authorization MEDIUM" "product-blocks-for-woocommerce 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpress 11.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "powerpress 11.12.6 Contributor+.Stored.XSS MEDIUM" "powerpress 11.12.7 Contributor+.SSRF LOW" "powerpress 11.9.18 Author+.XSS.via.Podcast.URL MEDIUM" "powerpress 11.9.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.skipto.Shortcode MEDIUM" "powerpress 11.9.18 Author+.XSS MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "project-panorama-lite No.known.fix Admin+.Stored.XSS LOW" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "piwigopress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.1.1 Reflected.XSS HIGH" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "pretty-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pretty-url No.known.fix Cross-Site.Request.Forgery MEDIUM" "pretty-url No.known.fix Admin+.Stored.XSS.in.plugin.settings LOW" "post-author No.known.fix Cross-Site.Request.Forgery MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "payflex-payment-gateway 2.6.2 Open.Redirect MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.2 Admin+.Stored.XSS LOW" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "profile-builder 3.13.9 Unauthenticated.Content.Spoofing MEDIUM" "profile-builder 3.13.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.user_meta.and.compare.Shortcodes MEDIUM" "profile-builder 3.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "profile-builder 3.13.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "photokit No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "prayer-times-anywhere No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "prezi-embedder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "ppv-live-webcams 7.3.12 Authentication.Bypass CRITICAL" "ppv-live-webcams 7.3.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-for-woocommerce 5.4.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "pdf-for-woocommerce 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "push-envoy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.30.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.30.0 Contributor+.Stored.XSS MEDIUM" "paypal-payment-button-by-vcita 3.20.0 CSRF.to.Stored.XSS.in.settings.page MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership No.known.fix Reflected.Cross-Site.Scripting HIGH" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "post-carousel-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "product-subtitle-for-woocommerce 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htmlTag.Parameter MEDIUM" "plugins-last-updated-column 0.1.4 Cache.Clear.via.CSRF MEDIUM" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pearl-header-builder No.known.fix Cross-Site.Request.Forgery MEDIUM" "pearl-header-builder No.known.fix Missing.Authorization MEDIUM" "pearl-header-builder 1.3.9 Cross-Site.Request.Forgery.to.Header.Deletion MEDIUM" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "postify-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-express-checkout No.known.fix Cross-Site.Request.Forgery MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "provide-forex-signals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "planyo-online-reservation-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "private-only No.known.fix CSRF.&.XSS HIGH" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "push-notification-for-post-and-buddypress 2.12 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "push-notification-for-post-and-buddypress 2.08 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "powerpack-addon-for-beaver-builder 1.3.1 Reflected.Cross-Site.Scripting.via.Navigate.Parameter MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "passwordless-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-table-for-woocommerce 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payment-form-for-paypal-pro 1.1.73 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "premium-blocks-for-gutenberg 2.1.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.5 Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "photographer-connections No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-for-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "pay-with-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "pay-with-contact-form-7 No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "product-puller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postlists No.known.fix Reflected.XSS MEDIUM" "post-ideas No.known.fix Unauthenticated.SQL.Injection HIGH" "platformly-for-woocommerce 1.1.7 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "precious-metals-chart-and-widgets 1.2.9 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ppo-call-to-actions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "plinks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "protect-your-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "pit-login-welcome No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peekaboo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "preloader-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "print-science-designer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "print-science-designer No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "print-science-designer 1.3.153 Unauthenticated.PHP.Object.Injection HIGH" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "pjw-mime-config No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "persian-nested-showhide-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paytium 4.4.12 Unauthenticated.Full.Path.Disclosure MEDIUM" "paytium 4.4.11 Missing.Authorization MEDIUM" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "proofreading 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.1 Reflected.XSS HIGH" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pdf-catalog-woocommerce 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "pegapoll No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "pie-register-premium 3.8.3.3 Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "pie-register-premium 3.8.3.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register-premium 3.8.3.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "processing-projects No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "processing-projects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "page-views-count 2.8.5 2.8.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pesapal-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "policy-genius No.known.fix Reflected.XSS HIGH" "plms No.known.fix Authenticated.(Salesman+).Arbitrary.File.Upload HIGH" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peprodev-ups No.known.fix 7.5.2.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "peprodev-ups No.known.fix 7.5.2.-.Limited.Unauthenticated.Arbitrary.User.Meta.Update HIGH" "peprodev-ups No.known.fix 7.5.2.-.Unauthenticated.Email.Enumeration MEDIUM" "price-calculator-to-your-website No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "product-designer 1.0.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "prodigy-commerce 3.1.3 Missing.Authorization LOW" "prodigy-commerce 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixabay-images No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pepro-cf7-database No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "pepro-cf7-database 1.9.0 Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "page-parts 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "pdf-viewer-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.6.8.8 Unauthenticated.SQL.Injection HIGH" "quiz-maker 31.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 8.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 21.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 8.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 21.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 31.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "quiz-master-next 9.2.1 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.3 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "qr-master No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quran-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-learn No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "qubotchat 1.1.6 Qubotchat.<.1,1,6..Admin+.Stored.XSS LOW" "quick-license-manager 2.4.18 Reflected.Cross-Site.Scripting MEDIUM" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "qrcode-wprhe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-interest-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "qs-dark-mode No.known.fix Missing.Authorization MEDIUM" "qs-dark-mode 3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "qubely 1.8.14 Contributor+.Sensitive.Information.Exposure LOW" "qubely 1.8.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'align'.and.'UniqueID' MEDIUM" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "qode-essential-addons 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "quietly-insights No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "quran-text-multilanguage 2.3.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quran-text-multilanguage 2.3.22 Reflected.Cross-Site.Scripting.via.sourate.and.lang.Parameters MEDIUM" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "quickcal No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "quickcal No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "quotes-llama 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "quick-localization No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quote-me No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quickcab No.known.fix Missing.Authorization MEDIUM" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "qodeblock No.known.fix Missing.Authorization MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "question-answer No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "question-answer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "question-answer No.known.fix Missing.Authorization MEDIUM" "qards No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quizzin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quran-phrases-about-most-people-shortcodes 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "quick-contact-form 8.2.2 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quote-tweet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "qrmenu-lite No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "qc-simple-link-directory No.known.fix Missing.Authorization MEDIUM" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "quick-event-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "quick-adsense-reloaded 2.0.88 Missing.Authorization MEDIUM" "quick-adsense-reloaded 2.0.88 Unauthenticated.SQL.Injection HIGH" "quick-adsense-reloaded 2.0.85 Missing.Authorization MEDIUM" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "quentn-wp 1.2.9 Unauthenticated.Privilege.Escalation CRITICAL" "quentn-wp 1.2.9 Unauthenticated.SQL.Injection HIGH" "qr-code-and-barcode-scanner-reader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "quadmenu 3.2.1 Cross-Site.Request.Forgery.to.Limited.User.Meta.Update MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "qi-addons-for-elementor 1.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.1 Sensitive.Information.Exposure MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "quotemedia-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quizlord No.known.fix Admin+.Stored.XSS LOW" "quiz-cat 3.0.9 Missing.Authorization MEDIUM" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quillforms 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "query-wrangler 1.5.55 Cross-Site.Request.Forgery MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "quick-count No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quform 2.21.0 WordPress.Form.Builder.<.2.21.0.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "qa-heatmap-analytics 4.1.1.2 Unauthenticated.Settings.Update MEDIUM" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quote-comments No.known.fix Stored.XSS.via.CSRF HIGH" "querywall No.known.fix Admin+.SQLi MEDIUM" "quote-post-type-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qmean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qr-code-tag-for-wc-from-goaskle-com No.known.fix Cross-Site.Request.Forgery MEDIUM" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "quiz-organizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.via.ToC.Block MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.via.Counter.Block MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.vi.Countdown.Block MEDIUM" "qi-blocks 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "reverbnation-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsvpmaker 11.5.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvpmaker No.known.fix Unauthenticated.SQL.Injection HIGH" "rsvpmaker 11.4.6 Missing.Authorization MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "related-post 2.0.60 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-post 2.0.59 Sensitive.Information.Exposure MEDIUM" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "recaptcha-for-all 2.27 Cross-Site.Request.Forgery MEDIUM" "recaptcha-for-all 2.23 Cross-Site.Request.Forgery MEDIUM" "really-simple-ssl-pro 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "review-schema 2.2.5 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "rsv-360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rise-blocks 3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TitleTag.Parameter MEDIUM" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "real3d-flipbook-lite 4.8.5 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "rsv-pdf-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rsvpmaker-volunteer-roles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-lightbox 2.5.2 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox 2.5.1 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Author+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rankology-seo-all-in-one-seo-analytics 2.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "rizzi-guestbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 25.0513 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.1015 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-cookie-banner 5.1.6 Admin+.Stored.XSS LOW" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "rsvpmaker-for-toastmasters 6.2.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "reactflow-session-replay-heatmap No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "responsive-accordion-tabs 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "raphicon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "reviewstap 1.1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "remove-date-and-gravatar-under-comment No.known.fix Cross-Site.Request.Forgery MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rs-wp-books-showcase No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "rs-wp-books-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "redirection-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recently 3.0.5 Authenticated.Code.Injection HIGH" "recover-wc-abandoned-cart No.known.fix Unauthenticated.SQL.Injection HIGH" "recover-wc-abandoned-cart 2.3 Cross-Site.Request.Forgery MEDIUM" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "rsv-google-maps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 3.4.4 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Disclosure MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "responsive-google-maps 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "restrict-content 3.2.14 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-addons-for-elementor 1.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'rael_title_tag' MEDIUM" "responsive-addons-for-elementor 1.6.9 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restrict-anonymous-access 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurantconnect-reswidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "rescue-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rescue-shortcodes 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rescue_progressbar.Shortcode MEDIUM" "rescue-shortcodes 2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "radslide No.known.fix Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.13.4 Admin+.Stored.XSS LOW" "registrations-for-the-events-calendar 2.12.4 Unauthenticated.Stored.XSS HIGH" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "rduplicator No.known.fix Contributor+.SQLi HIGH" "report-broken-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "report-broken-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "razorpay-payment-button-elementor 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "rio-video-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rs-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "restropress No.known.fix Reflected.Cross-Site.Scripting HIGH" "restropress No.known.fix Missing.Authorization MEDIUM" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "replace-default-words No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "rometheme-for-elementor 1.5.3 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.5.3 Contributor+.Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "rometheme-for-elementor 1.5.4 Missing.Authorization.in.save_options.and.reset_widgets MEDIUM" "rometheme-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "richtexteditor No.known.fix Missing.Authorization MEDIUM" "richtexteditor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ra-qrcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "relentlosoftware No.known.fix Missing.Authorization MEDIUM" "revisionary 3.5.16 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "revisionary 3.5.15 Reflected.Cross-Site.Scripting MEDIUM" "rucy No.known.fix CSRF.Bypass MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "rng-refresh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rentsyst 2.0.93 Stored.XSS.via.CSRF HIGH" "realteo 1.2.9 Real.Estate.Plugin.by.Purethemes.<.1.2.9.-.Authentication.Bypass.via.'do_register_user' CRITICAL" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "radius-blocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "radius-blocks 2.2.0 Cross-Site.Request.Forgery MEDIUM" "radius-blocks 2.2.0 Contributor+.Stored.XSS MEDIUM" "related-posts 1.8.2 XSS MEDIUM" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "rws-enquiry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recently-purchased-products-for-woo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.view.Parameter MEDIUM" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "rich-web-share-button No.known.fix Unauthenticated.SQL.Injection CRITICAL" "rich-web-share-button No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "riovizual No.known.fix Cross-Site.Request.Forgery MEDIUM" "rselements-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "random-featured-post-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "revenueflex-easy-ads 1.5.1 Missing.Authorization.to.Authenticated.(Editor+).Settings.Update LOW" "responsivity No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "restricted-content 2.2.9 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rewardsystem No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "responsive-youtube-videos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "revslider 6.7.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "recaptcha-jetpack No.known.fix Cross-Site.Request.Forgery MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.24.6 Unauthenticated.Stored.Cross-Site.Scripting.via.Excerpt.Highlights MEDIUM" "relevanssi 4.24.5 Unauthenticated.SQL.Injection HIGH" "relevanssi 4.24.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Search.Highlights MEDIUM" "relevanssi 4.23.1 Contributor+.Stored.XSS MEDIUM" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rollbar No.known.fix Cross-Site.Request.Forgery MEDIUM" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "related-posts-line-up-exactry-by-milliard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "responsive-client-logo-carousel-slider 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "royal-elementor-addons 1.7.1021 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1018 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1018 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.3.979 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1013 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1007 Admin+.SSRF LOW" "royal-elementor-addons 1.7.1013 Contributor+.DOM-Based.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1008 Reflected.XSS HIGH" "royal-elementor-addons 1.7.1007 Stored.XSS.via.CSRF HIGH" "royal-elementor-addons 1.7.1002 Missing.Authorization LOW" "royal-elementor-addons 1.7.1002 Reflected.Cross-Site.Scripting HIGH" "royal-elementor-addons 1.7.1 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1004 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Google.Maps.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Author+).External.Entity.Injection MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Subscriber+).Private.Post.Disclosure MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "royal-core No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "real-time-validation-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "real-time-validation-for-gravity-forms No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "real-time-validation-for-gravity-forms No.known.fix Cross-Site.Request.Forgery MEDIUM" "rss-feed-widget 3.0.1 Reflected.XSS MEDIUM" "rss-feed-widget 3.0.0 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rfw-youtube-videos.Shortcode MEDIUM" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rs-members No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rover-idx 3.0.0.2905 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "rover-idx 3.0.0.2906 Authenticated.(Subscriber+).Authentication.Bypass.to.Administrator HIGH" "reciply No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "review-wave-google-places-reviews No.known.fix Cross-Site.Request.Forgery MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "rebuild-permalinks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rebrand-fluent-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "rezgo 4.17.1 Unauthenticated.Local.File.Inclusion HIGH" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "revi-io-customer-and-product-reviews 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "restrict-taxonomies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restaurant-reservations 2.6.30 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "redirect-to-welcome-or-landing-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "relogo No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "randomtext No.known.fix Subscriber+.SQLi HIGH" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rlm-elementor-widgets-pack 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "random-image-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revolut-gateway-for-woocommerce 4.17.4 Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "responsive-iframe No.known.fix Contributor+.Stored.XSS HIGH" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "robo-maps No.known.fix Google.Maps.<=.1.0.6.-.Contributor+.Stored.XSS MEDIUM" "rest-api-to-miniprogram No.known.fix Cross-Site.Request.Forgery MEDIUM" "rest-api-to-miniprogram 4.7.6 Unauthenticated.Arbitrary.User.Email.Update.and.Privilege.Escalation.via.Account.Takeover CRITICAL" "rest-api-to-miniprogram No.known.fix Unauthenticated.SQL.Injection HIGH" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "review-stars-count-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "reloaded-rezdy No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "rest-api-fns No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "rest-api-fns No.known.fix Privilege.Escalation CRITICAL" "right-click-disable-or-ban 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "relais-2fa No.known.fix Authentication.Bypass CRITICAL" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rac No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "reservit-hotel 3.0 Admin+.Stored.XSS LOW" "recently-viewed-most-viewed-and-sold-products-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "rootspersona No.known.fix Cross-Site.Request.Forgery MEDIUM" "rootspersona No.known.fix Missing.Authorization MEDIUM" "revive-so No.known.fix Missing.Authorization MEDIUM" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "rewp 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "recipes-writer No.known.fix XSS MEDIUM" "rig-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realtyna-provisioning 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "reaction-buttons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "responsive-flipbooks No.known.fix Missing.Authorization MEDIUM" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "realtycandy-idx-broker-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "related-post-shortcode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "real-estate-manager No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "real-estate-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "real-estate-manager No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "real-estate-manager No.known.fix CAPTCHA.Bypass MEDIUM" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "recipepress-reloaded No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "reactive-mortgage-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "razorpay-payment-button 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "relevanssi-premium 2.27.7 Unauthenticated.Stored.Cross-Site.Scripting.via.Excerpt.Highlights MEDIUM" "relevanssi-premium 2.27.5 Unauthenticated.SQL.Injection HIGH" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "r-animated-icon No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rss-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rename-author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revision-diet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "rss-news-scroller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "rating-bws No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "really-simple-ssl-pro-multisite 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "related-posts-via-categories No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reportattacks 2.33 Authenticated.(Admin+).SQL.Injection MEDIUM" "read-more No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Read.More.Button.Deletion MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "razorpay-subscription-button-elementor 1.0.4 Reflected.Cross-Site.Scripting.via.add_query_arg.and.remove_query_arg.Functions MEDIUM" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "rrssb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-more-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ragic-shortcode 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rife-elementor-extensions 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Shortcode MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "registered-user-sync-activecampaign No.known.fix Missing.Authorization MEDIUM" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "real-estate-listing-realtyna-wpl 4.14.14 Admin+.Arbitrary.File.Upload MEDIUM" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "regpack No.known.fix Admin+.Stored.XSS LOW" "responsive-flipbook No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rabbit-loader 2.21.1 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-jquery-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "rss-icon-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "responsify-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "random-banner No.known.fix Contributor+.Stored.XSS MEDIUM" "random-banner No.known.fix Admin+.Stored.XSS LOW" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "responsive-flickr-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "residential-address-detection 2.5.5 Missing.Authorization MEDIUM" "residential-address-detection 2.5.5 Unauthenticated.Arbitrary.Options.Update CRITICAL" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rocket-media-library-mime-type No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "ratemyagent-official 1.5.0 Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "real-time-auto-find-and-replace 1.6.8 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "resads No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "resads No.known.fix Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "redux-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rss-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "rankchecker-io-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "robokassa 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "romancart-on-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-block-editor-addons 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.section_tag.Parameter MEDIUM" "responsive-block-editor-addons 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "root-cookie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "repayment-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "remote-images-grabber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revechat No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "rock-form-builder 2.5 Privilege.Escalation HIGH" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "recapture-for-woocommerce 1.0.44 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "rollover-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "r3w-instafeed No.known.fix Reflected.XSS HIGH" "rapid-cache No.known.fix Unauthenticated.Cache.Poisoning HIGH" "responsive-gallery-grid 2.3.15 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "really-simple-ssl 9.2.0 Cross-Site.Request.Forgery MEDIUM" "really-simple-ssl 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "related-posts-via-taxonomies No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.24 Admin+.Stored.XSS LOW" "robo-gallery 3.2.22 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Gallery.Title.Disclosure MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "responsive-data-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revampcrm-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "restrict-user-registration No.known.fix Restrict.User.Registration.<=.1,0,1..Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rdp-ingroups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "runners-log No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "referrer-detector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "rss-in-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "related-posts-list-grid-and-slider-all-in-one No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.6.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-add-ons 3.2.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "responsive-add-ons 3.2.1 Missing.Authorization MEDIUM" "responsive-add-ons 3.2.0 Missing.Authorization MEDIUM" "responsive-add-ons 3.1.5 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.remote_request MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "realty-workstation No.known.fix Missing.Authorization MEDIUM" "realty-workstation No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "realty-workstation 1.0.15 Agent.SQLi HIGH" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.7.15 Authenticated.(Administrator+).SQL.Injection MEDIUM" "rsvp 2.7.14 Missing.Authorization MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "restrict-file-access No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rich-table-of-content 1.4.1 Missing.Authorization MEDIUM" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "real-wp-shop-lite No.known.fix Admin+.Stored.XSS LOW" "random-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reformer-elementor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "raychat 2.2.0 Missing.Authorization MEDIUM" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reftagger-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-under-construction No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "readme-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "related-videos-for-jw-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rate-own-post No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "raisely-donation-form 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.raisely_donation_form.Shortcode MEDIUM" "reset 1.7 Cross-Site.Request.Forgery.to.Database.Reset HIGH" "rightmessage No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "radio-player 2.0.85 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.79 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rio-photo-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recent-backups No.known.fix Remote.File.Download HIGH" "review-manager No.known.fix Missing.Authorization MEDIUM" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "request-call-back No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvp-me No.known.fix Unauthenticated.SQL.Injection HIGH" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rimons-twitter-widget 1.3 XSS MEDIUM" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-stream 1.6.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rss-feed-post-generator-echo 5.4.8.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rss-feed-post-generator-echo 5.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rafflepress 1.12.17 Admin+.Stored.XSS LOW" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "responsive-filterable-portfolio 1.0.9 Authenticated.(Admin+).SQL.Injection MEDIUM" "responsive-filterable-portfolio 1.0.23 Server-Side.Request.Forgery MEDIUM" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "rdp-wiki-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "revy No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "revy No.known.fix Unauthenticated.SQL.Injection HIGH" "revy No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "rays-grid No.known.fix Cross-Site.Request.Forgery MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "rate-my-post 4.2.5 Unauthenticated.Voting.On.Scheduled.Posts MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rccp-free No.known.fix Stored.XSS.via.CSRF HIGH" "real-cookie-banner-pro 5.1.6 Admin+.Stored.XSS LOW" "recent-posts-slider-responsive No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-google-map No.known.fix Missing.Authorization MEDIUM" "realty 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "read-more-copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "rdp-linkedin-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "risk-warning-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "roi-calculator 1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ravpage 2.33 PHP.Object.Injection CRITICAL" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "rewrite No.known.fix Cross-Site.Request.Forgery MEDIUM" "rps-include-content 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rocket-wp-mobile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "svegliat-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-content-construction-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "so-called-air-quotes No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "salon-booking-plugin-pro-cc No.known.fix Missing.Authorization MEDIUM" "sendpulse-web-push 1.3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "speedsize-ai-image-optimizer 1.5.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "svgator 1.3.3 Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "spotlight-social-photo-feeds-premium 1.7.2 Social.Media.Feeds.(Premium).<.1.7.2.-.Unauthenticated.Information.Exposure MEDIUM" "slicko-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-amazon-affiliate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "show-me-the-cookies No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "salesforce-wordpress-to-candidate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-lightbox-gallery No.known.fix Author+.Stored.XSS MEDIUM" "simple-lightbox-gallery 1.10.0 .Contributor+.PHP.Object.Injection MEDIUM" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.13 Authenticated.(Admin+).SQL.Injection MEDIUM" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "styler-for-ninja-forms-lite No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Deletion.via.deactivate_license MEDIUM" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "salvador-ai-image-generator No.known.fix Missing.Authorization MEDIUM" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "simple-local-avatars 2.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Cache.Clearing MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stafflist No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "stafflist No.known.fix Missing.Authorization MEDIUM" "stafflist 3.2.4 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "softtemplates-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "sports-rankings-lists No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "style-manager No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "small-package-quotes-ups-edition 4.5.17 Unauthenticated.SQL.Injection HIGH" "shopperapproved-reviews 2.2 2.1.-..Subscriber+.Arbitrary.Options.Update HIGH" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "shared-files 1.7.49 Unauthenticated.Stored.Cross-Site.Scripting.via.sanitize_file.Function HIGH" "shared-files 1.7.43 Limited.Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "sales-page-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "simple-catalogue No.known.fix Reflected.XSS HIGH" "shop-assistant-for-woocommerce-jarvis 2.9.2 Missing.Authorization MEDIUM" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "super-block-slider 2.8 Missing.Authorization MEDIUM" "stop-spammer-registrations-plugin No.known.fix Cross-Site.Request.Forgery.to.Multiple.Administrative.Actions MEDIUM" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "stripe-manager No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "stklcode-liveticker 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shipengine-shipping-quotes 1.0.8 Unauthenticated.SQL.Injection HIGH" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "skt-nurcaptcha 3.6.0 Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "simple-payment 2.3.8 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "singsong No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ssv-events No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "sh-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "stock-locations-for-woocommerce 2.8.7 Missing.Authorization MEDIUM" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "safe-svg 2.2.6 Author+.SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "site-search-360 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "site-search-360 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "simple-google-photos-grid 1.6 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "snap-pixel No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel No.known.fix Admin+.Stored.XSS LOW" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "search-with-typesense 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "search-with-typesense 2.0.9 Authenticated.(Admin+).Path.Traversal LOW" "simple-signup-form No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "suki-sites-import No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "simple-keyword-to-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-gallery-odihost No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-gallery-odihost No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "subscribe-to-comments 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "stageshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor.Parameter MEDIUM" "stageshow 10.0 Reflected.Cross-Site.Scripting MEDIUM" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "sema-api 5.30 Reflected.Cross-Site.Scripting.via.catid.Parameter MEDIUM" "sema-api 4.02 Unauthenticated.SQLi HIGH" "spiraclethemes-site-library No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "sopa-blackout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "social-login-wp No.known.fix CSRF MEDIUM" "stax-buddy-builder 1.8.0 Contributor+.Post.Disclosure MEDIUM" "simple-baseball-scoreboard No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "soj-soundslides No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "smtp-amazon-ses 1.9 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "smtp-amazon-ses 1.9 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "staff-directory-pro No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "staff-directory-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "shiptimize-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "shiptimize-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-google-maps-short-code 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "social-auto-poster 5.3.16 Cross-Site.Request.Forgery MEDIUM" "social-auto-poster 5.3.16 Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "stackable-ultimate-gutenberg-blocks 3.13.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.7 Unauthenticated.CSS.Injection MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-google-static-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "simple-shortcode-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-social-link No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "simple-link-directory 8.4.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "school-management-system 4.2 Admin+.SQLi MEDIUM" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "simple-business-directory-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "streamweasels-kick-integration 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.status-classic-offline-text.Parameter MEDIUM" "streamweasels-kick-integration 1.1.2 Blocks.and.Shortcodes.for.Embedding.Kick.Streams.<.1.1.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-kick-embed.Shortcode MEDIUM" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "smooth-gallery-replacement No.known.fix CSRF.to.Stored.XSS HIGH" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-presenter 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "send-booking-invites-to-friends No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "service No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "schedule No.known.fix Unauthenticated.SQL.Injection HIGH" "schedule No.known.fix Reflected.XSS HIGH" "supersaas-appointment-scheduling 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.after.Parameter MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-polls-by-opinionstage 19.10.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "share-buttons No.known.fix Admin+.Stored.XSS LOW" "share-buttons No.known.fix Unauthenticated.Image.Upload.&.Path.Traversal MEDIUM" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-membership-custom-messages 2.5 Reflected.Cross-Site.Scripting MEDIUM" "ssv-mailchimp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "social-warfare 4.5.6 Contributor+.Stored.XSS MEDIUM" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "shockingly-big-ie6-warning No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-notify No.known.fix Missing.Authorization MEDIUM" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saksh-escrow-system No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "s2member-pro 250419 Authenticated.(Contributor+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode HIGH" "s2member-pro 250214 Unauthenticated.PHP.Object.Injection CRITICAL" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Arbitrary.Plugin.Installation HIGH" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Arbitrary.Plugin.Activation HIGH" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "show-notice-or-message-on-admin-area No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seraphinite-accelerator-ext 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "super-socializer 7.14.1 Unauthenticated.Limited.SQL.Injection.via.'SuperSocializerKey' MEDIUM" "super-socializer 7.14 Authentication.Bypass HIGH" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "simple-dashboard No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "simple-contact-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seo-nutrition-and-print-for-recipes-by-edamam No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "seo-meta-tags No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "shmapper-by-teplitsa 1.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spider-contacts No.known.fix Reflected.XSS HIGH" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "slidedeck-lite-for-wordpress No.known.fix Reflected.XSS HIGH" "shoutcast-icecast-html5-radio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "socialsnap 1.4 Admin+.Stored.XSS LOW" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "salert 1.2.2 Reflected.XSS HIGH" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "spoiler-block No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slim-seo 4.5.5 Authenticated.(Administrator+).SQL.Injection MEDIUM" "slim-seo 4.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slim_seo_breadcrumbs.Shortcode MEDIUM" "services-section 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smartemailing 2.2.6 Reflected.Cross-Site.Scripting MEDIUM" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "stylish-price-list 7.1.12 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "seo-keywords No.known.fix Reflected.Cross-Site.Scripting.via.google_error.Parameter MEDIUM" "subaccounts-for-woocommerce 1.6.7 Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "subaccounts-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting HIGH" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stream 4.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "simple-wp-events 1.9.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simple-wp-events 1.9.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-wp-events 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-comment-editing 3.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "sight 1.1.3 Missing.Authorization.to.Sensitive.Information.Exposure.in.handler_post_title MEDIUM" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "stedb-forms No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "svg-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "system-dashboard 2.8.19 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "system-dashboard 2.8.18 Reflected.Cross-Site.Scripting.via.Filename.Parameter MEDIUM" "system-dashboard 2.8.15 Admin+.Path.Traversal MEDIUM" "system-dashboard 2.8.15 Unauthenticated.Stored.XSS HIGH" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "skt-skill-bar 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "social-crowd No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "shorten-url No.known.fix Subscriber+.SQLi HIGH" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slidedeck2 2.3.5 Unspecified.File.Inclusion CRITICAL" "sitemap-index No.known.fix Admin+.XSS LOW" "specific-content-for-mobile 0.5.4 Missing.Authorization MEDIUM" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "soumettre-fr 2.1.4 Missing.Authorization MEDIUM" "serped-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "serped-net 4.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "simple-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "site-mode No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-website-logo No.known.fix Missing.Authorization MEDIUM" "skip-to No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stratum 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Vulnerability.via.Image.Hotspot.Widget MEDIUM" "stratum 1.4.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scheduled No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "speakpipe-voicemail-for-websites No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "seo-beginner-auto-post No.known.fix Missing.Authorization.to.File.Overwrite/Upload.(Remote.Code.Execution) CRITICAL" "subscriptiondna 2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "scroll-to-top-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "simple-add-pages-or-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "sidebar-manager-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "sidebar-manager-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-forms No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "seo-bulk-editor No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "simple-download-monitor 3.9.26 Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-in-comment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sticky-chat-button No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "slideshow-gallery 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "saragna-social-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-anywhere No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "store-credit-for-woocommerce 1.0.49.47 Reflected.Cross-Site.Scripting MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "shopwarden 1.0.12 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "scss-wp-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "site-launcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "send-e-mail No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-agreements 1.0.4 Unauthenticated.Local.File.Inclusion CRITICAL" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seur 2.2.24 Unauthenticated.Local.File.Inclusion CRITICAL" "seur 2.2.12 Reflected.Cross-Site.Scripting MEDIUM" "seur 2.2.11 Unauthenticated.SQL.Injection HIGH" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "shopsite-plugin 1.5.11 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "setup-default-feature-image 1.3 Missing.Authorization MEDIUM" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "scss-library No.known.fix Cross-Site.Request.Forgery MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smartarget-popup No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "split-test-for-elementor No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "split-test-for-elementor 1.8.4 Editor+.SQLi MEDIUM" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "seo-wordpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "sign-in-with-google No.known.fix Authentication.Bypass.in.authenticate_user CRITICAL" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "search-logger No.known.fix Admin+.SQLi MEDIUM" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "surbma-premium-wp 10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "small-package-quotes-wwe-edition 5.2.20 Missing.Authorization MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Unauthenticated.SQL.Injection HIGH" "small-package-quotes-wwe-edition 5.2.18 Unauthenticated.SQL.Injection HIGH" "simple-basic-contact-form 20250114 Admin+.Stored.XSS LOW" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "seo-automatic-seo-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-automatic-seo-tools No.known.fix Reflected.XSS HIGH" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smooth-streaming-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-share-with-floating-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sweepwidget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scratch-win-giveaways-for-website-facebook 2.9.0 Missing.Authorization.to.Unauthenticated.Coupon.Creation MEDIUM" "scratch-win-giveaways-for-website-facebook 2.8.0 Cross-Site.Request.Forgery.via.reset_installation.Function MEDIUM" "scratch-win-giveaways-for-website-facebook 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "simplepress No.known.fix Missing.Authorization MEDIUM" "simplepress No.known.fix Cross-Site.Request.Forgery.to.Unauthorized.Post.Editing MEDIUM" "simplepress 6.10.11 Reflected.XSS HIGH" "simplepress 6.10.12 Reflected.Cross-Site.Scripting MEDIUM" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-ldap-login 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "smart-wishlist-for-more-convert 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "smart-wishlist-for-more-convert 1.9.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-wishlist-for-more-convert 1.8.8 Unauthenticated.Wishlist.Disclosure.via.download_pdf_file.Function HIGH" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "sensly-online-presence No.known.fix Admin+.Stored.XSS LOW" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "sql-chart-builder No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "search-order-by-product-sku-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "socialmark No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sina-extension-for-elementor 3.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text,.Countdown.Widget,.and.Login.Form.Shortcodes MEDIUM" "sina-extension-for-elementor 3.6.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Sina.Image.Differ MEDIUM" "sina-extension-for-elementor 3.5.8 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Sina.Modal.Box.Widget.Elementor.Template MEDIUM" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "smsify 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "statpresscn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "simple-table-manager 1.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "sheet2site No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Administrator+).SQL.Injection MEDIUM" "seedprod-coming-soon-pro-5 6.18.14 Authenticated.(Editor+).Remote.Code.Execution HIGH" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Editor+).SQL.Injection MEDIUM" "scw-seat-reservation 3.4 Unauthenticated.SQL.Injection HIGH" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "simple-image-sizes 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sermonaudio-widgets No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "simple-membership-after-login-redirection 1.7 Open.Redirect MEDIUM" "staticpress No.known.fix Missing.Authorization MEDIUM" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sip-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "steel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn.Shortcode MEDIUM" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "sp-blog-designer No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "sp-blog-designer No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "simple-audioplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "slingblocks 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "simple-side-tab 2.2.0 Admin+.Stored.XSS LOW" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "sign-up-sheets 2.3.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "szechenyi-2020-logo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "seguro-viagem 3.0.0 Stored.XSS.via.CSRF HIGH" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "support-svg 1.1.1 .Authenticated.(Author+).Stored.Cross-site.Scripting.via.SVG.File.Upload MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "sharable-password-protected-posts 1.1.1 Unauthenticated.Password.Protect.Post.Access HIGH" "simply-rets No.known.fix Reflected.Cross-Site.Scripting HIGH" "simply-rets No.known.fix Cross-Site.Request.Forgery MEDIUM" "simply-rets 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "sola-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "smoove-elementor 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "simpul-events-by-esotech No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.11 Reflected.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "seo-automated-link-building 2.5.3 Missing.Authorization MEDIUM" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "search-filter-pro 2.5.20 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Meta.Exposure MEDIUM" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "simple-business-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "snapwidget-wp-instagram-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "smooth-dynamic-slider No.known.fix Reflected.Cross-Site.Scriptign MEDIUM" "simple-video-management-system No.known.fix Admin+.Stored.XSS LOW" "simple-video-management-system No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-history 5.8.2 Admin+.Sensitive.Information.Exposure.via.Detective.Mode MEDIUM" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "surly No.known.fix Missing.Authorization MEDIUM" "snipe-nginx-cache No.known.fix Missing.Authorization MEDIUM" "super-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "shopengine 4.1.2 CSRF MEDIUM" "secure-copy-content-protection 4.5.6 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.4.5 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.4.8 Missing.Authorization.to.Unauthenticated.User.Email.Retrieval.via.ays_sccp_reports_user_search.Function MEDIUM" "secure-copy-content-protection 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "simple-downloads-list 1.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "scriptless-social-sharing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "simple-download-counter 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-download-counter 2.1 Authenticated.(Author+).Arbitrary.File.Read MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "seo-by-rank-math 1.0.236 Contributor+.Arbitrary.Schema.Deletion LOW" "seo-by-rank-math 1.0.236 Contributor+.Stored.XSS.via.Rank.Math.API MEDIUM" "seo-by-rank-math 1.0.232 Admin+.Remote.Code.Execution MEDIUM" "seo-by-rank-math 1.0.229 Unauthenticated.User.and.Term.Metadata.Insert/Update/Deletion MEDIUM" "seo-by-rank-math 1.0.229 Admin+.PHP.Object.Injection MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "simple-al-slider No.known.fix Reflected.XSS HIGH" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sync-wc-google 9.0 Unauthenticated.SQL.Injection HIGH" "sync-wc-google 9.0 Cross-Site.Request.Forgery MEDIUM" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "send-to-twitter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-goods No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "swiftxr-3darvr-viewer No.known.fix Cross-Site.Request.Forgery MEDIUM" "simpleschema-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "s-dev-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-vertical-timeline No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "social-link-groups No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Reflected.Cross-Site.Scripting.via.monthly_sales_current_year.Parameter MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update./.Data.Access MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "simple-post-expiration No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "scroll-top-advanced No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "scroll-triggered-animations 3.0.16 Reflected.Cross-Site.Scripting HIGH" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "skyboot-portfolio-gallery No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-user-profile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "surferseo 1.6.0.523 Authenticated.(Administrator+).SQL.Injection MEDIUM" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "spotlight-social-photo-feeds 1.7.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shopready-elementor-addon No.known.fix Contributor+.Local.File.Inclusion MEDIUM" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "sr-partner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "style-admin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "square-thumbnails 1.1.2 Missing.Authorization MEDIUM" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.7 Cross-Site.Request.Forgery MEDIUM" "searchiq 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "subscriptions-renewal-reminders No.known.fix Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "superstorefinder-wp 7.5 Unauthenticated.SQL.Injection HIGH" "superstorefinder-wp 7.1 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-social-share-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "sv-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "site-table-of-contents No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "squeeze 1.6.1 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "squeeze 1.6.1 Authenticated.(Admin+).Full.Path.Disclosure LOW" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "super-seo-content-cloner 1.0.2 Missing.Authorization MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "selar-co-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "slide No.known.fix Missing.Authorization.to.Content.Injection MEDIUM" "slide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slide No.known.fix Missing.Authorization MEDIUM" "sheetdb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-image-popup 2.5.3 Admin+.Stored.XSS LOW" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitepress-multilingual-cms 4.7.4 4.7.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpml_language_switcher.Shortcode MEDIUM" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "social-media-shortcodes 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "syncfields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "simple-photo-feed 1.4.1 Missing.Authorization MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "smart-dofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "spark-gf-failed-submissions 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-nested-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spice-starter-sites No.known.fix Missing.Authorization.to.Unauthenticated.Demo.Content.Import MEDIUM" "spice-starter-sites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seatreg 1.56.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-restrict 1.2.8 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starter-templates No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "starter-templates No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "show-google-analytics-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 7.2.5 Unauthenticated.Stored.XSS HIGH" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "shayanweb-admin-fontchanger No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-travel-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "simplified No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "saaspricing No.known.fix Contributor+.Stored.XSS MEDIUM" "svt-simple No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "seznam-webmaster 1.4.8 Cross-Site.Request.Forgery MEDIUM" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "slick-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stylish-google-sheet-reader 4.1 Reflected.XSS HIGH" "stylish-google-sheet-reader 4.1 Reflected.Cross-Site.Scripting HIGH" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "sb-core No.known.fix Authentication.Bypass CRITICAL" "syndicate-out No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "sticky-buttons 4.1.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "seo-meta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "shortlinkspro 1.0.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "slope-widgets 4.2.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "subscribe-to-download-lite 1.3.0 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "subscribe-to-download-lite 1.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stock-sync-with-google-sheet-for-woocommerce 3.13.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smoothness-slider-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "semalt No.known.fix Admin+.Stored.XSS LOW" "simple-job-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "simple-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-locator 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shipworks-e-commerce-bridge 5.2.6 Cross-Site.Request.Forgery.to.Service.Password/Username.Update MEDIUM" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "sassy-social-share 3.3.76 Reflected.Cross-Site.Scripting.via.'heateor_mastodon_share'.Parameter MEDIUM" "sassy-social-share 3.3.74 Open.Redirect MEDIUM" "sassy-social-share 3.3.70 Reflected.Cross-Site.Scripting.via.heateor_mastodon_share.Parameter MEDIUM" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "staging-cdn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "soundrise-music 1.7.1 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "scw-bus-seat-reservation No.known.fix Unauthenticated.SQL.Injection HIGH" "swoop-password-free-authentication No.known.fix Authentication.Bypass CRITICAL" "single-user-chat No.known.fix Authenticated.(Subscriber+).Limited.Options.Update HIGH" "side-menu-lite 5.3.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shuffle No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "simpleform-contact-form-submissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shopcred No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smartifw No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "security-malware-firewall 2.150 Unauthenticated.Arbitrary.File.Upload CRITICAL" "security-malware-firewall 2.145.1 Authorization.Bypass.via.Reverse.DNS.Spoofing.to.Unauthenticated.SQL.Injection HIGH" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "showtime-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 6.0.0 Admin+.Stored.XSS LOW" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "speakout 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "s3bubble-amazon-web-services-oembed-media-streaming-support No.known.fix Reflected.XSS HIGH" "social-web-suite 4.1.12 Directory.Traversal.to.Arbitrary.File.Download HIGH" "sell-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sa-post-author-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "simple-lightbox 2.9.4 Contributor+.Stored.XSS MEDIUM" "sg-helper No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "store-locator-widget 2025r3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "store-locator-widget 2025r2 Contributor+.Stored.XSS MEDIUM" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "sticky-menu-block 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "svg-support 2.5.9 Stored.Cross-Site.Scripting.via.Vulnerability.Dependency MEDIUM" "svg-support 2.5.11 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "stream-status-for-twitch 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-tags 3.30.0 Admin+.Stored.XSS LOW" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-embed-code 2.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "simple-embed-code 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "sexbundle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "strx-magic-floating-sidebar-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-responsive-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "support-chat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-chat 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsaio_snapchat.Shortcode MEDIUM" "sastra-essential-addons-for-elementor 1.0.15 Missing.Authorization.to.Spexo.Theme.Install MEDIUM" "sastra-essential-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-static-cache No.known.fix Cross-Site.Request.Forgery MEDIUM" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "social-media-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "syntaxhighlighter 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "sola-support-tickets No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "soundcloud-ultimate No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcodes-for-amp-web-stories-and-elementor-widget 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sb-random-posts-widget 1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sendpulse-email-marketing-newsletter 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sendpulse-email-marketing-newsletter 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-shopify-product No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-page-access-restriction 1.0.32 Cross-Site.Request.Forgery.via.Multiple.Parameters MEDIUM" "simple-page-access-restriction 1.0.30 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "simple-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-cleaner-lite No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Export MEDIUM" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "skyword-plugin 2.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-sitemap 3.6.1 Missing.Authorization MEDIUM" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smaily-for-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "smaily-for-wp 3.1.6 Contributor+.Stored.XSS MEDIUM" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "siteorigin-panels 2.31.5 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.31.1 Contributor+.Stored.XSS.via.Row.Label.Parameter MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "social-proof-testimonials-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spslider-block.Shortcode MEDIUM" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "simple-blog-stats 20250423 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ship-per-product No.known.fix Missing.Authorization MEDIUM" "scottcart No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "shopkeeper-extender 3.7 Contributor+.Stored.XSS MEDIUM" "skt-templates 6.15 Reflected.Cross-Site.Scripting MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "suremembers 1.10.7 Sensitive.Information.Exposure MEDIUM" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "srbtranslatin No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "simple-membership 4.6.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-membership 4.5.6 Exposure.of.Private.Personal.Information.to.an.Unauthorized.Actor MEDIUM" "simple-membership 4.5.4 Unauthenticated.Open.Redirect MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "same-but-different No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-maintenance-countdown No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "sell-media-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "staggs 2.12.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "staggs 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "searchie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "showbizpro No.known.fix Shell.Upload CRITICAL" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "svgplus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sw-contact-form No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "salon-booking-system No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Post/Page.Deletion MEDIUM" "salon-booking-system No.known.fix Missing.Authorization MEDIUM" "salon-booking-system 10.15 Authenticated.Privilege.Escalation HIGH" "salon-booking-system 10.9.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "salon-booking-system 1.9.4 Admin+.Stored.XSS LOW" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "style-tweaker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "show-posts 1.8.1 Admin+.PHP.Object.Injection LOW" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.3.1 Support.Ticket.Attachments.Download.via.IDOR MEDIUM" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "spice-blocks No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "spice-blocks No.known.fix Missing.Authorization MEDIUM" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sogrid 1.5.7 Unauthenticated.Local.File.Inclusion CRITICAL" "sogrid 1.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "sogrid 1.5.7 Authenticated.(Admin+).Local.File.Inclusion HIGH" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.10.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.6.0 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-connect No.known.fix Authentication.Bypass CRITICAL" "step-by-step No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "small-package-quotes-usps-edition 1.3.6 Unauthenticated.SQL.Injection HIGH" "shopelement 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "svg-shortcode No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.4.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.3.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.3.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 4.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "super-testimonial 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "slider-wd 1.2.62 Contributor+.Stored.XSS MEDIUM" "slider-wd 1.2.62 Admin+.Stored.XSS.via.Widget LOW" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "salavat-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-social-icons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-social-icons No.known.fix Admin+.Stored.XSS LOW" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail 1.3.43 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "spacer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Information.Disclosure LOW" "spacer 3.0.7 Admin+.Stored.XSS LOW" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "storecontrl-wp-connection 4.1.4 Unauthenticated.Arbitrary.File.Download HIGH" "sepa-girocode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sfwd-lms 4.20.0.3 Missing.Authorization MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smartpay No.known.fix 2.7.13.-.Authenticated.(Subscriber+).Information.Exposure MEDIUM" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-on-diaspora 0.7.2 XSS MEDIUM" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-custom-fields 5.0.1 Contributor+.Stored.XSS MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "share-button 1.20 Reflected.Cross-Site.Scripting MEDIUM" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-chart-block 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "save-as-pdf-by-pdfcrowd 4.4.1 Unauthenticated.PHP.Object.Injection HIGH" "save-as-pdf-by-pdfcrowd 4.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "s2member 250424 Administrator+.Local.File.Inclusion MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 241216 Authenticated.(Contributor+).Sensitive.Information.Exposure HIGH" "s2member 241216 Unauthenticated.Remote.Code.Execution HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "splitit-installment-payments 4.2.9 Missing.Authorization.to.Multiple.Administrative.Actions MEDIUM" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortpixel-image-optimiser 5.6.4 Authenticated.(Editor+).SQL.Injection MEDIUM" "shortpixel-image-optimiser 5.6.4 Missing.Authorization MEDIUM" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "spoki 2.15.16 Contributor+.Stored.XSS MEDIUM" "shopper 3.2.6 Unauthenticated.SQL.Injection HIGH" "subscriptions-memberships-for-paypal 1.1.7 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "small-package-quotes-unishippers-edition 2.4.10 Missing.Authorization MEDIUM" "small-package-quotes-unishippers-edition 2.4.10 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-unishippers-edition 2.4.9 Unauthenticated.SQL.Injection HIGH" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "seo-help No.known.fix Admin+.SSRF MEDIUM" "seo-help No.known.fix Missing.Authorization MEDIUM" "seo-help 6.1.4 Reflected.Cross-Site.Scripting MEDIUM" "sequel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shine-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "surveyjs 1.12.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "surveyjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surveyjs No.known.fix Missing.Authorization MEDIUM" "surveyjs 1.12.18 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.SurveyJS_DeleteFile HIGH" "surveyjs 1.12.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "seo-landing-page-generator 1.66.3 Reflected.Cross-Site.Scripting MEDIUM" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-product-gallery-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting.via.page.Parameter MEDIUM" "simple-custom-post-order 2.5.8 Missing.Authorization MEDIUM" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "songkick-concerts-and-festivals 0.10.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "simple-pricing-table No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "semantic-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "slider-bws 1.1.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "sovratec-case-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "sugar-calendar-lite 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "simple-post-series No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "social-testimonials-and-reviews-widget 5.22 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "scancircle 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-share-and-social-locker-arsocial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-and-social-locker-arsocial No.known.fix Unauthenticated.SQL.Injection HIGH" "social-share-and-social-locker-arsocial 1.4.2 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spotifyplaybutton.Shortcode MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "smtp-sendinblue 1.3 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "shortcode-support-for-elementor-templates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "skillbars 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "suretriggers 1.0.83 Unauthenticated.Privilege.Escalation CRITICAL" "suretriggers 1.0.79 Unauthenticated.Admin.User.Creation HIGH" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "slider-for-writers No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "sequential-order-numbers-for-woocommerce 3.6.3 Cross-Site.Request.Forgery MEDIUM" "sync-posts No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "solar-wizard-lite 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "social-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "showeblogin-facebook-page-like-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "show-visitor-ip-address No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stylish-internal-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.36 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "specia-companion No.known.fix Missing.Authorization MEDIUM" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "soccer-live-scores No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-booking-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-pug-author-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "sliced-invoices No.known.fix Missing.Authorization MEDIUM" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "simple-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-notification No.known.fix Missing.Authorization MEDIUM" "simple-custom-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "simple-certain-time-to-show-content 1.3.1 Reflected.XSS HIGH" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "strong-testimonials 3.2.4 Missing.Authorization MEDIUM" "strong-testimonials 3.1.17 Missing.Authorization MEDIUM" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "sakolawp-lite No.known.fix Cross-Site.Request.Forgery.to.Exam.Setting.Manipulation MEDIUM" "sakolawp-lite No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-proxy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "shortcode-for-redirection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slicewp 1.1.24 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "simple-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "seo-blogger-to-wordpress-301-redirector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sidebar-content-from-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "snow-storm 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "snow-storm 1.4.7 Admin+.Stored.XSS LOW" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "shipdeo-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "support-genix-lite 1.4.12 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "secupress 2.3.10 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation MEDIUM" "secupress 2.2.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secupress 2.3 Missing.Authorization MEDIUM" "secupress 2.3 Contributor+.Stored.XSS MEDIUM" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "simplelightbox No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.SimpleLightbox.JavaScript.Library MEDIUM" "stacks-mobile-app-builder No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stacks-mobile-app-builder No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "stacks-mobile-app-builder No.known.fix Authentication.Bypass CRITICAL" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simpleform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "site-mailer 1.2.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "social-pug 1.34.4 Admin+.Stored.XSS LOW" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "smio-push-notification No.known.fix Unauthenticated.SQL.Injection HIGH" "slick-engagement 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slick-grid.Shortcode MEDIUM" "shopp-arrange No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 2.02 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "sitekit 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "shortcode-variables 4.1.7 Authenticated.(Subscriber+).Shortcode.Deletion MEDIUM" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "scand-multi-mailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scand-multi-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "solidres No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "solidres No.known.fix Reflected.XSS HIGH" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "solidres No.known.fix Admin+.Stored.XSS LOW" "safe-ai-malware-protection-for-wp No.known.fix Missing.Authorization MEDIUM" "safe-ai-malware-protection-for-wp 1.0.18 Missing.Authorization.to.Unauthenticated.Database.Export HIGH" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "sky-elementor-addons 3.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.6.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Cross-Site.Request.Forgery.to.Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Switcher.Widget.Elementor.Template MEDIUM" "sky-elementor-addons 2.5.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "ship-depot No.known.fix Missing.Authorization MEDIUM" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "simple-file-list 6.1.14 Missing.Authorization.to.Unauthenticated.Minor.Settings.Update MEDIUM" "simple-file-list 6.1.13 Reflected.Cross-Site.Scripting HIGH" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "scrollup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "sidebartabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smoothscroller No.known.fix Admin+.Stored.XSS LOW" "st-gallery-wp No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stockdio-historical-chart 2.8.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "sureforms 1.4.4 Admin+.Stored.XSS LOW" "sureforms 1.4.4 Admin+.Stored.XSS LOW" "sureforms 1.4.4 Contributor+.Settings.Update MEDIUM" "sureforms 1.2.3 Missing.Authorization.to.Unauthenticated.Protected.Post.Disclosure MEDIUM" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "superior-faq No.known.fix CSRF MEDIUM" "spam-byebye No.known.fix Cross-Site.Request.Forgery MEDIUM" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shiftnav-responsive-mobile-menu 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "scrollbar-by-webxapp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiderpowa-embed-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "sharespine-woocommerce-connector 4.8.56 Missing.Authorization MEDIUM" "subscribe2 10.44 Unauthenticated.Stored.Cross-Site.Scripting.via.IP.Parameter HIGH" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "stars-smtp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "social2blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "stray-quotes No.known.fix Reflected.XSS HIGH" "stray-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spreadr-for-woocomerce 1.0.5 Missing.Authorization MEDIUM" "spreadr-for-woocomerce 1.0.5 Missing.Authorization.to.Arbitrary.Content.Deletion HIGH" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-youtube-embed.Shortcode MEDIUM" "solace-extra 1.3.2 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "solace-extra 1.3.2 Subscriber+.Arbitrary.File.Upload HIGH" "solace-extra 1.3.1 Subscriber+.Arbitrary.File.Upload HIGH" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "shipyaari-shipping-managment No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smart-maintenance-mode 1.5.3 Reflected.Cross-Site.Scripting.via.setstatus.Parameter MEDIUM" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "slide-banners No.known.fix Missing.Authorization MEDIUM" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "show-all-comments-in-one-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "sided No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spendino No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "svg-complete No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "setsail-membership 1.1 Authentication.Bypass CRITICAL" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "shiftcontroller 4.9.67 Reflected.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.65 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "shortcode-elementor 1.0.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "social-media-sharing No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "subpage-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secure-captcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-media-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "service-booking-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "skt-builder 4.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "scroll-styler No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "small-package-quotes-purolator-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "squirrly-seo 12.4.06 Authenticated.(Contributor+).SQL.Injection MEDIUM" "squirrly-seo 12.4.06 Authenticated.(Subscriber+).SQL.Injection.via.search.Parameter MEDIUM" "squirrly-seo 12.4.08 Missing.Authorization MEDIUM" "squirrly-seo 12.3.21 Editor+.Stored.XSS LOW" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-nav-archives No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-org-chart 2.3.5 Unauthenticated.Tree.Settings.Update MEDIUM" "simple-org-chart 2.3.5 Settings.Update.via.CSRF MEDIUM" "sandbox No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sandbox.Download MEDIUM" "sandbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "search-exclude 2.5.0 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Modification MEDIUM" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sksdev-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-mockups No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smartarget-contact-us No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "safetymails-forms No.known.fix Cross-Site.Request.Forgery HIGH" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "signup-page No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "social-stream-design No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "sk-wp-settings-backup No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "shortcode-collection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "stm-motors-events No.known.fix Events.<=.1.4.7.-.Unauthenticated.Local.File.Inclusion CRITICAL" "stop-registration-spam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-registration-spam 1.24 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "ssl-wireless-sms-notification 3.6.0 Unauthenticated.SQL.Injection HIGH" "ssl-wireless-sms-notification 3.7.0 Unauthenticated.Privilege.Escalation CRITICAL" "swiss-toolkit-for-wp No.known.fix Missing.Authorization MEDIUM" "swiss-toolkit-for-wp 1.4.1 Missing.Authorization MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "slazzer-background-changer No.known.fix Missing.Authorization MEDIUM" "silvasoft-boekhouden No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "silvasoft-boekhouden No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sportspress-tv No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-email-subscriber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "sliderspack-all-in-one-image-sliders 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "seofy-core No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "swatchly 1.4.1 1.4.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "slider-path No.known.fix Missing.Authorization MEDIUM" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "simple-rating No.known.fix Cross-Site.Request.Forgery MEDIUM" "simplistic-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-google-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-header-and-footer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-news No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.news.Shortcode MEDIUM" "sunshine-photo-cart 3.4.12 Subscriber.Privilege.Escalation HIGH" "sunshine-photo-cart 3.4.11 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.2.11 Open.Redirect MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.9 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "social-bookmarking-reloaded No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simplified-content 1.0.1 XSS MEDIUM" "script-compressor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sitepact-klaviyo-contact-form-7 3.0.0 Unauthenticated.SQL.Injection HIGH" "simple-post-meta-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "seraphinite-accelerator 2.27.22 Cross-Site.Request.Forgery.to.Multiple.Administrative.Actions MEDIUM" "seraphinite-accelerator 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "survey-maker 5.1.6.4 Unauthenticated.Authorization.Bypass MEDIUM" "survey-maker 5.1.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 5.1.3.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Survey.Question MEDIUM" "survey-maker 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.9.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "sirv 7.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sirv 7.3.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Option.Deletion HIGH" "sirv 7.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "support-x 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "support-x 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-x 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "so-widgets-bundle 1.64.1 Missing.Authorization LOW" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "simple-code-insert-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "simple-pricing-tables-vc-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-rocket No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "social-rocket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-trackback-disabler No.known.fix Cross-Site.Request.Forgery MEDIUM" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "smooth-page-scroll-updown-buttons 1.4.1 Authenticated.Stored.XSS.via.psb_positioning LOW" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shalom-world-media-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sellsy 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "sf-booking 6.0 Unauthenticated.Privilege.Escalation.via.'nsl_registration_store_extra_input' CRITICAL" "sf-booking 5.1 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "sh-email-alert No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "spostarbust 1.2.04.25 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-google-icalendar-widget 2.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "sticky-header-on-scroll No.known.fix Missing.Authorization MEDIUM" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "smallerik-file-browser No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "smsa-shipping-official 2.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "simple-select-all-text-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "small-package-quotes-fedex-edition 4.3.2 Unauthenticated.SQL.Injection HIGH" "social-locker-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-banner 3.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-banner 3.0.4 Admin+.Stored.XSS LOW" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "screenshot-machine-shortcode 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-calendar-for-elementor 1.6.6 Cross-Site.Request.Forgery MEDIUM" "simple-calendar-for-elementor 1.6.5 Cross-Site.Request.Forgery MEDIUM" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "stop-comment-spam 0.5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-marketing-for-wp 5.0.5 Missing.Authorization MEDIUM" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sms-alert 3.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_verify.Shortcode MEDIUM" "sms-alert 3.8.2 Authenticated.(Subscriber+).Privilege.Escalation.via.handleWpLoginCreateUserAction.Function HIGH" "sms-alert 3.8.2 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.8.0 Unauthenticated.Account.Takeover/Privilege.Escalation CRITICAL" "sms-alert 3.7.9 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "sms-alert 3.7.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "sms-alert 3.7.6 WooCommerce.<.3.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_subscribe.Shortcode MEDIUM" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications..WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "scan-external-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smdp-affiliate-platform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "school-management No.known.fix Authenticated.(Student+).Local.File.Inclusion HIGH" "school-management No.known.fix Unauthenticated.SQL.Injection HIGH" "school-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "school-management No.known.fix Student+.Account.Takeover.and.Privilege.Escalation HIGH" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management 93.0.0 Authenticated.(Student+).SQL.Injection.via.'view-attendance' MEDIUM" "school-management 93.0.0 Authenticated.(Subscriber+).SQL.Injection.via.'mj_smgt_show_event_task' MEDIUM" "school-management 92.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "school-management 92.0.0 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "securesubmit No.known.fix Missing.Authorization MEDIUM" "securesubmit No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "spider-elements No.known.fix Missing.Authorization MEDIUM" "spider-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-icons No.known.fix Missing.Authorization MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "sleekplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 3.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "skt-addons-for-elementor 3.2 Contributor+.Stored.XSS MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "slider-pro-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "spotlightr 0.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "shortpixel-adaptive-images 3.10.1 Missing.Authorization MEDIUM" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "service-provider-profile-cpt No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-countdown-fx No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "service-boxs 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-gallery-with-filter 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.6 Contributor+.Stored.XSS MEDIUM" "simply-gallery-block 3.2.4.3 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "service-updates-for-customers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "short-tax-post No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Password.Update HIGH" "short-tax-post No.known.fix Unauthorized.User.Registration MEDIUM" "security-force No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "suevafree-essential-kit 1.1.4 Contributor+.Stored.XSS MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "soundy-audio-playlist No.known.fix XSS MEDIUM" "saoshyant-page-builder No.known.fix Missing.Authorization MEDIUM" "splash-connector 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "save-import-image-from-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "spotbot No.known.fix Reflected.XSS HIGH" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "sc-simple-zazzle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spam-stopper No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sailthru-triggermail No.known.fix Subscriber+.Stored.XSS HIGH" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "sourceplay-navermap No.known.fix Missing.Authorization MEDIUM" "shabbos-and-yom-tov No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "surbma-font-awesome 3.1 Contributor+.Stored.XSS MEDIUM" "sv100-companion No.known.fix Missing.Authorization.to.Unuathenticated.Arbitrary.Options.Update CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "simply-schedule-appointments 1.6.8.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "simply-schedule-appointments 1.6.8.7 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simply-schedule-appointments 1.6.8.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "sensei-lms 4.24.5 Missing.Authorization MEDIUM" "sensei-lms 4.24.4 Unauthenticated.sensei_email/sensei_message.Disclosure MEDIUM" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "smm-api No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "sprout-invoices 20.8.2 Missing.Authorization MEDIUM" "sprout-invoices 20.8.1 Insecure.Direct.Object.Reference MEDIUM" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "shortcode-bootstrap-visuals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seraphinite-discount-for-woocommerce 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "social-counter 2.1 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "selection-lite 1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surbma-salesautopilot-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-simple-subscriptions No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "smtp-sendgrid 1.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "send-from No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smart-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "store-manager-connector No.known.fix Unauthenticated.Arbitrary.File.Upload.via.set_image() CRITICAL" "store-manager-connector No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "store-manager-connector No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "store-manager-connector No.known.fix Unauthenticated.Arbitrary.File.Upload.via.set_file() HIGH" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "snippy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-widget No.known.fix Unauthenticated.Path.Traversal MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-manager-for-wp-e-commerce 8.53.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-manager-for-wp-e-commerce 8.46.0 Missing.Authorization MEDIUM" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "sticky-social-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seekxl-snapr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "super-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spatialmatch-free-lifestyle-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spatialmatch-free-lifestyle-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "simple-project-managment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "saoshyant-element No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "saoshyant-slider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "swift-performance-lite 2.3.7.2 Unauthenticated.Local.PHP.File.Inclusion.via.'ajaxify' HIGH" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simplegmaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "showhide-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "search-meter 2.13.3 CSV.Injection MEDIUM" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "streamweasels-twitch-integration 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-twitch-embed.Shortcode MEDIUM" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "srs-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "ssquiz No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "simple-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchpro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "storekeeper-for-woocommerce No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "standard-box-sizes 1.6.14 Missing.Authorization MEDIUM" "shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stars-testimonials-with-slider-and-masonry-grid 3.3.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stars_testimonials.Shortcode MEDIUM" "simple-spoiler No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "svg-block 1.1.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "subscribe-to-unlock-lite 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "serial-codes-generator-and-validator 2.7.8 Cross-Site.Request.Forgery.via.[placeholder] MEDIUM" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_fs_local_business.Shortcode MEDIUM" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stencies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "smartlink-dinamic-urls 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "skt-blocks 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.7 Contributor+.Stored.XSS MEDIUM" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "simple-auto-tag No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.7 Unauthenticated.PHP.Object.Injection HIGH" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "sinking-dropdowns No.known.fix Cross-Site.Request.Forgery HIGH" "site-editor-google-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "sticky-add-to-cart-woo No.known.fix Missing.Authorization MEDIUM" "sell-with-razorpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplemodal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "site-pin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "tickera-event-ticketing-system 3.5.5.3 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.4.9 Unauthenticated.Customer.Data.Exposure MEDIUM" "tickera-event-ticketing-system 3.5.4.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "totalprocessing-card-payments 7.1.8 Shop.Manager+.Arbitrary.File.Download MEDIUM" "totalprocessing-card-payments 7.1.7 Reflected.Cross-Site.Scripting MEDIUM" "totalprocessing-card-payments 7.1.6 Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "templines-helper-core 2.8 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "table-of-contents-plus 2411.1 Admin+.Stored.XSS LOW" "table-of-contents-plus 2411 Cross-Site.Request.Forgery MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tagmaker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "timeslot 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typekit No.known.fix Cross-Site.Request.Forgery MEDIUM" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "transients-manager 2.0.7 Cross-Site.Request.Forgery MEDIUM" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "timeline-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[placeholder] MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "tour-booking-manager 1.8.8 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "tour-booking-manager 1.8.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tour-booking-manager 1.8.6 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "themeisle-companion 2.10.45 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "transportersio 2.1.2 Stored.XSS.via.CSRF HIGH" "tockify-events-calendar 2.3.0 Contributor+.Stored.XSS MEDIUM" "the-holiday-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "team-display No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-display No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "twchat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "twchat 3.1.5 Multiple.CSRF MEDIUM" "tabs-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "telecash-ricaricaweb No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tags-to-meta-keywords 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "tito No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "td-composer 5.4 Reflected.Cross-Site.Scripting.via.'data' MEDIUM" "td-composer 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "td-composer 5.4 Unauthenticated.Arbitrary.PHP.Object.Instantiation CRITICAL" "td-composer 5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "td-composer 5.4 Reflected.Cross-Site.Scripting.via.'account_id'.and.'account_username' MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "twitterpost No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tweeple No.known.fix Reflected.XSS HIGH" "twispay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thoughtful-comments 0.3.6 Missing.Authorization LOW" "twitter-posts No.known.fix Settings.Update.via.CSRF MEDIUM" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "truenorth-srcset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "total-donations No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "truebooker-appointment-booking 1.0.8 Cross-Site.Request.Forgery MEDIUM" "truebooker-appointment-booking 1.0.3 Multiple.Unauthenticated.SQLi HIGH" "truebooker-appointment-booking 1.0.3 Settings.Update.via.CSRF MEDIUM" "telegram-bot No.known.fix Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "twitter-anywhere-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "themefuse-maintenance-mode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "todo-custom-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tubepress 1.6.5 XSS MEDIUM" "tarteaucitronjs 1.9.5 Contributor+.Stored.XSS MEDIUM" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "theatre No.known.fix Missing.Authorization MEDIUM" "theatre 0.18.7 Reflected.Cross-Site.Scripting MEDIUM" "theatre 0.18.4 Admin+.Stored.XSS LOW" "tripetto 8.0.10 Cross-Site.Request.Forgery.to.Arbitrary.Results.Deletion MEDIUM" "tripetto 8.0.10 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto 8.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tripetto 8.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto No.known.fix Unauthentiated.Stored.Cross-Site.Scripting.via.Form.File.Upload HIGH" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tube-video-curator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tutor 3.4.1 Subscriber+.HTML.Injection MEDIUM" "tutor 2.7.7 Unauthenticated.SQL.Injection.via.rating_filter HIGH" "tutor 2.7.7 User.Registration.Setting.Bypass.to.Unauthorized.User.Registration MEDIUM" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS..eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "ts-tree No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "thesography No.known.fix Admin+.Stored.XSS LOW" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-block-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tab-my-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "t-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tag-groups 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 2.0.4 Missing.Authorization.to.Information.Exposure MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "trackserver 5.1.1 Contributor+.Stored.XSS MEDIUM" "trackserver 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "turitop-booking-system No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "turitop-booking-system No.known.fix Missing.Authorization MEDIUM" "table-of-contents No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-loops No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "themeegg-toolkit No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "translatepress-multilingual 2.9.7 Admin+.PHP.Object.Injection MEDIUM" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "textme-sms-integration 1.9.2 Missing.Authorization MEDIUM" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "trusty-woo-products-filter No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "trademe-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "themeshark-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.4 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.content_template MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "trendy-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "torod 1.8 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "themify-builder 7.6.6 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-builder 7.6.6 Contributor+.Stored.XSS MEDIUM" "themify-builder 7.6.3 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "testimonial-slider-showcase-pro No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "testimonial-slider-showcase-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "threepress 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tm-islamic-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "transfinanz No.known.fix Reflected.XSS HIGH" "tabulate No.known.fix Reflected.XSS HIGH" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "team-118group-agent No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "trash-duplicate-and-301-redirect No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion HIGH" "the-logo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tsb-occasion-editor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "traveler-layout-essential-for-elementor 1.4 Unauthenticated.Server-Side.Request.Forgery HIGH" "text-selection-color No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "team-showcase-ultimate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "th-variation-swatches 1.3.3 1.3.2.-.Cross-Site.Request.Forgery.to.Plugin.Settings.Reset MEDIUM" "ticket-help-desk-system-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tailpress No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "td-subscription 1.7.1 Authenticated.(Subscriber+).SQL.Injection.via.subscriptionCouponId.Parameter MEDIUM" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "text-advertisements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "textboxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tcbd-popover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "theme-my-ontraport-smartform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "team-members-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting.via.'tab' MEDIUM" "team-rosters No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tribute-testimonial-gridslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "typing-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tournamatch 4.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tournamatch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "tablesearch No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "testimonial 2.0.14 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "translit-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "two-factor-login-telegram 3.1 Two-Factor.Authentication.Bypass MEDIUM" "two-factor-login-telegram 3.1 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turisbook-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "terms-dictionary No.known.fix Reflected.Cross-Site.Scripting HIGH" "tax-report-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "tidyro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "top-10 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "twigify No.known.fix Vulnerable.Twig.Package MEDIUM" "terms-and-conditions-per-product 1.2.16 Missing.Authorization MEDIUM" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "the-world No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tlp-team 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "tlp-team 4.4.2 Editor+.Stored.XSS LOW" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "tracking-code-manager 2.4.0 Contributor+.Stored.XSS MEDIUM" "tracking-code-manager 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Stored.XSS.via.Shortcode HIGH" "themify-wc-product-filter 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "time-based-greeting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "the-plus-addons-for-block-editor 4.0.8 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 4.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "training No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "toggle-the-title No.known.fix XSS MEDIUM" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "the-permalinker 1.9.0 Contributor+.Stored.XSS MEDIUM" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "tabgarb No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "theme-options-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "tablepress 3.1.3 Contributor+.DOM-Based.Stored.XSS.via.Multiple.Parameters MEDIUM" "tablepress 3.1 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 XXE.Injection MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "terms-of-use-2 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "topbar-id-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "tcbd-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tlp-food-menu 5.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "taeggie-feed 0.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "tailored-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "themes4wp-youtube-external-subtitles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "theme-switcha 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "teleadmin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "testimonial-free 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "team 1.22.26 Reflected.Cross-Site.Scripting HIGH" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "team 1.22.16 PHP.Object.Injection HIGH" "tour-operator 2.0.0 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "tidekey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twitter-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "theme-blvd-sliders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 2.10.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ti-woocommerce-wishlist 2.10.0 Contributor+.Stored.XSS MEDIUM" "ti-woocommerce-wishlist 2.9.2 Unauthenticated.Plugin.Setup.Wizard.Access HIGH" "ti-woocommerce-wishlist 2.9.1 Unauthenticated.SQL.Injection.via.lang.parameters HIGH" "ti-woocommerce-wishlist 2.9.0 Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "tz-plus-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "tpg-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabs-shortcode No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "target-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "tidy-up No.known.fix Cross-Site.Request.Forgery MEDIUM" "tp-gallery-slider No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tinycode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "toocheke-companion 1.167 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "theme-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "texteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-builder-for-elementor 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "termin-kalender 1.00.04 Missing.Authorization.to.Authenticated.(Subscriber+) MEDIUM" "tinymce-extended-config No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "twitter-real-time-search-scrolling No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "terms-descriptions 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "terms-descriptions 2.4.8 Admin+.Stored.XSS LOW" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "team-showcase-cm 25.05.13 Missing.Authorization MEDIUM" "team-showcase-cm 25.05.13 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "terms-before-download No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "taketin-to-wp-membership No.known.fix Subscriber+.PHP.Object.Injection HIGH" "third-party-cookie-eraser No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tiny-compress-images 3.4.4 Cross-Site.Request.Forgery MEDIUM" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "tb-testimonials No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "themarketer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "themify-store-locator 1.2.0 Cross-Site.Request.Forgery MEDIUM" "theme-changer 1.5 Cross-Site.Request.Forgery MEDIUM" "taskbuilder No.known.fix Missing.Authorization MEDIUM" "taskbuilder 4.0.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wppm_tasks.Shortcode MEDIUM" "taskbuilder 3.0.5 Admin+.SQL.Injection MEDIUM" "taskbuilder 3.0.9 Admin+.SQL.Injection MEDIUM" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "terms-popup-on-user-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tigris-flexplatform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "timetics 1.0.30 Missing.Authorization MEDIUM" "timetics 1.0.28 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.28.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "timetics 1.0.26 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.26.-.Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.User.Password/Email.Reset/Account.Takeover CRITICAL" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "tourfic 2.15.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "tourfic 2.15.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "thim-elementor-kit 1.2.9 Missing.Authorization MEDIUM" "thim-elementor-kit 1.2.9.1 Contributor+.Stored.XSS MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "themify-event-post 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-event-post 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "translation-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "token-login No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "tourmaster 5.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "tourmaster 5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "tourmaster 5.3.8 Tour.Booking,.Travel,.Hotel.<.5.3.8.-.Authenticated.(Subscriber+).SQL.Injection.via.review_id.Parameter MEDIUM" "tourmaster 5.3.5 Reflected.XSS HIGH" "tourmaster 5.3.4 Unauthenticated.Stored.XSS.via.Room.Booking HIGH" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.18 Contributor+.Local.File.Inclusion HIGH" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "taxonomy-discounts-woocommerce 5.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "tableberg No.known.fix Contributor+.Stored.XSS MEDIUM" "twitter-follow 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "timer-countdown No.known.fix Reflected.XSS HIGH" "trustist-reviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "top-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-news-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "translator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tinymce-advanced-qtranslate-fix-editor-problems No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "toggles-shortcode-and-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tax-switch-for-woocommerce 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class-name.Parameter MEDIUM" "tcbd-auto-refresher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "time-clock-pro 1.1.5 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "taxonomy-chain-menu 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pn_chain_menu.Shortcode MEDIUM" "tock-widget 1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tangible-loops-and-logic 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "travelfic-toolkit 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-events-calendar 6.13.2.1 Contributor+.DOM-Based.Stored.XSS MEDIUM" "the-events-calendar 6.12.0 Subscriber+.Import.Creation MEDIUM" "the-events-calendar 6.9.1 Contributor+.Stored.XSS MEDIUM" "the-events-calendar 6.8.2.1 Unauthenticated.Password.Protected.Event.Disclosure MEDIUM" "the-events-calendar 6.7.1 Trashed.Events.Restoration.via.CSRF MEDIUM" "the-events-calendar 6.6.4.1 Unauthenticated.SQL.Injection MEDIUM" "the-events-calendar 6.6.4 Admin+.Stored.XSS LOW" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "turbo-addons-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "themedy-toolbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themedy-toolbox 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "tarteaucitron-wp 0.3.0 Author+.Stored.XSS MEDIUM" "tarteaucitron-wp 0.3.0 Stored.XSS.via.CSRF HIGH" "tainacan 0.21.15 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "tainacan 0.21.13 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.11 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 0.21.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Installation MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "travel-light No.known.fix CSRF.Bypass MEDIUM" "time-clock 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "time-clock 1.2.3 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "tumult-hype-animations 1.9.16 Authenticated.(Author+).Arbitrary.File.Upload.via.hypeanimations_panel.Function CRITICAL" "tumult-hype-animations 1.9.15 Missing.Authorization MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "themify-audio-dock 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twb-woocommerce-reviews 1.7.8 Cross-Site.Request.Forgery MEDIUM" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "typer-core No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "team-showcase-supreme 7.5 Editor+.Local.File.Inclusion HIGH" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "theasys No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tagesteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "threewp-broadcast 51.02 Reflected.Cross-Site.Scripting MEDIUM" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "trust-payments-hosted-payment-pages-integration No.known.fix Unauthenticated.SQL.Injection HIGH" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "tc-ecommerce 1.4.0 Unauthenticated.SQLi HIGH" "tc-ecommerce No.known.fix Password.Change/Account.Takeover/Privilege.Escalation CRITICAL" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ticketsource-events 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tiger-form 2.1.0 Reflected.XSS HIGH" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "tagregator No.known.fix Stored.XSS MEDIUM" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "tubepressnet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "timeline-event-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "track-page-scroll No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "testimonial-slider-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "top-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "trustmary 1.0.10 Contributor+.Stored.XSS MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "typebot 3.6.1 Contributor+.Stored.XSS MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "track-logins No.known.fix Admin+.SQL.Injection MEDIUM" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "timeline-designer No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "templately 3.1.6 Missing.Authorization.via.AJAX.actions MEDIUM" "templately 3.1.6 Missing.Authorization MEDIUM" "templately 3.1.3 Missing.Authorization MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tune-library 1.5.5 SQL.Injection HIGH" "telegram-for-wp No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "tida-url-screenshot 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theperfectweddingnl-widget 2.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "task-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "ttt-crop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "teleport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "traffic-monitor 3.2.3 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "twitter-card-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "tripplan 2.0.0 Contributor+.Stored.XSS MEDIUM" "tours 1.0.1 Missing.Authorization MEDIUM" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "tube-video-ads-lite No.known.fix Reflected.XSS HIGH" "talkback-secure-linkback-protocol No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "terminal-africa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "totalcontest-lite 2.9.0 Reflected.XSS HIGH" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "thumbnail-grid 6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "themehunk-megamenu-plus No.known.fix Missing.Authorization MEDIUM" "themehunk-megamenu-plus 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.0 .Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "traveler-code 3.1.2 Unauthenticated.Arbitrary.SQL.Injection HIGH" "traveler-code 3.1.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taboola 2.0.2 CSRF MEDIUM" "themesflat-addons-for-elementor 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Information.Exposure LOW" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "testimonials-showcase 1.9.18 Missing.Authorization MEDIUM" "trackship-for-woocommerce 1.9.2 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "trinity-audio 5.20.1 Missing.Authorization MEDIUM" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "theme-per-user 1.0.2 Unauthenticated.PHP.Object.Injection HIGH" "team-section 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabbed-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "teachpress No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress No.known.fix Cross-Site.Request.Forgery.to.Import.Delete MEDIUM" "teachpress 9.0.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "the-pack-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ts-comfort-database No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "tayori No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-visitor-counter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tgg-wp-optimizer No.known.fix Admin+.Stored.XSS LOW" "tamara-checkout 1.9.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "truepush-free-web-push-notifications No.known.fix Missing.Authorization MEDIUM" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "taobaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taggator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "toggle-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-session-synchronizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "unlimited-timeline 1.6.1 Missing.Authorization MEDIUM" "ut-elementor-addons-lite 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ut-elementor-addons-lite 1.1.9 Authenticated.(Contributor+).Restricted.Post.Disclosure MEDIUM" "ultimate-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-security-checker No.known.fix Cross-Site.Request.Forgery MEDIUM" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "users-control No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "unitimetable No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "user-activity No.known.fix IP.Spoofing MEDIUM" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "unusedcss 2.4.5 Missing.Authorization MEDIUM" "unusedcss 2.4.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Setting.Reset MEDIUM" "unusedcss 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification.and.SQL.Injection HIGH" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "utech-spinning-earth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-popup-creator No.known.fix Unauthenticated.SQL.Injection HIGH" "ultimate-popup-creator No.known.fix Missing.Authorization.to.Unauthenticated.DB.Table.Truncation MEDIUM" "uix-slideshow 1.6.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "ultimate-auction 4.3.0 Contributor+.Arbitrary.Post.Deletion MEDIUM" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "use-any-font 6.3.09 Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "ut-demo-importer No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "uix-shortcodes 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uix-shortcodes 2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "uix-shortcodes 2.0.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "umich-oidc-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "uptime-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "userpro-mediamanager No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "userpro-mediamanager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "usc-e-shop 2.11.14 Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "usc-e-shop 2.11.10 Unauthenticated.Stored.Cross-Site.Scripting.via.name.Parameter HIGH" "usc-e-shop 2.11.2 Authenticated.(Admin+).SQL.Injection MEDIUM" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "usersnap 4.17 Admin+.Stored.XSS LOW" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via._wpnonce MEDIUM" "ultimate-shortcodes-creator 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "unlimited-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-member 2.10.4 Admin+.Arbitrary.Function.Call MEDIUM" "ultimate-member 2.10.2 Unauthenticated.Blind.SQL.Injection HIGH" "ultimate-member 2.10.1 Unauthenticated.SQLi HIGH" "ultimate-member 2.10.0 Authenticated.SQL.Injection MEDIUM" "ultimate-member 2.9.2 Information.Exposure MEDIUM" "ultimate-member 2.9.2 Unauthenticated.SQL.Injection HIGH" "ultimate-member 2.9.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Profile.Picture.Update MEDIUM" "ultimate-member 2.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.8.7 Cross-Site.Request.Forgery.to.Membership.Status.Change MEDIUM" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "ux-sniff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-toolkit 1.2.4 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "users-customers-import-export-for-wp-woocommerce 2.6.3 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "users-customers-import-export-for-wp-woocommerce 2.6.3 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "users-customers-import-export-for-wp-woocommerce 2.6.3 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "users-customers-import-export-for-wp-woocommerce 2.6.3 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "ultimate-bootstrap-elements-for-elementor 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "ultimate-bootstrap-elements-for-elementor 1.4.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "url-coupons-for-woocommerce-by-algoritmika 1.7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "ultimate-image-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-automator 6.5.0 Missing.Authorization MEDIUM" "uncanny-automator 6.4.0.2 Unauthenticated.PHP.Object.Injection.in.automator_api_decode_message.Function CRITICAL" "uncanny-automator 6.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "uncanny-automator 6.4.0 Subscriber+.Privilege.Escalation HIGH" "uncanny-automator 6.3 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "user-login-history 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "uber-grid No.known.fix Missing.Authorization.to.Unauthenticated.Portfolio.Update MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "uber-grid No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-drop-down-roles-in-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "userbase-access-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "upsell-order-bump-offer-for-woocommerce 3.0.1 Unauthenticated.Order.Manipulation MEDIUM" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "upload-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.8 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Modules.Activation/Deactivation MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "ucat-next-story No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unsafe-mimetypes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "ui-slider-filter-by-price No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ui-slider-filter-by-price No.known.fix Cross-Site.Request.Forgery MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "ultimate-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uptodown-apk-download-widget 0.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-push-notifications No.known.fix Reflected.Cross-Site.Scripting HIGH" "ultimate-push-notifications No.known.fix Subscriber+.SQL.Injection HIGH" "url-media-uploader 1.0.1 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebinding MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "uncode-core 2.9.1.7 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.in.uncode_get_medias MEDIUM" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "ulp-duplicate-post-sql-timebased 3.9.1 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "ultimate-coming-soon 1.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-coming-soon 1.1.0 Unauthenticated.Template.Activation MEDIUM" "ultimate-coming-soon 1.1.0 Subscriber+.Template.Name.Update MEDIUM" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "utech-world-time-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "university-quizzes-online No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "usermaven 1.2.2 Cross-Site.Request.Forgery MEDIUM" "ultimate-flipbox-addon-for-elementor 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-addons-for-contact-form-7 3.5.13 Authenticated.(Administrator+).Arbitrary.File.Upload.via.'save_options' HIGH" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "user-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "unique-ux No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Setting.Exposure MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Playlist/Video.Deletion MEDIUM" "user-location-and-ip No.known.fix Contributor+.Stored.XSS MEDIUM" "user-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "universam-demo 8.59 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-bar No.known.fix Missing.Authorization MEDIUM" "userpro No.known.fix Community.and.User.Profile.WordPress.Plugin.<=.5.1.10.-.Unauthenticated.Arbitrary.File.Read MEDIUM" "userpro No.known.fix Missing.Authorization MEDIUM" "userpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "userpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "user-registration 4.2.2 Insecure.Direct.Object.Reference.to.Unauthenticated.Limited.User.Deletion MEDIUM" "user-registration 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 4.1.4 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Password.Update MEDIUM" "user-registration 4.1.4 Insecure.Direct.Object.Reference.to.Unauthenticated.Membership.Modification MEDIUM" "user-registration 4.1.3 Authentication.Bypass HIGH" "user-registration 4.0.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-registration 4.1.2 Unauthenticated.Privilege.Escalation HIGH" "user-registration 4.1.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "user-avatar 1.4.12 Reflected.XSS HIGH" "ultimate-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultimate-blocks 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.4 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "uncomplicated-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "urbango-membership 1.1 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-classified-listings 1.5 Ultimate.Classified.Listings.<.1,5.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Title.Parameter MEDIUM" "ultimate-classified-listings 1.6 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "ultimate-classified-listings No.known.fix Subscriber+.Stored.XSS HIGH" "ultimate-classified-listings No.known.fix Contributor+.Local.File.Inclusion HIGH" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "ultraaddons-elementor-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultraaddons-elementor-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultraaddons-elementor-lite 1.1.9 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.UA_Template.Shortcode MEDIUM" "ultraaddons-elementor-lite No.known.fix Author+.Stored.XSS MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.17 Missing.Authorization.to.Arbitrary.Plugin.Installation/Activation HIGH" "ultimate-post 4.1.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "user-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-management 1.2 Subscriber+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.143 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.141 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Transparent.Split.Hero.Widget MEDIUM" "unlimited-elements-for-elementor 1.5.136 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "unlimited-elements-for-elementor 1.5.127 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.122 Authenticated.(Editor+).Remote.Code.Execution HIGH" "unlimited-elements-for-elementor 1.5.122 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "user-profile-meta No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "ukrainian-currency No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "uw-freelancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-woocommerce-auction-pro 1.5.3 Unauthenticated.SQL.Injection.via.'auction_id' HIGH" "ultimate-store-kit 2.5.0 Cross-Site.Request.Forgery.to.Limited.User.Meta.Update MEDIUM" "ultimate-store-kit 2.4.1 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.6.0 Contributor+.Stored.XSS MEDIUM" "ultimate-store-kit 2.3.1 Missing.Authorization MEDIUM" "ultimate-store-kit 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "user-role-editor 4.64.4 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "upcasted-s3-offload 3.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "universal-analytics-injector No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "user-private-files 2.1.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "user-password-reset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "utilities-for-mtg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uicore-elements 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "updownupdown-postcomment-voting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "unlimited-page-sidebars 0.2.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "user-messages No.known.fix Reflected.XSS HIGH" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "ultraembed-advanced-iframe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "userplus No.known.fix Privilege.Escalation CRITICAL" "userplus No.known.fix Missing.Authorization.via.Multiple.Functions MEDIUM" "userplus No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "userplus No.known.fix Editor+.Registration.Form.Update.to.Privilege.Escalation HIGH" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "ut-shortcodes 5.1.7 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "user-roles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-reviews 3.2.15 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "update-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "uptime-robot-monitor No.known.fix Cross-Site.Request.Forgery MEDIUM" "uptime-robot-monitor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uptime-robot-monitor No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "uncanny-learndash-groups 6.1.1 Missing.Authorization.to.Authenticated.(Group.Leader+).User.Group.Add LOW" "uncanny-learndash-groups 6.1.1 Authenticated.(Group.Leader+).Privilege.Escalation HIGH" "user-referral-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.9.1 Admin+.Stored.XSS LOW" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "updraft No.known.fix Reflected.XSS HIGH" "unilevel-mlm-plan No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "urdu-formatter-shamil No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "user-registration-pro 5.2.0 Cross-Site.Request.Forgery.to.User.Deletion MEDIUM" "user-registration-pro 5.1.3 Authentication.Bypass HIGH" "user-registration-pro 5.1.2 Unauthenticated.Privilege.Escalation HIGH" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "unlock-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "uix-page-builder 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "user-submitted-posts 20250327 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-wp-mail 1.3.6 Missing.Authorization MEDIUM" "ultimate-wp-mail 1.3.5 Cross-Site.Request.Forgery MEDIUM" "ultimate-wp-mail 1.3.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ultimate-wp-mail No.known.fix Open.Redirect MEDIUM" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "universal-video-player-and-bg No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "updraftplus 1.25.1 Backup/Restore.<.1.25.1.-.Reflected.XSS HIGH" "updraftplus 1.24.12 Unauthenticated.PHP.Object.Injection HIGH" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "ultimate-tinymce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-registration-using-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "ulisting No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "ulisting No.known.fix Admin+.SQL.Injection MEDIUM" "ulisting No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.and.PHP.Object.Injection HIGH" "ulisting No.known.fix Subscriber+.Privilege.Escalation HIGH" "ulisting 2.1.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ulisting 2.1.7 Unauthenticated.SQL.Injection HIGH" "ulisting 2.1.6 Unauthenticated.Information.Exposure MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "url-shortify 1.10.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "ultimate-addons-for-gutenberg 2.19.1 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.16.3 Contributor+.Stored.XSS.via.Team.Widget MEDIUM" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "upload-quota-per-user No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-live-cricket-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-theme-addons 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "userpro-messaging No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro-messaging No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uber-classic No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "upc-ean-barcode-generator No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "user-meta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-meta No.known.fix Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "uipress-lite 3.5.08 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "uipress-lite 3.5.05 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "url-rewrite-analyzer 1.3.4 Missing.Authorization MEDIUM" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "uncanny-learndash-toolkit 3.7.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.7.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "unlimited-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "useinfluence No.known.fix Cross-Site.Request.Forgery MEDIUM" "vk-blocks 1.95.0.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "video-contest No.known.fix Admin+.Stored.XSS LOW" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vr-views No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "vehica-core 1.0.98 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "visucom-smart-sections No.known.fix WPBakery.Page.Builder.Addon.<=.1.7.8.-.Unauthenticated.PHP.Object.Injection CRITICAL" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "vstemplate-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "vc-addons-by-bit14 No.known.fix Editor+.Stored.XSS LOW" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "vkontakte-cross-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "visualmodo-elements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "vr-frases No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vr-frases No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "vr-frases 4.0 Reflected.XSS HIGH" "verowa-connect 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "verowa-connect 3.1.0 Admin+.SQL.Injection MEDIUM" "verowa-connect 3.0.2 Unauthenticated.SQL.Injection HIGH" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "video-embed-privacy 1.3 Reflected.Cross-Site.Scripting MEDIUM" "virtual-hdm-for-taxservice-am No.known.fix Unauthenticated.SQL.Injection HIGH" "verbalize-wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "video-playlist-for-youtube No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-grid 1.22 Reflected.XSS HIGH" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "viewmedica No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "v-form 3.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "v-form 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "v-form 3.0.7 Missing.Authorization MEDIUM" "v-form 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "vite-coupon No.known.fix Remote.Code.Execution.via.CSRF HIGH" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vibebp 1.9.9.7.7 Unauthenticated.SQL.Injection HIGH" "vibebp 1.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "vibebp 1.9.9.5 Unauthenticated.Privilege.Escalation CRITICAL" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikbooking 1.7.2 Admin+.Stored.XSS MEDIUM" "vikbooking 1.6.8 Broken.Access.Control LOW" "vikbooking 1.6.8 Insecure.Direct.Object.References MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF LOW" "vikbooking 1.5.12 Admin+.Stored.XSS MEDIUM" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload LOW" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF CRITICAL" "vikbooking 1.5.4 Unauthenticated.Arbitrary.File.Upload MEDIUM" "vegas-fullscreen-background-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "vertical-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "vod-infomaniak 1.5.10 Missing.Authorization MEDIUM" "vod-infomaniak 1.5.8 Cross-Site.Request.Forgery MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "visual-portfolio 3.3.10 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "vdocipher 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vice-versa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vagonic-sortable No.known.fix Missing.Authorization MEDIUM" "void-visual-whmcs-element No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "void-visual-whmcs-element 1.0.4.1 Contributor+.Stored.XSS MEDIUM" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "verification-sms-targetsms No.known.fix Unauthenticated.Limited.Remote.Code.Execution HIGH" "visualizer 3.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Import.Data.From.File MEDIUM" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "vertical-diamond-flipbook-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "videojs-hls-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viperbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vg-woocarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "vk-filter-search No.known.fix Contributor+.Stored.XSS MEDIUM" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "visual-recent-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vkontakte-wall-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "video-sidebar-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-share-vod No.known.fix Reflected.Cross-Site.Scripting HIGH" "video-share-vod 2.6.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-share-vod 2.6.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "visitors-details No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "vcos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "visual-text-editor No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vr-calendar-sync 2.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync 2.4.5 LFI.via.CSRF HIGH" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "verge3d 4.9.5 Missing.Authorization MEDIUM" "verge3d 4.9.4 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.9.3 Cross-Site.Request.Forgery MEDIUM" "verge3d 4.8.3 Cross-Site.Request.Forgery MEDIUM" "verge3d 4.8.1 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "video-embedder 1.8 Stored.XSS.via.CSRF HIGH" "virtual-bot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "virtual-bot No.known.fix Unauthenticated.SQL.Injection HIGH" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "vikrestaurants 1.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vignete-ads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "validar-certificados-de-cursos No.known.fix Cross-Site.Request.Forgery MEDIUM" "validar-certificados-de-cursos 1.6.2 Cross-Site.Request.Forgery MEDIUM" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "visual-builder 1.3 Missing.Authorization MEDIUM" "varnish-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "variable-inspector No.known.fix Missing.Authorization MEDIUM" "variable-inspector 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "viral-loops-wp-integration No.known.fix Missing.Authorization MEDIUM" "viral-loops-wp-integration No.known.fix Missing.Authorization LOW" "viral-loops-wp-integration No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "video-embed-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "vasaio-qr-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vp-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-live-streaming-integration 6.2.5 Cross-Site.Request.Forgery MEDIUM" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Read HIGH" "videowhisper-live-streaming-integration 6.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "vayu-blocks 1.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.containerWidth.Parameter MEDIUM" "vayu-blocks 1.2.2 1.2.1.-.Missing.Authorization.to.Unauthenticated.Limited.Arbitrary.Options.Update MEDIUM" "vayu-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "vayu-blocks 1.2.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "visualcomposer 45.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "vampire-character No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visit-site-link-enhanced No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vertical-response-newsletter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "vikrentcar 1.4.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "vg-postcarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "video-wc-gallery 1.32 Missing.Authorization.to.Unauthenticated.Limited.File.Deletion MEDIUM" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vimeography 2.4.5 Sensitive.Information.Exposure MEDIUM" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "vitepos-lite 3.1.8 Missing.Authorization MEDIUM" "vitepos-lite 3.1.5 Missing.Authorization MEDIUM" "vitepos-lite 3.1.4 Missing.Authorization MEDIUM" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "vikappointments 1.2.17 Cross-Site.Request.Forgery MEDIUM" "videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vmax-project-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "valvepress-rankie No.known.fix Missing.Authorization MEDIUM" "vidorev-extensions 2.9.9.9.9.9.6 Missing.Authorization.to.Unauthenticated.Youtube.Video.Import MEDIUM" "vbsso-lite No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "vrpconnector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "video-player-for-wpbakery 1.0.2 Contributor+.Stored.XSS MEDIUM" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "visual-header 1.5 Missing.Authorization MEDIUM" "video-embeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "workbox-video-from-vimeo-youtube-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wxsync 2.8.1 Contributor+.Stored.XSS MEDIUM" "wpt-whatsapp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "wpfront-user-role-editor 4.2.2 Cross-Site.Request.Forgery.to.Privilege.Escalation.via.whitelist_options.Function HIGH" "wpfront-user-role-editor 4.1.0 Limited.Information.Exposure MEDIUM" "wpfront-user-role-editor 3.2.1.11184 Reflected.Cross-Site.Scripting MEDIUM" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-word-count No.known.fix Missing.Authorization.via.calculate_statistics MEDIUM" "wp-word-count 3.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "wp-timelines 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-timelines 3.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "wp-additional-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hotjar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.9 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.7 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-map-route-planner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "wpdevtool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wsify-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "windows-live-writer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-viewstl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "websand-subscription-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpf-ultimate-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "woocommerce-product-addon 33.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "wp-weixin-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-slide-categorywise No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpmm-memory-meter 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "wpforo-advanced-attachments 3.2.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-galleria No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-url-shortener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-automatic-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 16.1 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "wp-google-places-review-slider 15.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wpzoom-portfolio 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "wpzoom-portfolio 1.2.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wwm-social-share-on-image-hover No.known.fix Admin+.Stored.XSS LOW" "wp-mapa-politico-spain 3.8.1 Cross-Site.Request.Forgery MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-link-preview No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.49.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "wpstream 4.5.5 Local.Event.Settings.Update.via.CSRF MEDIUM" "wpstream 4.4.10.6 Settings.Update.via.CSRF MEDIUM" "wb-custom-product-tabs-for-woocommerce 1.2.5 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wp-freemind No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-page-loading 1.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-user-profile-avatar 1.0.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-user-profile-avatar 1.0.2 Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-add-active-class-to-menu-item No.known.fix Cross-Site.Request.Forgery MEDIUM" "wps-telegram-chat No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "wps-telegram-chat No.known.fix Authenticated.(Subscriber+).Unauthorized.Access.to.Telegram.Bot.API MEDIUM" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "woo-slider-pro-drag-drop-slider-builder-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "woo-slider-pro-drag-drop-slider-builder-for-woocommerce No.known.fix Drag.Drop.Slider.Builder.For.WooCommerce.<=.1.12.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-paypal 1.2.3.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "wc-affiliate No.known.fix Subscriber+.PHP.Object.Injection HIGH" "wc-affiliate 2.6 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.wf-export-all MEDIUM" "wc-affiliate 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.4 Reflected.XSS HIGH" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-responsive-thumbnail-slider 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wp-leads-builder-any-crm No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-leads-builder-any-crm 3.1 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "wc-vendors 2.5.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox 1.0.1 Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "wiredminds-leadlab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wps-child-theme-generator 1.2 Path.Traversal CRITICAL" "woocommerce-pos 1.7.9 Missing.Authorization MEDIUM" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "wc-product-author 1.0.8 Cross-Site.Request.Forgery MEDIUM" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-greet 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-multi-currency No.known.fix Missing.Authorization.to.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-multi-currency 2.3.7 WooCommerce.Multi.Currency.-.Currency.Switcher.<.2.3.7.-.Unauthenticated.SQL.Injection HIGH" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "wp-discord-invite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wordpress-easy-allopass No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.5.7 Subscriber+.Funds.Creation MEDIUM" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpo365-login 28.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pintra.Shortcode MEDIUM" "wpo365-login 15.4 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpo365-login 11.7 JWT.Signature.Verification.Bypass HIGH" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-compress-mainwp No.known.fix Missing.Authorization MEDIUM" "wp-compress-mainwp 6.30.06 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.16 Contributor+.Stored.XSS MEDIUM" "wp-crowdfunding 2.1.15 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Download MEDIUM" "wp-crowdfunding 2.1.13 Missing.Authorization.to.Authenticated.(Subscriber+).WooCommerce.Installation MEDIUM" "wp-crowdfunding 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcf_donate.Shortcode MEDIUM" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wplistcal No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "widget-manager-light No.known.fix Missing.Authorization MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-auto-affiliate-links 6.4.7 Admin+.SQL.Injection MEDIUM" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "we-client-logo-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "wp-social-broadcast No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wayne-audio-player No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wallet-system-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wallet-system-for-woocommerce 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wallet-system-for-woocommerce 2.6.3 Missing.Authorization MEDIUM" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wp-youtube-lyte 1.7.16 Authenticated.Stored.XSS MEDIUM" "wechat-subscribers-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Authenticated.(Contributor+).Local.File.Inclusion.via.'theme' HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Contributor+.Local.File.Inclusion HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "wp-event-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-event-manager No.known.fix Missing.Authorization MEDIUM" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wp-tao No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ws-bootstrap-vc No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpjobboard 5.11.1 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wpjobboard 5.11.1 Authenticated.(Subscriber+).Path.Traversal MEDIUM" "wpjobboard 5.11.1 Cross-Site.Request.Forgery MEDIUM" "wpjobboard 5.11.1 Reflected.Cross-Site.Scripting MEDIUM" "wpjobboard 5.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjobboard 5.7.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "wpjobboard 5.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 4.5 Multiple.SQL.Injections HIGH" "wpjobboard 5.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-pagseguro-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "webd-woocommerce-product-excel-importer-bulk-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-experiments-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-experiments-free No.known.fix Missing.Authorization MEDIUM" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wp-awesome-import-export No.known.fix Import.&.Export.WordPress.Data.<=.4.1.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.SQL.Execution/Privilege.Escalation HIGH" "wa-chatbox-manager 1.2.3 Missing.Authorization MEDIUM" "wp-event-aggregator 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.6 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core No.known.fix Unauthenticated.Server.Side.Request.Forgery MEDIUM" "wpb-show-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpb-show-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "wpgenious-job-listing No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wplingo No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "wpmbytplayer No.known.fix Missing.Authorization MEDIUM" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "woocommerce-upload-files 84.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-table-editor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "wowhead-tooltips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-svg No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "wpmandrill No.known.fix Missing.Authorization.via.getAjaxStats MEDIUM" "wp-login-control No.known.fix Reflected.XSS HIGH" "woocommerce-loyal-customer No.known.fix Missing.Authorization MEDIUM" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-post-modules-el No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-meta-keywords-meta-description No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "wp-programmmanager No.known.fix Reflected.XSS HIGH" "wp-programmmanager No.known.fix Category.Deletion.via.CSRF MEDIUM" "wp-programmmanager No.known.fix Admin+.SQL.Injection MEDIUM" "wp-jquery-datatable No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woffice-core 5.4.22 Cross-Site.Request.Forgery.to.User.Registration.Approval MEDIUM" "woffice-core 5.4.22 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "wp-eventpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "wsm-downloader No.known.fix Domain.Name.Restriction.Bypass LOW" "wsm-downloader No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-music-player No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "wp-recaptcha-integration 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration No.known.fix Admin+.Stored.XSS LOW" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "wp-modal-popup-with-cookie-integration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-power-stats No.known.fix CSRF MEDIUM" "wp-video-lightbox 1.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "wp-video-lightbox 1.9.7 Contributor+.Stored.XSS MEDIUM" "wp-video-lightbox 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-video-lightbox 1.9.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wordlift No.known.fix Missing.Authorization MEDIUM" "wordlift No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wordpress-gdpr 2.0.3 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "wordpress-gdpr 2.0.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wpc-shop-as-customer 1.2.9 Authentication.Bypass.Due.to.Insufficiently.Unique.Key HIGH" "wpc-shop-as-customer 1.2.7 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "wp-nssuser-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-youtube-video-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-staging-pro 6.1.3 Unauthenticated.Information.Exposure.via.getOutdatedPluginsRequest.Function MEDIUM" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "wp-realestate-manager No.known.fix Authentication.Bypass CRITICAL" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "web2application No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-oscommerce-sync No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpex-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.4 Contributor+.Stored.XSS.via.wwa_login_form.Shortcode MEDIUM" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-enable-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "wp-yelp-review-slider 8.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-yelp-review-slider 7.1 Subscriber+.SQLi HIGH" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "wp-bulk-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-data-logger 2.2.1 Missing.Authorization MEDIUM" "wp-performance-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-performance-pack 2.5.4 Missing.Authorization MEDIUM" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wp-fpo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-delete-user-accounts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-translate No.known.fix Missing.Authorization MEDIUM" "wezido-elementor-addon-based-on-easy-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-triggers-lite No.known.fix Admin+.SQL.Injection MEDIUM" "wp-triggers-lite No.known.fix Reflected.XSS HIGH" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wh-cache-and-security No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-smart-quick-view 4.1.2 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.13 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "wp-posts-carousel 1.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.auto_play_timeout.Parameter MEDIUM" "wp-featured-content-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-spacecontent No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3-total-cache 2.8.2 Subscriber+.Server-Side.Request.Forgery HIGH" "w3-total-cache 2.8.2 Unauthenticated.Plugin.Deactivation.and.Extensions.Activation/Deactivation MEDIUM" "w3-total-cache 2.8.2 Information.Exposure.via.Log.Files LOW" "w3-total-cache 2.7.6 Sensitive.Credentials.Stored.in.Plaintext LOW" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) CRITICAL" "w3-total-cache 0.9.5 Information.Disclosure.Race.Condition HIGH" "wpdbspringclean No.known.fix Reflected.XSS HIGH" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wt-display-breeze 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cal_size.Parameter MEDIUM" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-social-login No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-social-login 2.7.8 WordPress./.WooCommerce.Plugin.<.2.7.8.-.Authentication.Bypass HIGH" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "wp-jobsearch No.known.fix Authentication.Bypass.via.Social.Logins HIGH" "wp-jobsearch 2.6.8 Unauthenticated.Privilege.Escalation CRITICAL" "wp-jobsearch 2.6.8 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 2.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-guppy No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "wp-content-copy-protector 3.6.1 Cross-Site.Request.Forgery MEDIUM" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-access-areas 1.5.20 Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "woo-products-widgets-for-elementor No.known.fix Contributor+.Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webappick-pdf-invoice-for-woocommerce 3.7.59 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "woo-one-click-upsell-funnel 3.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wps_wocuf_pro_yes.Shortcode MEDIUM" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "wpjournal No.known.fix Missing.Authorization MEDIUM" "wp-helper-lite 4.6.2 Missing.Authorization.in.whp_smtp_send_mail_test MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "wpformify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpformify 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-content-plus 3.6.2 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-private-content-plus 3.6.1 Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wplike2get No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wpcs-content-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcs-content-scheduler 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woobox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woobox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-prayers-request No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayers-request No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping No.known.fix Missing.Authorization MEDIUM" "woocommerce-cloak-affiliate-links 1.0.36 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "woocommerce-custom-product-tabs-lite 1.9.1 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "workreap 3.3.3 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.'workreap_temp_upload_to_media' HIGH" "workreap 3.3.2 Authentication.Bypass.via.'workreap_verify_user_account' HIGH" "workreap 3.2.6 Unauthenticated.Privilege.Escalation CRITICAL" "wp-announcements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-login-customizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "wsb-brands 1.2 Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-codice-fiscale No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wpbits-addons-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpbits-addons-for-elementor 1.5 Contributor+.Stored.XSS MEDIUM" "wpbits-addons-for-elementor 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wpgsi 3.8.3 Cross-Site.Request.Forgery.to.Arbitrary.Post.Publish MEDIUM" "wpgsi 3.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpgsi 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgsi 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wpgsi 3.6.0 CSRF.Bypass MEDIUM" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-database-backup 7.4 Unauthenticated.Database.Back-Up.Exposure HIGH" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-smart-contracts No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "wp125 1.5.5 Arbitrary.Ad.Deletion.via.CSRF MEDIUM" "wpsynchro 1.11.3 Cross-Site.Request.Forgery MEDIUM" "wpsynchro 1.10.0 Settings.Update.via.CSRF MEDIUM" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "woocommerce-order-searching No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpview No.known.fix Admin+.Stored.XSS LOW" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "wp-vipergb 1.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-vipergb 1.13.16 XSS MEDIUM" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gcalendar No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "woolentor-addons 3.1.3 Unauthenticated.Server-Side.Request.Forgery.via.URL.Parameter MEDIUM" "woolentor-addons 3.1.1 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Flash.Sale.Countdown.Module MEDIUM" "woolentor-addons 2.9.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.WL:.FAQ.Widget.Elementor.Template MEDIUM" "woolentor-addons 2.9.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "woo-ups-pickup No.known.fix Missing.Authorization MEDIUM" "woo-ups-pickup 2.6.6 Reflected.XSS HIGH" "wc-sudan-payment-gateway No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-last-modified No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market 2.2.2 Settings.Update.via.CSRF MEDIUM" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-website-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 2.0.1 Settings.Update.via.CSRF MEDIUM" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "woocommerce-maintenance-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpdirectorykit 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.2.7 Missing.Authorization MEDIUM" "wpdirectorykit 1.2.4 Missing.Authorization.for.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.4 Reflected.Cross-Site.Scripting.via.search.parameter MEDIUM" "wpdirectorykit 1.2.0 Unauthenticated.Local.File.Inclusion HIGH" "wpdirectorykit 1.2.3 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.2.2 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Open.Redirect MEDIUM" "wp-easy-contact 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-joomag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-query-console No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "wp-panoramio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpfilesearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "wp-ban-user No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "world-cup-predictor No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-google-map-gold 5.8.5 Missing.Authorization MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wp01 No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 14.9 CSRF MEDIUM" "wpseo-local 14.9 Reflected.XSS HIGH" "wp-colorful-tag-cloud No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-limit-failed-login-attempts 5.6 Unauthenticated.SQL.Injeciton HIGH" "wp-limit-failed-login-attempts 5.4 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "wp-voting-contest 3.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.51 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "wp-attachments 5.1 Reflected.Cross-Site.Scripting.via.attachment_id.Parameter MEDIUM" "wp-attachments 5.0.12 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-time-capsule 1.22.24 Reflected.Cross-Site.Scripting MEDIUM" "wp-time-capsule 1.22.22 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-time-capsule 1.22.22 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-time-capsule 1.22.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "wpcleaner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woc-open-close No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-azure-offload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpgt-google-translate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgt-google-translate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-strava No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-base-booking-of-appointments-services-and-events 5.0.0 Reflected.XSS HIGH" "wp-base-booking-of-appointments-services-and-events 5.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.app_export_db MEDIUM" "wp-base-booking-of-appointments-services-and-events 4.9.2 Reflected.Cross-Site.Scripting.via.status.Parameter MEDIUM" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpglobus-translate-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpglobus-translate-options 2.2.0 Reflected.XSS HIGH" "wp-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "we-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "wr-age-verification No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wr-age-verification No.known.fix Unauthenticated.SQL.Injection HIGH" "wr-age-verification 2.0.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-pipes 1.4.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-pipes No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wp-pipes 1.4.2 Reflected.Cross-Site.Scripting.via.x1.Parameter MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "wp-jobhunt No.known.fix Unauthenticated.Insecure.Direct.Object.Reference HIGH" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass.to.Candidate HIGH" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Email.Update/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass CRITICAL" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "woo-parcel-pro 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "wp-query-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wumii-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "while-it-is-loading No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "weather-atlas No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-plugin-contact-form-7 No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webo-facto-connector 1.41 Unauthenticated.Privilege.Escalation CRITICAL" "wp-compress-image-optimizer 6.30.31 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.30.16 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions HIGH" "wp-compress-image-optimizer 6.30.16 Unauthenticated.Server-Side.Request.Forgery.via.init.Function MEDIUM" "wp-compress-image-optimizer 6.30.04 Reflected.Cross-Site.Scripting.via.custom_server.Parameter MEDIUM" "wp-compress-image-optimizer 6.21.01 Reflected.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wp-data-access 5.5.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-data-access 5.5.23 Unauthenticated.SQL.Injection HIGH" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wpperformancetester No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-responsive-photo-gallery 1.0.16 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "wp-responsive-photo-gallery 1.0.4 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "wplms-plugin 1.9.9.5.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.3.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.3.3 Unauthenticated.Arbitrary.File.Download HIGH" "wp-job-portal 2.3.3 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-job-portal 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-job-portal 2.2.9 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Photo.Disconnection MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Job.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Company.Logo.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Company.Deletion MEDIUM" "wp-job-portal 2.2.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "wp-job-portal 2.2.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.wpjobportal_deactivate() MEDIUM" "wp-job-portal 2.2.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.3 Missing.Authorization.to.Limited.Privilege.Escalation MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.getFieldsForVisibleCombobox() MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-job-portal 2.2.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal 2.1.9 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "wp-clone-by-wp-academy 2.4.7 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialized_replace' HIGH" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "wp-image-mask 3.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ad-guru No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-category-slider-by-pluginever 4.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wc-pickupp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-visual-adverts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-plugin-info-card 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.containerid.Parameter MEDIUM" "wp-plugin-info-card 5.3.1 Contributor+.Stored.XSS MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wpfront-scroll-top 2.0.6.07225 Admin+.Stored.XSS MEDIUM" "widgetize-pages-light No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-auto-spinner No.known.fix Missing.Authorization MEDIUM" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-post-to-pdf-enhanced No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-dynamic-pricing-discounts-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "wpcs-wp-custom-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-direct-checkout-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "watu 3.4.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "watu 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "watu 3.4.1.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "wpsolr-search-engine 8.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "webriti-custom-login-page No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-checkout-field-editor-pro 2.0.4 Reflected.Cross-Site.Scripting.via.render_review_request_notice MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "wp-visited-countries-reloaded 3.1.1 Reflected.Cross-Site.Scripting HIGH" "wp-foodbakery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wp-foodbakery No.known.fix Authentication.Bypass CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Privilege.Escalation.in.foodbakery_registration_validation CRITICAL" "wp-foodbakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woolook No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "wpforms-user-registration 2.1.2 Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation HIGH" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpo365-msgraphmailer 3.3 Open.Redirect.via.'redirect_to'.Parameter MEDIUM" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "woo-advanced-product-information 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.2.5 7.2.4.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-jetpack 7.2.5 7.2.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "woocommerce-jetpack 7.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-jetpack 7.2.4 Authenticated.(ShopManager+).Stored.Cross-Site.Scripting.via.wcj_product_meta.Shortcode MEDIUM" "woocommerce-jetpack 7.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "woo-multi-currency 2.2.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.get_products_price.Function HIGH" "woo-multi-currency 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.25.3 Cross-Site.Request.Forgery.in.wfu_file_details MEDIUM" "wp-file-upload 4.24.14 Unuathenticated.Remote.Code.Execution CRITICAL" "wp-file-upload 4.25.0 Unauthenticated.Remote.Code.Execution,.Arbitrary.File.Read,.and.Arbitrary.File.Deletion CRITICAL" "wp-file-upload 4.24.14 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.in.wfu_file_downloader.php HIGH" "wp-file-upload 4.25.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "wp-file-upload 4.24.12 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.and.Deletion.in.wfu_file_downloader.php CRITICAL" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "wpvivid-backuprestore 0.9.113 Admin+.Arbitrary.File.Upload HIGH" "wpvivid-backuprestore 0.9.107 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.108 Unauthenticated.PHP.Object.Injection HIGH" "wpvivid-backuprestore 0.9.106 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backuprestore 0.9.100 Admin+.PHAR.Deserialization HIGH" "wpvivid-backuprestore 0.9.69 Unauthenticated.SQLi.&.DoS HIGH" "wpvivid-backuprestore 0.9.95 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.92 WPvivid.<.0.9.92.-.Unauthenticated.Sensitive.Information.Exposure HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Arbitrary.Directory.Deletion.via.Path.Traversal HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.91 Missing.Authorization.via.'start_staging'.and.'get_staging_progress' HIGH" "wpvivid-backuprestore 0.9.77 Admin+.Arbitrary.File.Deletion MEDIUM" "wpvivid-backuprestore 0.9.76 Admin+.Arbitrary.File.Read MEDIUM" "wpvivid-backuprestore 0.9.75 Admin+.PHAR.Deserialization MEDIUM" "wpvivid-backuprestore 0.9.71 Admin+.Arbitrary.File.Download LOW" "wpvivid-backuprestore 0.9.70 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.69 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpvivid-backuprestore 0.9.56 Reflected.Cross-Site.Scripting HIGH" "wp-video-posts No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wp-video-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-share-buttons-analytics-by-getsocial No.known.fix Missing.Authorization MEDIUM" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "wp-user-profiles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "watchtowerhq 3.10.4 Authentication.Bypass.to.Administrator.due.to.Missing.Empty.Value.Check CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-simple-booking-calendar 2.0.14 Missing.Authorization MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "wbounce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wd-image-magnifier-xoss No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "wupo-group-attributes 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-dropshipping No.known.fix Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wp-featured-screenshot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "woo-cart-count-shortcode 1.1.0 Contributor+.XSS MEDIUM" "woo-cart-count-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager No.known.fix Stored.XSS.via.CSRF HIGH" "wp-abstracts-manuscripts-manager 2.7.4 Cross-Site.Request.Forgery.to.Arbitrary.Account.Deletion HIGH" "wp-abstracts-manuscripts-manager 2.7.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mediatagger No.known.fix Reflected.XSS HIGH" "wp-mediatagger No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "wp-podcasts-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-social-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wpc-smart-linked-products 1.3.6 Contributor+.Privilege.Escalation HIGH" "we-testimonial-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-yadisk-files No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-yadisk-files No.known.fix Admin+.Stored.XSS LOW" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-smart-tv 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-quote-calculator-order No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-quote-calculator-order No.known.fix Unauthenticated.SQL.Injection HIGH" "wetterwarner 2.8 Admin+.Stored.XSS LOW" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "wp-sliding-logindashboard-panel No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-keyword-monitor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "woo-manage-fraud-orders No.known.fix Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "woo-manage-fraud-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wired-impact-volunteer-management 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpfavicon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting LOW" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "woocommerce-mis-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-data-guards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-all-import-pro 4.9.8 Cross-Site.Request.Forgery.to.Imported.Content.Deletion MEDIUM" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).PHP.Object.Injection.via.Import.File HIGH" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-all-import-pro 4.9.4 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.File.Import HIGH" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "web-push No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-multi-store-locator 2.5.2 Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.5.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "wooexim No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wooexim No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wooexim No.known.fix CSRF.to.Reflected.XSS MEDIUM" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "ws-force-login-page 3.0.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "website-toolbox-forums 2.0.2 Reflected.Cross-Site.Scripting.via.websitetoolbox_username MEDIUM" "wip-woocarousel-lite 1.1.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wip-woocarousel-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce 9.9.4 Shop.manager+.SQLi MEDIUM" "woocommerce 9.7.1 Shop.Manager+.Stored.XSS.via.New.Product.Form MEDIUM" "woocommerce 9.4.3 Unauthenticated.Order.Creation MEDIUM" "woocommerce 9.4.3 Reflected.XSS HIGH" "woocommerce 9.1.0 Unauthenticated.HTML.Injection MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "woo-tuner No.known.fix Missing.Authorization MEDIUM" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "woocommerce-basic-ordernumbers No.known.fix Missing.Authorization MEDIUM" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorousell 1.1.1 Contributor+.Stored.XSS MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "wpdevart-vertical-menu 1.5.9 Theme.Deletion.via.CSRF MEDIUM" "wpdevart-vertical-menu 1.5.9 Admin+.Stored.XSS LOW" "woo-refund-and-exchange-lite 4.4.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woo-refund-and-exchange-lite 4.4.6 Subscriber+.IDOR MEDIUM" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-about-author 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-for-japan 2.6.41 Cross-Site.Request.Forgery MEDIUM" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "wp-no-bot-question No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-ecommerce-quickpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-html5-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wp-ogp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 5.0.50 Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Settings.Update MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-subscription-forms 1.2.4 Missing.Authorization MEDIUM" "wp-subscription-forms 1.2.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-subscription-forms 1.2.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "wp-photo-text-slider-50 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "webtoffee-product-feed 2.2.9 Missing.Authorization MEDIUM" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-vertical-image-slider 1.2.17 .Reflected.XSS HIGH" "wp-vertical-image-slider 1.2.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2 Cross-Site.Scripting.&.CSRF CRITICAL" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-customize-login-page No.known.fix Missing.Authorization MEDIUM" "wp-customize-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "wpematico 2.6.12 Admin+.Stored.Cross-Site.Scripting LOW" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wpcrm No.known.fix CRM.for.Contact.form.CF7.&.WooCommerce.<=.3.2.0.-.Unauthenticated.SQL.Injection HIGH" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-address-book 1.6.0 CSRF HIGH" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wiser-notify 2.6 Missing.Authorization MEDIUM" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "wp-counter-up 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-order-notes 1.5.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.13 Missing.Authorization MEDIUM" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-news-magazine 1.2.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-meetup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "wc-pagaleve 1.6.10 Pagaleve.<.1.6.10.-.Unauthenticated.PHP.Object.Injection CRITICAL" "wp-vk 1.3.4 Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "wpp-customization No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-easy-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection.via.key.Parameter HIGH" "wp-easy-gallery No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "wp-easy-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Gallery.Manipulation MEDIUM" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-migrate-2-aws 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-check-pincode-zipcode-for-shipping No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "wm-zoom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-producttables-pro No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "wc-checkout-getnet 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-checkout-getnet 1.8.1 Admin+.Stored.XSS LOW" "wc-checkout-getnet 1.8.1 Reflected.XSS MEDIUM" "woo-order-splitter 5.3.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpb-popup-for-contact-form-7 1.7.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wpb_pcf_fire_contact_form HIGH" "wordpress-gallery-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-contest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-contest No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-easy-recipe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-polls 2.77.3 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "wp-health 2.17.1 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "wp-e-commerce-style-email No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wp-e-commerce-style-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-odoo-form-integrator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9 Reflected.Cross-Site.Scripting MEDIUM" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.137 Reflected.Cross-Site.Scripting MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "wish-list-for-woocommerce-pro 3.1.3 3.1.2.-.Reflected.Cross-Site.Scripting.via.wtab.Parameter MEDIUM" "wp-google-maps 9.0.41 Cross-Site.Request.Forgery MEDIUM" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "wpzoom-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "wpzoom-shortcodes 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpm-news-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wppdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-notcaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-syntax No.known.fix Author+.Potential.ReDoS LOW" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-with-spritz No.known.fix Unauthenticated.File.Inclusion CRITICAL" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.4.2.3 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "wppedia No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "woocommerce-digital-content-delivery-with-drm-flickrocket No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-simple-registration 1.5.7 Unauthenticated.Privilege.Escalation CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-ulike No.known.fix Missing.Authorization.to.Unauthenticated.Content.Spoofing MEDIUM" "wp-ulike 4.7.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.6 Admin+.Stored.XSS LOW" "wp-ulike 4.7.5 Admin+.Stored.XSS.via.Widgets LOW" "wp-ulike 4.7.5 Cross-Site.Request.Forgery.to.Statistic.Deletion MEDIUM" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "wpeform-lite 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-whois-domain No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-smushit 3.17.1 Admin+.Directory.Traversal LOW" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "wizhi-multi-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-scribd-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "wp-optin-wheel 1.4.8 Admin+.SSRF MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wpcal 0.9.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-woo-commerce-sync-for-g-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "wpfront-notification-bar 3.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Admin+.Stored.XSS MEDIUM" "wpfront-notification-bar 2.1.0.08087 Authenticated.Stored.XSS LOW" "wpfront-notification-bar 2.0.0.07176 Authenticated.Stored.XSS MEDIUM" "wp-businessdirectory 3.1.3 Reflected.Cross-Site.Scripting HIGH" "wp-businessdirectory 3.1.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-image-uploader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-uploader No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-image-uploader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "woo-product-filter 2.8.0 Unauthenticated.SQL.Injection.via.filtersDataBackend.Parameter HIGH" "woo-product-filter 2.7.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simple-html-sitemap No.known.fix Missing.Authorization MEDIUM" "wp-simple-html-sitemap 3.2 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wpbricks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbricks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-job-board-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-skitter-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.2 Missing.Authorization MEDIUM" "wp-datepicker 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpexperts-square-for-give 1.3.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpexperts-square-for-give 1.3.2 Subscriber+.SQL.Injection HIGH" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wppageflip No.known.fix index.php.pageflipbook_language.Parameter.Traversal.Local.File.Inclusion CRITICAL" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "wp-opensearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ws-facebook-likebox No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-ever-accounting 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-ja-ja-pagamentos-multicaixa-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "wte-elementor-widgets 1.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-imap-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-secure-by-sitesecuritymonitorcom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wrc-pricing-tables 2.3.8 Missing.Authorization MEDIUM" "wrc-pricing-tables 2.3.9 Admin+.Stored.XSS LOW" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-orphanage-extended 1.3 Cross-Site.Request.Forgery.to.Orphan.Account.Privilege.Escalation HIGH" "wp-maintenance-mode-site-under-construction 4.4 Cross-Site.Request.Forgery MEDIUM" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.4.25 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wc4bp 3.4.26 Cross-Site.Request.Forgery.to.Limited.Settings.Update MEDIUM" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-vr-view No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "wux-blog-editor No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "wux-blog-editor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbrutalai 2.06 Admin+.Stored.XSS LOW" "wpbrutalai 2.0.0 SQL.Injection.via.CSRF HIGH" "wpbrutalai 2.0.1 Admin+.Reflected.XSS HIGH" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wowrestro 1.1 CSRF.Bypass MEDIUM" "wpeventplus No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wpeventplus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "wtyczka-seopilot-dla-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-parallax-content-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "woo-fattureincloud 2.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "wp-s3 1.6 Reflected.XSS HIGH" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "wp-multilang 2.4.19.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "word-freshener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "wpachievements-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "wovax-idx No.known.fix Missing.Authorization.to.Privilege.Escalation HIGH" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-expand-tabs-free No.known.fix Admin+.PHP.Object.Injection MEDIUM" "wp-expand-tabs-free 2.2.7 Admin+.Stored.XSS LOW" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-maximum-upload-file-size 1.1.4 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "woo-custom-cart-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "wp-user-extra-fields 16.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-extra-fields 16.7 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-user-extra-fields 16.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-ajax-filters 1.6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-hide-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wpsimpletools-upload-limit No.known.fix Reflected.XSS HIGH" "wp-shortcode 1.4.17 CSRF MEDIUM" "wplyrics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wibstats-statistics-for-wordpress-mu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-listings-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.13 Contributor+.Stored.XSS MEDIUM" "wp-nested-pages 3.2.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.9 Editor+.Stored.XSS LOW" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "widget-logic No.known.fix Contributor+.Remote.Code.Execution HIGH" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woostagram-connect No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-employee-attendance-system No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-import 1.1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-smart-import 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-w3all-phpbb-integration No.known.fix Stored.XSS.via.CSRF HIGH" "wp-w3all-phpbb-integration 2.9.9 Cross-Site.Request.Forgery MEDIUM" "wp-cookies-enabler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-church-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-menu-image 2.3 Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-menu-image 2.3 Missing.Authorization.to.Unauthenticated.Menu.Image.Deletion MEDIUM" "wptobe-signinup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting.via.'channel' MEDIUM" "wp-hide-security-enhancer 2.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Contents.Deletion HIGH" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wp-custom-taxonomy-meta No.known.fix Cross-Site.Request.Forgery.to.Taxonomy.Meta.Add/Delete MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "wps-hide-login 1.9.16.4 Hidden.Login.Page.Disclosure LOW" "wps-hide-login 1.9.16 Login.Page.Disclosure MEDIUM" "wps-hide-login 1.9.12 Hidden.Login.Page.Location.Disclosure LOW" "wps-hide-login 1.9.1 Protection.Bypass.with.Referer-Header MEDIUM" "wps-hide-login 1.5.5 Secret.Login.Page.Disclosure CRITICAL" "wps-hide-login 1.5.3 Multiples.Issues HIGH" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "wp-email-delivery No.known.fix Reflected.XSS HIGH" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "what-would-seth-godin-do 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "wpaudio-mp3-player No.known.fix Contributor+.Stored.XSS MEDIUM" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wp-flickr-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-pricing-table 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "wp-spreadplugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wpadcenter 2.5.9 Contributor+.Stored.XSS MEDIUM" "wpadcenter 2.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpadcenter_ad.Shortcode MEDIUM" "wpadcenter 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_alignment.Attribute MEDIUM" "w3speedster-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "w3speedster-wp 7.27 Cross-Site.Request.Forgery MEDIUM" "w3speedster-wp 7.27 Admin+.RCE MEDIUM" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "wp-spid-italia 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-job-manager-colors No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "wp-awesome-login No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-responsive-slab-text 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-asambleas No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-asambleas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "wpshare247-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bibtex No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bibtex 3.0.2 Cross-Site.Request.Forgery.to.Stored.and.Reflected.Cross-Site.Scripting MEDIUM" "webbricks-addons 1.1.11 Contributor+.Stored.XSS MEDIUM" "wp-docs 2.2.7 Missing.Authorization MEDIUM" "wp-docs 2.2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.2.1 Authenticated.(Subscriber+).Time-Based.SQL.Injection.via.'dir_id' MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "wp-custom-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-importer 0.8.4 Admin+.PHP.Object.Injection MEDIUM" "wp-notes-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "wp-news-sliders No.known.fix Missing.Authorization MEDIUM" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wsecure No.known.fix Admin+.Stored.XSS LOW" "wsecure 2.4 Remote.Code.Execution.(RCE) HIGH" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "wp-dpe-ges 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-online-users-stats No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.hk_dataset_results.Function MEDIUM" "wp-online-users-stats No.known.fix Authenticated.(Editor+).SQL.Injection.via.table_name.Parameter MEDIUM" "wp-online-users-stats No.known.fix Unauthenticated.SQL.Injection HIGH" "wpdash-notes No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-optimize 4.2.0 Admin+.SQLi MEDIUM" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "wysija-newsletters 2.8.2 Spam.Vulnerability MEDIUM" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wpmailer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-knowledgebase No.known.fix CSRF MEDIUM" "woo-coupon-usage 6.3.1 Reflected.Cross-Site.Scripting.via.'commission_summary'.Parameter MEDIUM" "woo-coupon-usage 5.16.7.2 Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "wpspeed No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-cards No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpsitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-propagator No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-crm No.known.fix CSV.Injection LOW" "wplr-sync 6.4.1 Missing.Authorization MEDIUM" "wplr-sync 6.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "wp-photo-album-plus 8.9.01.001 Unauthenticated.Arbitrary.Shortcode.Execution.via.getshortcodedrenderedfenodelay HIGH" "wp-photo-album-plus 8.8.07.004 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-asset-clean-up 1.3.9.9 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wp-finance No.known.fix Stored.XSS.via.CSRF HIGH" "wp-finance No.known.fix Reflected.XSS HIGH" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "wp-video-gallery-free No.known.fix Unauthenticated.SQLi HIGH" "wp-seo-structured-data-schema 2.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "wphobby-demo-import No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-statistics 14.13.4 Subscriber+.Arbitrary.Plugin.Settings.Update MEDIUM" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-reviews-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-video-robot No.known.fix .Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Unauthenticated.SQL.Injection HIGH" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wa11y No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wpslacksync 1.8.6 Slack.Access.Token.Disclosure HIGH" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "woo-edit-templates No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ws-form 1.10.36 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ws-form 1.10.14 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.9.245 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "ws-form 1.9.244 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ws-form 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form 1.9.171 Authenticated(Administrator+).SQL.Injection MEDIUM" "ws-form 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "ws-form 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "wphelpkit 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-autokeyword No.known.fix Missing.Authorization MEDIUM" "wp-autokeyword No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-autokeyword No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "wp-autokeyword No.known.fix Unauthenticated.SQL.Injection HIGH" "wecantrack No.known.fix Open.Redirect MEDIUM" "whmpress No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "whmpress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "whmpress 6.3-revision-1 Unauthenticated.Local.File.Inclusion.to.Arbitrary.Options.Update CRITICAL" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-hosting-performance-check No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpdeepl 2.4.1.2 Log.Pruning.via.CSRF MEDIUM" "wpdeepl 1.7.5 API.Key.Disclosure MEDIUM" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "wpdb-to-sql No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "wp-shapes No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-booking-system 2.0.19.11 Missing.Authorization.via.wpbs_refresh_calendar_editor MEDIUM" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wcs-qr-code-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wpdtol-database-table-overview-logs 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-post-rss-feed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-analytify 6.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Minor.Settings.Update MEDIUM" "wp-analytify 5.5.1 Missing.Authorization MEDIUM" "wp-analytify 5.5.0 Missing.Authorization MEDIUM" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wpgetapi 2.25.1 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wpgetapi 2.2.2 2.2.1.-.Authenticated.(Subscriber+).Arbitrary.Options.Update MEDIUM" "wp-connect No.known.fix Stored.XSS.via.CSRF HIGH" "wpc-smart-upsell-funnel 3.0.5 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wc-qr-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpressplugin-upgrade-time-out-plugin No.known.fix Stored.XSS.via.CSRF HIGH" "wpworx-faq No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-ride-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "where-did-they-go-from-here 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-whatsapp-chat 6.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wpr-admin-amplify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-block-pack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-mu-secure-invites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-quick-setup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin/Theme.Installation HIGH" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "wp-bootscraper 4.0.0 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-frontend-submit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wot-elementor-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp2speed No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp2speed No.known.fix Improper.Authorization.due.to.use.of.Hardcoded.Credentials MEDIUM" "woocommerce-multiple-addresses No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-touch-slider No.known.fix Reflected.XSS HIGH" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-raptor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdatatables 6.3.2 Tables.&.Table.Charts.(Premium).<.6.3.2.-.Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 6.4 Tables.&.Table.Charts.(Premium).<.6.4.-.Missing.Authorization.to.DataTable.Access.&.Modification HIGH" "wpdatatables 3.4.2.14 Unauthenticated.Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "wpdatatables 3.4.2.5 Reflected.Cross-Site.Scripting. MEDIUM" "wpdatatables 2.1.66 Admin+.PHP.Object.Injection MEDIUM" "wpdatatables 2.1.50 Contributor+.Stored.XSS MEDIUM" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Data.Deletion MEDIUM" "wpdatatables 3.4.2 Blind.SQL.Injection.via.length.Parameter CRITICAL" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Permission.Takeover HIGH" "wpdatatables 3.4.2 Blind.SQL.Injection.via.start.Parameter CRITICAL" "wpdatatables 3.4.1 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 2.0.12 Cross-Site.Scripting.(XSS).&.SQL.Injection HIGH" "wpdatatables 1.5.4 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 1.5.4 Unauthenticated.Shell.Upload CRITICAL" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-basics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-publications No.known.fix Admin+.Stored.XSS LOW" "wp-publications No.known.fix Local.File.Inclusion HIGH" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-test-email 1.1.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-test-email 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-flipclock No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wpb-advanced-faq No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-order-by No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "www-xml-sitemap-generator-org 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wpmarketplace No.known.fix Arbitrary.File.Upload HIGH" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-currency-exchange-rates 1.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-awesome-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn2.Shortcode MEDIUM" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-hrm-lite-human-resource-management-system No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "wphrm 1.1 Authenticated.SQL.Injection HIGH" "wp-cyr-cho No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-simple-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bulk-post-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-mylinks 1.0.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "wpjqp-datepicker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-pre-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-postratings-cheater No.known.fix Cross-Site.Request.Forgery MEDIUM" "wc-wallet No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-theme-demo-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wati-chat-and-notification 1.1.5 Stored.XSS.via.CSRF HIGH" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "wc-support-system 1.2.3 Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "wp-easy-guide No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-nerd-toolkit No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-copy-media-url No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "widget-or-sidebar-per-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-whatsapp 3.6.9 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "wp-whatsapp 3.6.5 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.4 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.3 Contributor+.Stored.XSS MEDIUM" "wp-whatsapp 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "wp-whatsapp 3.4.5 Admin+.Stored.XSS LOW" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "woocommerce-compare-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-form-iii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-additional-fees-on-checkout-wordpress 1.4.8 Reflected.Cross-Site.Scripting.via.'number' MEDIUM" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "wp-e-customers No.known.fix Reflected.XSS HIGH" "wp-database-optimizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-database-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "wd-facebook-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simple-anchors-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpanchor.Shortcode MEDIUM" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wpcasa 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpcasa 1.3.0 Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-post-grid 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-grid-with-filters.Shortcode MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "wc-serial-numbers 2.1.1 Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "widgetkit-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "woo-events 4.1.3 Unauthenticated.Arbitrary.File.Overwrite CRITICAL" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-pocket-urls 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "web-stories-enhancer 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-free-ssl No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-management-controller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-recently-viewed-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-activity-o-meter No.known.fix Reflected.XSS HIGH" "wpop-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "world-prayer-time No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-hotel-booking 2.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-hotel-booking 2.1.7 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "wp-hotel-booking 2.1.6 Missing.Authorization MEDIUM" "wp-hotel-booking No.known.fix Contributor+.Local.File.Inclusion HIGH" "wp-hotel-booking 2.1.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wish-list-for-woocommerce 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wish-list-for-woocommerce 3.1.8 Cross-Site.Request.Forgery.to.Cross-Site.Scriping.via.Wishlist.Name MEDIUM" "wish-list-for-woocommerce 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-ticket-ultra No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "wp-custom-taxonomy-image No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-better-customer-list No.known.fix Reflected.Cross-Site.Scripting HIGH" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woocommerce-myparcel 4.24.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-image-seo No.known.fix Cross-Site.Request.Forgery MEDIUM" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-post-category-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Unauthenticated.SQLi HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Reflected.XSS HIGH" "wp-show-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_more.Shortcode MEDIUM" "wp-image-compression No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-ultimate-csv-importer 7.20.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-ultimate-csv-importer 7.19.1 Subscriber+.Arbitrary.File.Deletion HIGH" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpgsi-professional 3.6.0 CSRF.Bypass MEDIUM" "wpgsi-professional 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-pano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review No.known.fix IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-mathjax-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-binary-mlm No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woo-binary-mlm No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wm-options-import-export No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "wp-mail-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-featherlight No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "wp2leads No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp2leads 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.3.4 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.2.8 Missing.Authorization MEDIUM" "wibiya No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp24-domain-check 1.10.15 Reflected.Cross-Site.Scripting MEDIUM" "wp24-domain-check 1.6.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "wp-log-viewer No.known.fix Missing.Authorization MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "wp-multitasking No.known.fix Header/Footer/Body.Script.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Permalink.Suffix.Update.via.CSRF MEDIUM" "wp-multitasking 0.1.18 WP.Utilities.<.0.1.18.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-less-compiler No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "wc-estimate-and-quote No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weluka-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-eis No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wpc-badge-management 2.4.1 Missing.Authorization MEDIUM" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woozone No.known.fix Subscriber+.SQL.Injection HIGH" "woozone 14.1.0 Subscriber+.Privilege.Escalation HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.0.31 Unauthenticated.SQL.Injection HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.1.0 Reflected.Cross-Site.Scripting HIGH" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wooms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wechat-social-login No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wechat-social-login No.known.fix Authentication.Bypass CRITICAL" "wp-action-network No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "wordpress-custom-sidebar No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-admin-ui-customize 1.5.14 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "wpsite-follow-us-badges No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpsite-follow-us-badges 3.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsite_follow_us_badges.Shortcode MEDIUM" "wp-stripe-donation 3.2.4 Missing.Authorization MEDIUM" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-countdown 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-countdown 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "wp-twitter-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wonder-fontawesome No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-woocommerce-quickbooks 1.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-woocommerce-quickbooks 1.1.9 Reflected.Cross-Site.Scripting HIGH" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "wiki-embed 1.4.7 Cross-Site.Request.Forgery MEDIUM" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 6.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-click-info No.known.fix Reflected.XSS HIGH" "wp-less 1.9.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "whizzy No.known.fix Missing.Authorization MEDIUM" "wp-post-author 3.8.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-author 3.8.2 Authenticated.(Administrator+).SQL.Injection HIGH" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "wp-identicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpsyncsheets-woocommerce 1.9 Missing.Authorization MEDIUM" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpcf7-redirect 3.0.0 Missing.Authorization MEDIUM" "wpcf7-redirect 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.6.0 Unauthenticated.Options.Update.to.Stored.XSS HIGH" "wpcf7-redirect 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcf7-redirect 2.3.4 Unauthenticated.Arbitrary.Nonce.Generation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.PHP.Object.Injection HIGH" "wpcf7-redirect 2.3.4 Unprotected.AJAX.Actions MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Plugin.Installation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Post.Deletion MEDIUM" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woo-salesforce-plugin-crm-perks 1.7.6 Open.Redirect MEDIUM" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "wp-contact-form7-email-spam-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woozap No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wpbulky-wp-bulk-edit-post-types 1.0.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "wowpth No.known.fix Reflected.XSS HIGH" "wowpth No.known.fix Reflected.XSS HIGH" "woo-custom-profile-picture No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-github No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "wpqa 6.1.1 Contributor+.Stored.XSS MEDIUM" "wpqa 6.1.1 Arbitrary.Category.and.Tag.Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.9.3 Missing.validation.lead.to.functionality.abuse LOW" "wpqa 5.9 Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.7 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.5 Unauthenticated.Private.Message.Disclosure MEDIUM" "wpqa 5.4 Reflected.Cross-Site.Scripting MEDIUM" "wpqa 5.2 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Stored.Cross-Site.Scripting.via.Profile.fields MEDIUM" "wpqa 5.2 Subscriber+.Arbitrary.Profile.Picture.Deletion.via.IDOR MEDIUM" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "wprequal 8.3.1 Cross-Site.Request.Forgery.to.Settings.Reset MEDIUM" "ws-audio-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "website-file-changes-monitor 2.1.1 Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 2.1.0 Admin+.Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "wc-planzer-shipping 1.0.26 Reflected.Cross-Site.Scripting.via.processed-ids MEDIUM" "web-stat 1.4.1 API.Key.Disclosure HIGH" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-bookings 2.2.5 Unauthenticated.Bookings.Products.Data.and.Metadata.Disclosure.via.REST.API MEDIUM" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "weaver-for-bbpress 1.7.1 Reflected.Cross-Site.Scripting.via._wpnonce.Parameter MEDIUM" "wpcasa-mail-alert 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-review No.known.fix Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Custom.Fields HIGH" "wp-simpleweather No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wemail 1.14.14 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wp-show-stats No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 3.1.5 Authenticated.(Administrator+).SQL.Injection.via.wps_wgm_save_post.Function MEDIUM" "woo-gift-cards-lite 3.0.7 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-church-donation No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-church-donation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-floating-cart-lite 2.8.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-clap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cookie No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "welcome-popup No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wise-chat 3.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.X-Forwarded-For.Header HIGH" "wise-chat 3.3.4 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "woocommerce-abandon-cart-pro 9.17.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpremote 4.65 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "web-directory-free 1.7.9 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.7 Unauthenticated.SQL.Injection HIGH" "web-directory-free 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-file-download 6.2.6 Reflected.XSS HIGH" "wp-able-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wow-carousel-for-divi-lite 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Carousel.and.Logo.Carousel.Widgets MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-display-products-by-tags No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wooCommerce-order-proposal 2.0.6 Authenticated.(Shop.Manager+).Privilege.Escalation.via.Order.Proposal HIGH" "wordpress-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "wpfrom-email 1.8.9 Admin+.Stored.XSS LOW" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "wp-responsive-tabs 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-agenda No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wah-forms No.known.fix Missing.Authorization MEDIUM" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "wp-pricing-table No.known.fix Reflected.XSS HIGH" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wpschoolpress No.known.fix Missing.Authorization.to.Arbitrary.User.Deletion MEDIUM" "wpschoolpress No.known.fix Authenticated.(Parent+).SQL.Injection MEDIUM" "wpschoolpress No.known.fix Missing.Authorization.to.Privilege.Escalation.via.Account.Takeover HIGH" "wpschoolpress No.known.fix Authenticated.(Teacher+).SQL.Injection MEDIUM" "wpschoolpress No.known.fix Authenticated.(Student/Parent+).SQL.Injection MEDIUM" "wpschoolpress 2.2.11 Insecure.Direct.Object.Reference.to.Authenticated.(Teacher+).Account.Takeover/Privilege.Escalation HIGH" "wpschoolpress 2.2.5 Teacher+.SQLi MEDIUM" "wpschoolpress 2.2.5 Cross-Site.Request.Forgery MEDIUM" "wpschoolpress 2.1.10 Reflected.Cross-Site.Scripting HIGH" "wpschoolpress 2.1.17 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wpschoolpress 2.1.10 Multiple.Authenticated.SQL.Injections HIGH" "writersblok-ai 1.3.20 Reflected.Cross-Site.Scripting MEDIUM" "wp-dispensary No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-biographia No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wizshop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp2html No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-gpx-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sgpx.Shortcode MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "wp-geometa No.known.fix 0.3.5.-.Subscriber+.Privilege.Escalation HIGH" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-fiddle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wordpress-sql-backup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wptemplata 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "wp-social-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-security-master No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-all-export-pro 1.9.2 Authenticated.(ShopManager+).Arbtirary.Options.Update MEDIUM" "wp-all-export-pro 1.9.2 Unauthenticated.Remote.Code.Execution.via.Custom.Export.Fields HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wp-ecommerce-paypal 2.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "webling No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ad-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp2wb No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-auto-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "wp-courses 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Update HIGH" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "wp-time-slots-booking-form 1.2.31 Cross-Site.Request.Forgery MEDIUM" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "wp-planification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorewards 5.3.1 Missing.Authorization MEDIUM" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-megamenu No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wise-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-update-variations-in-cart No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-mobile-themes No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "wpgenealogy No.known.fix Missing.Authorization MEDIUM" "wpgenealogy 0.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wpgenealogy 0.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tithely No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "writer-helper No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "worpit-admin-dashboard-plugin 4.5.0 Unauthenticated.PHP.Object.Injection CRITICAL" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpecounter 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "wp-desklite No.known.fix Reflected.XSS HIGH" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-hide-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-order-export-lite 3.5.6 Unauthenticated.PHP.Object.Injection.via.Order.Details HIGH" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wp-condition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailing-group 3.0.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-mailing-group 3.0.0 Reflected.Cross-Site.Scripting HIGH" "wp-mailing-group 3.0.0 Admin+.SQL.Injection MEDIUM" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wrapper-link-elementor 1.0.5 Injected.Backdoor CRITICAL" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "wpeventticketing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-product-tables 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-tables 2.1.3 Unuthenticated.SQL.Injection HIGH" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "wpmastertoolkit 2.6.0 Authenticated.(Administrator+).to.Arbitrary.File.Read.and.Write HIGH" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "wp-topbar No.known.fix CSRF MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "wp-rest-api-authentication 3.6.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-csv-to-database No.known.fix CSRF LOW" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "wordpress-popup 7.8.6 Missing.Authorization.to.Unauthorized.Form.Submission MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unpublished.Form.Exposure MEDIUM" "wordpress-popup 7.8.5 Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "woo-shipping-dpd-baltic 1.2.84 Reflected.Cross-Site.Scripting HIGH" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "wp-extra-fields No.known.fix Reflected.XSS HIGH" "woo-exfood 3.3.3 Restaurant.Menu.&.Food.ordering.<.3.3.3.-.Unauthenticated.Arbitrary.Shortcode.Execution.via.ids HIGH" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "wp-inquiries No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-mmenu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.19 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.File.Uploader.Component CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.Image.Uploader.Component MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-email-newsletter No.known.fix Reflected.XSS HIGH" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-user-switch No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "widget-for-eventbrite-api 6.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wptouch 4.3.61 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wptouch 4.3.45 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.45 Admin+.Arbitrary.File.Upload MEDIUM" "wptouch 4.3.44 Reflected.Cross-Site.Scripting MEDIUM" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpsso 18.18.2 Missing.Authorization MEDIUM" "wp-chrono No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 7.2.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-text-expander No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpextended 3.0.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wpextended 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.14 Missing.Authorization.to.Unauthenticated.Post.Order.Manipulation MEDIUM" "wpextended 3.0.13 Unauthenticated.SQL.Injection.via.Login.Attempts.Module HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "wpextended 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.selected_option MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.page MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpextended 3.0.9 Missing.Authorization.to.Admin.Username.Change MEDIUM" "wpextended 3.0.9 Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "wpextended 3.0.9 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wpextended 3.0.9 Insecure.Direct.Object.Reference MEDIUM" "wpextended 3.0.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-find-your-nearest No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-find-your-nearest No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-sms 2.8.1.1 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-options-editor No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "wptools-masonry-gallery-posts-for-divi 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-orders-customers-exporter No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wpcargo No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "wpcargo No.known.fix Subscriber+.Settings.Update MEDIUM" "wpcargo No.known.fix Unauthenticated.SQL.Injection HIGH" "wpcargo 6.9.5 Reflected.Cross.Site.Scripting MEDIUM" "wpcargo 6.9.5 Admin+.Stored.Cross.Site.Scripting LOW" "wpcargo 6.9.0 Unauthenticated.RCE CRITICAL" "wordpress-logging-service No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "wp-table-manager 4.1.4 Missing.Authorization.to.Authenticated.(Subscriber+).Directory.Traversal.to.Folder/File.Name.Disclosure MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "wp-stats-manager 7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.6 Missing.Authorization MEDIUM" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "wp-xintaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-supersized No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-html-page-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wow-entrance-effects-wee No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "wp-log-action 0.52 Reflected.XSS HIGH" "wp-webinarsystem No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wp-webinarsystem No.known.fix Open.Redirect MEDIUM" "wp-webinarsystem No.known.fix Missing.Authorization MEDIUM" "wp-webinarsystem No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Webinar.Updates HIGH" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wp-slimstat 5.2.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "winterlock 1.2.5 Cross-Site.Request.Forgery MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "woo-tumblog No.known.fix Missing.Authorization.to.Unauthenticated.Content.Injection MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wp-ecards-invites 1.3.905 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-maintenance 6.1.9.8 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-bitly No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-bitly 2.7.3 Missing.Authorization MEDIUM" "wp-bitly 2.7.2 Contributor+.Stored.XSS MEDIUM" "wpguppy-lite 1.1.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpguppy-lite 1.1.1 Authorization.Bypass MEDIUM" "wpguppy-lite 1.1.1 Subscriber+.Privilege.Escalation HIGH" "wpguppy-lite 1.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-download-mirror-counter No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wpzon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "waymark 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.5.3 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "waymark 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.4.2 Reflected.Cross-Site.Scripting.via.'content' MEDIUM" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "wp-tarteaucitron-js-self-hosted No.known.fix Running.a.Vulnerable.Dependency MEDIUM" "wpcom-member 1.7.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpcom-member 1.7.7 Unauthenticated.Time-Based.SQL.Injection HIGH" "wpcom-member 1.7.6 Authentication.Bypass.via.'user_phone' CRITICAL" "wpcom-member 1.5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.3 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "wpc-admin-columns 2.1.1 2.1.0.-.Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-mailster 1.8.21.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).SQL.Injection.via.orderby HIGH" "wp-mailster 1.8.17.0 Missing.Authorization MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Information.Exposure MEDIUM" "wp-mailster 1.8.17.0 Missing.Authorization HIGH" "wp-mailster 1.8.16.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wdesignkit 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wdesignkit 1.1.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "wp-course-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-sendfox No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "wp-social-bookmarking No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "wpcomplete 2.9.5 Reflected.Cross-Site.Scripting HIGH" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-social-seo-booster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-lijit-wijit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "web-stories 1.38.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-category-dropdown 1.9 Contributor+.Stored.XSS MEDIUM" "wp-spell-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "wpsyncsheets-wpforms 1.6.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Authentication.Bypass CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ws-contact-form 1.3.8 Admin+.Stored.XSS LOW" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpmozo-addons-lite-for-elementor 1.1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpmozo-addons-lite-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-team-manager 2.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wpmovielibrary No.known.fix Reflected.XSS HIGH" "wp-front-end-login-and-register No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-exporter 2.7.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "wedocs 2.1.5 Missing.Authorization MEDIUM" "woocommerce-customers-manager 31.4 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-embed-facebook No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "woo-rfq-for-woocommerce 1.9.180 Insecure.Direct.Object.Reference.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "wpg-videos No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sticky-side-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "ws-form-pro 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form-pro 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "ws-form-pro 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-sexylightbox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wpcalc No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-map No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-social 3.1.1 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-social 3.0.8 Authentication.Bypass CRITICAL" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wp-update-mail-notification 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-mail-catcher 2.1.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wpbot-pro 13.7.0 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wpbot-pro No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wpbot-pro 13.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Simple.Text.Response.Creation MEDIUM" "wpbot-pro 13.5.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "wplite No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wcfm-marketplace-rest-api 1.6.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-headers-and-footers 3.1.2 Arbitrary.Options.Update.via.CSRF HIGH" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "wp-table-builder 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-table-builder 2.0.6 Reflected.Cross-Site.Scripting HIGH" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.6.0 Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "wp-custom-cms-block No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "wpvivid-backup-mainwp 0.9.34 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpvivid-backup-mainwp 0.9.33 Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-lightbox 2.3.4 Contributor+.Stored.XSS MEDIUM" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-spotlight-search 1.1.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-all-currencies No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wr-price-list-for-woocommerce No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "wr-price-list-for-woocommerce No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-baidu-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wpvn-username-changer No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "wp-security-audit-log 5.3.3 Authenticated.(Admin+).PHP.Object.Injection MEDIUM" "wp-security-audit-log 5.3.0 Unauthenticated.Stored.XSS HIGH" "wp-security-audit-log 5.2.2 Unauthenticated.Stored.Cross-Site.Scripting.via.User_id.Parameter HIGH" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "wp2syslog No.known.fix Admin+.Stored.XSS LOW" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "woo-giftcards No.known.fix Missing.Authorization MEDIUM" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woomotiv 3.6.3 Unauthenticated.SQL.Injection HIGH" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wc-order-limit-lite 3.0.3 Missing.Authorization MEDIUM" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "wpbookit 1.0.3 Insecure.Direct.Object.Reference.to.Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "wpbookit 1.0.3 Insecure.Direct.Object.Reference.to.Unauthenticated.Privilege.Escalation.via.Email.Update CRITICAL" "wpbookit No.known.fix Missing.Authorization MEDIUM" "wpbookit 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpbookit 1.6.10 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbookit 1.6.6 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "wpbookit No.known.fix Unauthenticated.SQL.Injection HIGH" "wptf-image-gallery No.known.fix Remote.File.Download HIGH" "wp-wiki-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-simple-paypal-shopping-cart 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Insecure.Direct.Object.Reference.via.'quantity' MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Insecure.Direct.Object.Reference MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.3 Unauthenticated.Information.Exposure.via.file_url.Parameter HIGH" "wordpress-simple-paypal-shopping-cart 5.1.3 Unauthenticated.Product.Price.Manipulation HIGH" "wordpress-simple-paypal-shopping-cart 5.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-hide-admin-bar No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "wp-easycart 5.7.9 Missing.Authorization.to.Order.Updates MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "woocommerce-hss-extension-for-streaming-video No.known.fix Reflected.Cross-Site.Scripting.via.videolink.Parameter MEDIUM" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wip-incoming-lite 1.1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "webtexttool 3.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webtexttool 3.6.2 Missing.Authorization MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "wptools 5.25 Cross-Site.Request.Forgery MEDIUM" "wptools 5.19 Cross-Site.Request.Forgery.to.Arbitrary.File.Renaming MEDIUM" "wptools 3.43 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "wp-svg-upload No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wpagecontact No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "wpsolr-free 24.0.1 Privilege.Escalation.via.CSRF HIGH" "wpheka-request-for-quote 1.3 CSRF.Bypass MEDIUM" "wp-dropbox-dropins No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-shopify No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "wpmu-prefill-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "woo-discount-rules 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "wp-realestate 1.6.27 Authentication.Bypass.via.'process_register' CRITICAL" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-cookies-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordapp No.known.fix Missing.Authorization MEDIUM" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woocommerce-to-google-merchant-center No.known.fix Missing.Authorization MEDIUM" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.7.1 .Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.5.3 Reflected.Cross-Site.Scripting HIGH" "wp-blackcheck No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "weather-layer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-flybox No.known.fix CSRF MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "wp-bulletin-board No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpantiddos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.9 Missing.Authorization MEDIUM" "wpify-woo 3.5.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "woo-recargo-de-equivalencia No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-easy-poll-afo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpforms-lite 1.9.5.1 Contributor+.Stored.XSS.via.'start_timestamp'.Parameter MEDIUM" "wpforms-lite 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fieldHTML.Parameter MEDIUM" "wpforms-lite 1.9.2.3 Contributor+.Custom.Form.Theme.Creation LOW" "wpforms-lite 1.9.2.2 1.9.2.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Payment.Refund.and.Subscription.Cancellation HIGH" "wpforms-lite 1.9.2.3 Admin+.Stored.XSS LOW" "wpforms-lite 1.9.2.1 Cross-Site.Request.Forgery.(CSRF).to.Plugin's.Log.Deletion MEDIUM" "wpforms-lite 1.9.1.6 Admin+.Stored.XSS LOW" "wpforms-lite 1.8.8.2 Unauthenticated.Price.Manipulation MEDIUM" "wpforms-lite 1.8.1.3 Reflected.XSS MEDIUM" "wpforms-lite 1.7.5.5 Admin+.Arbitrary.File.Access MEDIUM" "wpforms-lite 1.6.0.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.5.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wptelegram-widget 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-post-list-table 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "woocommerce-inventory-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smtp 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting.via.Email HIGH" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "wp-downloadmanager 1.68.11 Authenticated.(Administrator+).Arbitrary.File.Read MEDIUM" "wp-downloadmanager 1.68.11 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-downloadmanager 1.68.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "wp-hr-manager 3.2.0 Reflected.XSS HIGH" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dream-carousel No.known.fix Reflected.XSS HIGH" "wpoptin No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpoptin 2.0.2 Unauthenticated.Local.File.Inclusion HIGH" "wpoptin 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wpoptin 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woolementor No.known.fix Author+.Stored.XSS MEDIUM" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpjam-basic 6.2.1.1 Contributor+.Stored.XSS MEDIUM" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-google-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-bulk-delete 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-altcoin-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-altcoin-payment-gateway No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "wp-coder 3.6.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wp-easy-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpsol No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.7 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "woo-product-table 5.0.0 Reflected.XSS HIGH" "woo-product-table 3.5.2 Information.Exposure MEDIUM" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "wp2appir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-donate No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "wppizza 3.19.5 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.14 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.11 Missing.Authorization MEDIUM" "wppizza 3.18.3 Reflected.XSS HIGH" "wppizza 3.17.2 Reflected.XSS HIGH" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wp-post-corrector No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-corrector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-security-hardening 1.2.7 Unauthenticated.Security.Feature.Bypass.to.Username.Enumeration MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "wp-job-manager-companies 1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-save-abandoned-carts 8.2.1 Cross-Site.Request.Forgery MEDIUM" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.appbox.Shortcode MEDIUM" "wp-appbox 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0..Authenticated.SQL.Injection MEDIUM" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "wpgform No.known.fix Admin+.Stored.XSS LOW" "wpgform 0.94 Eval.Injection HIGH" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wdes-responsive-mobile-menu No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wp-media-category-management 2.4.0 2.3.3.-.Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-editor 1.2.9.2 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "wp-editor 1.2.9.2 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Update HIGH" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "wp-category-meta No.known.fix CSRF MEDIUM" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Carbon.Fields.Custom.Sidebar.Addition/Removal MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Authenticated.(Subscriber+).User.Meta.Key.Enumeration MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "w2s-migrate-woo-to-shopify 1.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-proposals No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-filter-post-categories No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpglobus 1.9.7 Stored.XSS.&.CSRF HIGH" "woo-addon-uploads 1.7.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "wp-media-file-type-manager No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-booking 6.10.0 Subscriber+.Arbitrary.Option.Update HIGH" "wp-nice-loader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-admin-custom-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "wpvr 8.5.27 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wpvr 8.5.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpvr 8.5.6 Missing.Authorization MEDIUM" "wpvr 8.5.5 Missing.Authorization MEDIUM" "wpvr 8.3.15 Unauthenticated.Plugin.Downgrade.leading.to.XSS HIGH" "wpvr 8.3.5 Reflected.XSS HIGH" "wpvr 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.3.0 Subscriber+.Arbitrary.Tour.Update MEDIUM" "wpvr 8.2.9 Reflected.XSS HIGH" "wpvr 8.2.8 Subscriber+.Settings.Update MEDIUM" "wpvr 8.2.7 Contributor+.Stored.XSS MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "wp-wc-affiliate-program 8.5.0 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-remote-thumbnail No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "wp-donimedia-carousel No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpzoom-addons-for-beaver-builder 1.3.6 Authenticated.(Editor+).Local.File.Inclusion HIGH" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-admin-bar-improved No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "woo-direct-checkout-lite No.known.fix Missing.Authorization MEDIUM" "wpc-smart-messages 4.2.2 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wpc-smart-messages 4.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Message.Activation/Deactivation MEDIUM" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.6.23 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wedevs-project-manager 2.6.23 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wedevs-project-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "wedevs-project-manager 2.6.18 Authenticated.(Subscriber+).SQL.Injection.via.orderby.Parameter MEDIUM" "wedevs-project-manager 2.6.18 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "wedevs-project-manager 2.6.23 Admin+.Stored.XSS LOW" "wedevs-project-manager 2.6.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.16 Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.Project.Task.List.REST.API MEDIUM" "wedevs-project-manager No.known.fix Authenticated.(Project.Manager+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.15 Missing.Authorization.to.Project.Milestone.and.Task.Creation/Deletion MEDIUM" "wedevs-project-manager 2.6.14 Insecure.Direct.Object.Reference.to.Unauthenticated.Authorization.Bypass HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "wp-ispconfig3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ultimate-exporter 2.14 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-ultimate-exporter 2.10 Information.Disclosure.Through.Unprotected.Directory HIGH" "wp-ultimate-exporter 2.9.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "wp-ultimate-exporter 2.9.2 Authenticated.(Admin+).Remote.Code.Execution MEDIUM" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "wp-githuber-md No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpyog-documents No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-featured-entries No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-krpano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-imagezoom No.known.fix Reflected.XSS HIGH" "wp-geshi-highlight No.known.fix Author+.ReDoS LOW" "wp-recipe-maker 9.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recipe-maker 9.7.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'tooltip' MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "wp-ticketbai 3.21 Unauthenticated.SQL.Injection HIGH" "wp-ticketbai No.known.fix Missing.Authorization MEDIUM" "wp-ticketbai 3.19 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "wp-travel-blocks 3.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watermark-reloaded No.known.fix Cross-Site.Request.Forgery.via.optionsPage HIGH" "wp-content-security-policy No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.CSP-Report.Fields HIGH" "wpspx No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-food No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-role-pricing No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpradio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-special-textboxes 6.2.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.18.0 Reflected.Cross-Site.Scripting.via.order,.post,.and.idd.Parameters MEDIUM" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-custom-fields-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcfs-preset.Shortcode MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-parsidate 5.1.2 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpml-string-translation 3.2.6 Admin+.SQLi MEDIUM" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wppricing-builder-lite-responsive-pricing-table-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "wp-users-masquerade No.known.fix Authentication.Bypass HIGH" "wp-widget-bundle No.known.fix Unauthencated.Reflected.XSS MEDIUM" "wp-widget-bundle No.known.fix Widget.Disable/Enable.via.CSRF MEDIUM" "wp-widget-bundle No.known.fix Admin+.Stored.XSS LOW" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "wp-perfect-plugin 1.8.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "wp-reactions-lite 1.3.9 CSRF LOW" "wp-visual-slidebox-builder No.known.fix Subscriber+.SQLi HIGH" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-date-and-time-shortcode 2.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-delivery-notes 5.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-delivery-notes 5.5.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woocommerce-delivery-notes 5.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Logo.Deletion MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "wonderplugin-video-embed 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "wp-header-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "wp-projects-portfolio No.known.fix Reflected.XSS HIGH" "wp-projects-portfolio No.known.fix Stored.XSS.via.CSRF HIGH" "wp-import-export-lite 3.9.28 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wishlist-member-x No.known.fix Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Information.Disclosure MEDIUM" "wishlist-member-x No.known.fix Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution CRITICAL" "wishlist-member-x No.known.fix Subscriber+.Privilege.Escalation HIGH" "wishlist-member-x No.known.fix Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-datatable 0.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "wc-price-history 2.1.5 Authenticated.(Shop.manager+).PHP.Object.Injection HIGH" "wc-price-history 2.1.4 Missing.Authorization MEDIUM" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "wpfunnels 3.5.19 Unauthenticated.PHP.Object.Injection CRITICAL" "wpfunnels 3.5.6 Reflected.Cross-Site.Scripting MEDIUM" "wpfunnels 3.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 2.7.17 Reflected.Cross-Site.Scripting HIGH" "wpfunnels 2.6.9 Contributor+.Stored.XSS MEDIUM" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "wplegalpages 3.2.8 Cross-Site.Request.Forgery MEDIUM" "wplegalpages 2.9.3 Contributor+.Stored.XSS MEDIUM" "wplegalpages 2.7.1 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "wplegalpages 1.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "wp-login-with-ajax No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-amaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "wp-editor-bootstrap-blocks 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "wp-bookmarks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "winning-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "wpforms 1.8.5.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Form.Submission HIGH" "wpforms 1.7.7 CSV.Injection MEDIUM" "woocommerce-product-payments 3.5.9 Missing.Authorization MEDIUM" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fixtag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-monalisa 6.5 Cross-Site.Request.Forgery MEDIUM" "wholesale-pricing-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wholesale-pricing-woocommerce 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "woofilter-pro No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-cleanup-and-basic-functions No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "wp-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wheel-of-life 1.1.9 Missing.Authorization MEDIUM" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "wp-editormd No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "wp-mermaid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "web-testimonials No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-carousel-free 2.7.4 Admin+.Stored.XSS LOW" "wp-carousel-free 2.6.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.6.9 Editor+.Stored.XSS LOW" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "wp-fsqm-pro 4.19.1 WordPress.Form.Builder.<.4.19.1.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-fsqm-pro 4.19 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-place-order-without-payment 2.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "wp-recall No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-recall No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-recall 16.26.12 Admin+.Stored.XSS LOW" "wp-recall 16.26.12 Unauthenticated.SQL.Injection HIGH" "wp-recall 16.26.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Exeuction MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recall 16.26.12 Admin+.SQL.Injection MEDIUM" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woocommerce-multiple-free-gift No.known.fix Insufficient.Server-Side.Validation.to.Arbitrary.Gift.Adding MEDIUM" "wufoo-shortcode 1.52 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "wp-load-gallery No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "wp-worthy 1.7.0-0cde1c2 Cross-Site.Request.Forgery MEDIUM" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "wp2android-turn-wp-site-into-android-app No.known.fix Unauthenticated.File.Upload CRITICAL" "wp-map-block 2.0.3 Contributor+.Stored.XSS.via.Marker MEDIUM" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.2.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpadverts 2.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.7 Unauthenticated.Stored.Cross-Site.Scripting.via.adverts_add.Shortcode HIGH" "wpadverts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "wp-crm-system 3.4.3 Missing.Authorization MEDIUM" "wp-crm-system No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-crm-system 3.4.0 Unauthenticated.Duplicate.Contact.Settings.Update MEDIUM" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.Stored.XSS LOW" "wp-auctions No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Backup.File.Download.and.Upload HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Limited.JavaScript.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpshop No.known.fix 2.6.0.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "wpshop No.known.fix 2.6.0.-.Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Key.Generation MEDIUM" "wpshop No.known.fix Arbitrary.File.Upload.via.CSRF HIGH" "wpdoodlez No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "wp-pinterest-automatic No.known.fix Missing.Authorization MEDIUM" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "wc-shipos-delivery 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-shipos-delivery No.known.fix Reflected.Cross-Site.Scripting.via.dvsfw_bulk_label_url.Parameter MEDIUM" "wp-intro-js-tours No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-to-hootsuite 1.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wp-compare-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-photo-reviews No.known.fix Review.Reminders.-.Review.for.Discounts.<=.1.3.13.-.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wt-woocommerce-wishlist 2.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "wc-multivendor-marketplace 3.6.12 Reflected.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "woocommerce-ultimate-gift-card No.known.fix Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<=.2.8.10.-.Unauthenticated.SQL.Injection HIGH" "woocommerce-ultimate-gift-card No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-ultimate-gift-card 2.9.1 Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<.2.9.1.-.Reflected.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.5 Missing.Authorization.to.Notice.Dismissal NONE" "widgetkit-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "widget-options 4.1.1 Contributor+.Remote.Code.Execution HIGH" "widget-options 4.0.9 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-options 4.0.8 Missing.Authorization MEDIUM" "widget-options 4.0.8 Contributor+.Remote.Code.Execution CRITICAL" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "wpc-grouped-product 4.4.3 Missing.Authorization MEDIUM" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "wc-frontend-manager 6.7.13 Insecure.Direct.Object.Reference.to.Account.Takeover/Privilege.Escalation HIGH" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "wp-lightbox-2 3.0.6.8 Unauthenticated.Stored.XSS HIGH" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 3.0.6.6 Admin+.Stored.XSS LOW" "wps-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wps-team No.known.fix Contributor+.PHP.Object.Injection HIGH" "wps-team 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-time-machine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-quick-shop 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "wpshopgermany-protectedshops 2.1 Admin+.Stored.XSS LOW" "wp-airbnb-review-slider 4.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "webcamconsult 1.6.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.25 Authentication.Bypass CRITICAL" "wpdiscuz 7.6.22 Unauthenticated.HTML.Injection MEDIUM" "wpdiscuz 7.6.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Image.Alternative.Text MEDIUM" "wpdiscuz 7.6.13 Admin+.Stored.XSS LOW" "wpdiscuz 7.6.12 Cross-Site.Request.Forgery MEDIUM" "wpdiscuz 7.6.12 Unauthenticated.Stored.XSS HIGH" "wpdiscuz 7.6.11 Unauthenticated.Content.Injection MEDIUM" "wpdiscuz 7.6.4 Author+.IDOR LOW" "wpdiscuz 7.6.11 Insufficient.Authorization.to.Comment.Submission.on.Deleted.Posts MEDIUM" "wpdiscuz 7.6.12 Missing.Authorization.in.AJAX.Actions MEDIUM" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.4 Post.Rating.Increase/Decrease.iva.IDOR MEDIUM" "wpdiscuz 7.6.4 Unauthenticated.Data.Modification.via.IDOR MEDIUM" "wpdiscuz 7.5 wpDiscuz.7.4.2.-.Subscriber+.IDOR MEDIUM" "wpdiscuz 7.3.12 Sensitive.Information.Disclosure LOW" "wpdiscuz 7.3.4 Arbitrary.Comment.Addition/Edition/Deletion.via.CSRF MEDIUM" "wpdiscuz 7.3.2 wpDiscuz.<.7.3.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "wpdiscuz 7.0.5 wpDiscuz.7.0.0.-.7.0.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdiscuz 5.3.6 Unauthenticated.SQL.Injection CRITICAL" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-members 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_user_memberships.Shortcode MEDIUM" "wp-members 3.4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_loginout.Shortcode MEDIUM" "wp-members 3.4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpzoom-elementor-addons 1.1.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-elementor-addons 1.1.38 Unauthenticated.Local.File.Inclusion CRITICAL" "wpzoom-elementor-addons 1.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-elementor-addons 1.1.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mini-program No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-newsletter-subscription No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-fullcalendar 1.6 Contributor+.Stored.XSS MEDIUM" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "wpforo 2.4.4 Subscriber+.Privilege.Escalation HIGH" "wpforo 2.4.2 Subscriber+.Arbitrary.File.Read MEDIUM" "wpforo 2.3.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wpforo 2.3.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wpforo 2.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpforo 2.2.6 Subscriber+.Content.Injection MEDIUM" "wpforo 2.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.1.9 Reflected.Cross-Site.Scripting HIGH" "wpforo 2.1.8 Subscriber+.Arbitrary.File.Read,.Author+.PHAR.Deserialization,.and.Subscriber+.Server-Side.Request.Forgery.via.file_get_contents HIGH" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Private/Public.via.IDOR MEDIUM" "wpforo 2.1.0 Arbitrary.User.Deletion.via.CSRF HIGH" "wpforo 2.1.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Solved/Unsolved.via.IDOR MEDIUM" "wpforo 2.0.6 Topic.Deletion.via.CSRF MEDIUM" "wpforo 2.0.6 Cross-Site.Request.Forgery MEDIUM" "wpforo 1.9.7 Open.Redirect MEDIUM" "wpforo 1.7.0 New.Users.Set.as.Admin.via.CSRF HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.langid.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.s.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.User.Agent MEDIUM" "wpforo 1.5.2 Privilege.Escalation CRITICAL" "wpforo 1.4.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpforo 1.4.11 Unauthenticated.SQL.Injection CRITICAL" "wp-background-tile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.5.0 Unauthenticated.Full.Path.Dislcosure MEDIUM" "wpide 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Read MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Edit.&.Upload MEDIUM" "wpide 3.0 Admin+.Local.File.Inclusion LOW" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "webd-woocommerce-advanced-reporting-statistics No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-js-impress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wptables No.known.fix Reflected.XSS HIGH" "wpkoi-templates-for-elementor 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 2.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "wpkoi-templates-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Heading.Widget MEDIUM" "webflow-pages 1.1.0 Missing.Authorization MEDIUM" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wpdm-gutenberg-blocks 2.1.9 Contributor+.XSS MEDIUM" "wp-cookie-consent No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "woocommerce-support-ticket-system 17.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Information.Exposure MEDIUM" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-support-ticket-system 17.8 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-google-street-view 1.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsimpletools-log-viewer No.known.fix Cross-Site.Request.Forgery.via.wpst_lw_viewer MEDIUM" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "wp-recaptcha-bp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "wp-email-debug No.known.fix 1.1.0.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-tool-tip No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-cassify 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpupper-share-buttons 3.52 Cross-Site.Request.Forgery.to.Custom.CSS.Update MEDIUM" "wpupper-share-buttons 3.50 Missing.Authorization MEDIUM" "wpupper-share-buttons 3.43 Admin+.Stored.XSS LOW" "wp-fundraising-donation 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "wordpress-signature No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-addpub No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-profitshare No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-profitshare No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-user-frontend-pro 4.1.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-user-frontend-pro 4.1.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-clone-any-post-type No.known.fix Missing.Authorization MEDIUM" "wp-clone-any-post-type No.known.fix Open.Redirect MEDIUM" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.57 Open.Redirect.via.'redirect'.Parameter HIGH" "wpappninja 11.53 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wpappninja 11.51 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.49 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.42 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.21 Admin+.Stored.XSS LOW" "wpappninja 11.19 Admin+.Stored.XSS LOW" "wpappninja 11.14 Contributor+.Stored.XSS MEDIUM" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-cafe 2.2.33 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.32 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "wp-categories-widget 2.3 Reflected.XSS HIGH" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "wp-politic 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "weaver-themes-shortcode-compatibility No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-playlist No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "webparex No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-zillow-review-slider 2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "wp-sitemap No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wc-payphone-gateway 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-point-of-sale 6.2.0 Insecure.Direct.Object.Reference.to.Privilege.Escalation.via.Arbitrary.User.Email.Change CRITICAL" "wp-sendgrid-mailer No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-tabs No.known.fix Authentiated.(Shop.Manager+).PHP.Object.Injection.in.product_has_custom_tabs HIGH" "wpdm-premium-packages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.9.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.4 Reflected.Cross-Site.Scripting.via.add_query_arg MEDIUM" "wpdm-premium-packages 5.9.4 Sell.Digital.Products.Securely.<.5.9.4.-.Contributor+.Stored.Cross-Site.Scripting.via.wpdmpp_pay_link.Shortcode MEDIUM" "wpdm-premium-packages No.known.fix Admin+.SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.2 Cross-Site.Request.Forgery MEDIUM" "wpdm-premium-packages 5.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.7.5 Sell.Digital.Products.Securely.<.5.7.5.-.Subscriber+.Privilege.Escalation HIGH" "wp-media-optimizer-webp No.known.fix Reflected.Cross-Site.Scripting.via.wpmowebp-css-resources.and.wpmowebp-js-resources.Parameters MEDIUM" "woo-tbc-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-without-featured-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wc-bulk-assign-linked-products No.known.fix Missing.Authorization MEDIUM" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "wp-education 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.text_html_tag MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-login-attempt-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-social-stream No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "wordpress-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-advanced-search No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wp-advanced-search 3.3.9.3 Admin+.Stored.XSS LOW" "wp-advanced-search 3.3.9.2 Unauthenticated.SQL.Injection HIGH" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "wphelpful No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 3.6.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "wp-marketing-automations 3.6.1 Open.Redirect MEDIUM" "wp-marketing-automations 3.5.2 Open.Redirect HIGH" "wp-marketing-automations 3.5.2 Unauthenticated.SQL.Injection.via.'automationId' HIGH" "wp-marketing-automations 3.3.0 Unauthenticated.SQLi HIGH" "wp-marketing-automations 3.2.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-fb-autoconnect 4.6.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "wpshopgermany-it-recht-kanzlei 2.1 Cross-Site.Request.Forgery MEDIUM" "wpshopgermany-it-recht-kanzlei 1.8 Admin+.Stored.XSS LOW" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-travel-engine 6.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-travel-engine 6.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-travel-engine 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-travel-engine 6.3.6 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-travel-engine 6.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wc-myparcel-belgium 4.5.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-registration 6.0 Missing.Authorization.to.User.Deletion CRITICAL" "wp-registration No.known.fix Unauthenticated.Account.Takeover CRITICAL" "wooemailreport No.known.fix Reflected.XSS HIGH" "wp-youtube-live 1.8.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-youtube-live 1.7.22 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wc1c-main No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-flipkart-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "wp-ptviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "wp-discord-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-thank-you-page-nextmove-lite 2.20.0 Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Reason.Submission MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-simple-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-event-solution 4.0.27 Unauthenticated.Arbitrary.File.Read HIGH" "wp-event-solution 4.0.27 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "wp-event-solution 4.0.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.25 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.25 Missing.Authorization.to.Unauthenticated.Payment.Status.Update MEDIUM" "wp-event-solution 4.0.21 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "wp-automatic 3.116.0 AI.content.generator.and.auto.poster.plugin.<.3.116.0.-.Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-youtube-gallery 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "wp-social-widget 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-membership 1.6.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wccp-pro 15.3 Open.Redirect MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-noexternallinks 4.3 Backdoored MEDIUM" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "wp-blocks-hub No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-hashtags No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "webhotelier 1.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-store-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wti-like-post No.known.fix IP.Spoofing MEDIUM" "wti-like-post 1.4.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wti-like-post 1.4.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "wc-product-table-lite 3.9.6 Missing.Authorization MEDIUM" "wc-product-table-lite 3.9.5 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.9.0 Missing.Authorization MEDIUM" "wc-product-table-lite 3.8.7 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "wishsuite 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wc-partial-shipment No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wishlist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wishlist 1.0.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "wishlist No.known.fix Missing.Authorization MEDIUM" "wishlist No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wishlist No.known.fix Cross-Site.Request.Forgery MEDIUM" "wishlist 1.0.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist 1.0.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-headmaster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery.to.Backup.Trigger MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.4.6 Missing.Authorization MEDIUM" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-quick-view 1.1.3 Unauthenticated.Information.Disclosure MEDIUM" "wp-report-post No.known.fix Reflected.XSS HIGH" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wpgateway No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-feature-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-travel 10.1.4 Author+.SQL.Injection MEDIUM" "wp-travel No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-travel 9.7.0 Missing.Authorization MEDIUM" "wp-travel 9.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-show-login-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-download-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "wpc-composite-products 7.2.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-popup-builder 1.3.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wp_ajax_nopriv_shortcode_Api_Add HIGH" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wpsection 1.3.9 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wootrello 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpbenchmark 1.3.7 Cross-Site.Request.Forgery.via.execute_plugin() MEDIUM" "wp-hijri No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hijri 1.5.2 Reflected.XSS HIGH" "woocommerce-products-filter 1.3.6.5 Subscriber+.Local.File.Inclusion HIGH" "woocommerce-products-filter 1.3.6.6 Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-products-filter 1.3.6.4 Reflected.Cross-Site.Scripting.via.really_curr_tax.Parameter MEDIUM" "woocommerce-products-filter 1.3.6.2 Insecure.Direct.Object.Reference.to.Unsubscribe MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xpert-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpd-reduce-image-filesize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xili-dictionary 2.12.5.1 Reflected.Cross-Site.Scripting MEDIUM" "xml-multilanguage-sitemap-generator No.known.fix Missing.Authorization MEDIUM" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "xml-for-avito 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "xisearch-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5..Authenticated.SQL.Injection HIGH" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xelion-webchat 9.2.0 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "xelion-webchat 9.2.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "xpro-theme-builder 1.2.8.5 Missing.Authorization MEDIUM" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "x-addons-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xili-tidy-tags No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.05 Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xo-liteslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xpro-elementor-addons-pro 1.4.10 Pro.<.1.4.10.-.Authenticated.(Contributor+).Remote.Code.Execution HIGH" "xt-facebook-events 1.1.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "xavins-list-subpages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xili-language 2.21.3 Reflected.Cross-Site.Scripting MEDIUM" "xola-bookings-for-tours-activities No.known.fix Missing.Authorization MEDIUM" "xl-tab 1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "xl-tab 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-addons-beaver-builder-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xavins-review-ratings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.12 Reflected.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "xtra-settings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xpro-elementor-addons 1.4.11 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Site.Title'.widget MEDIUM" "xpro-elementor-addons 1.4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.6.3 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "xpro-elementor-addons 1.4.6.6 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.6.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xc-woo-google-cloud-print No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xv-random-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xv-random-quotes No.known.fix Unauthenticated.SQL.Injection HIGH" "xv-random-quotes No.known.fix Settings.Reset.via.CSRF MEDIUM" "xv-random-quotes No.known.fix Reflected.XSS HIGH" "xo-security 1.5.3 XSS MEDIUM" "xagio-seo 7.1.0.17 Unauthenticated.Stored.Cross-Site.Scripting.via.'HTTP_REFERER' HIGH" "xagio-seo 7.0.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "xpresslane-integration-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xlsx-viewer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "your-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yahoo-media-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yame-linkinbio No.known.fix Unauthenticated.Information.Exposure MEDIUM" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "youtube-simplegallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yayextra 1.5.3 Missing.Authorization MEDIUM" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yoo-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "youtube-simple-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "yaad-sarig-payment-gateway-for-wc 2.2.5 Subscriber+.Log.Read/Deletion MEDIUM" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yamaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yamaps 0.6.30 Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "yawave No.known.fix Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-product-add-ons 4.14.2 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.13.1 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "yt-cookie-nonsense No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "ycyclista No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yacp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yds-support-ticket-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs No.known.fix Shop.Manager+.PHP.Object.Injection MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "yet-another-related-posts-plugin 5.30.11 Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "yahoo-boss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 4.6.0 Contributor+.Stored.XSS.via.id.Parameter MEDIUM" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "ymc-states-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ydn-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "yougler-blogger-profile-page No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yummly-rich-recipes No.known.fix Cross-Site.Request.Forgery MEDIUM" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "yatra 2.1.15 Admin+.Stored.XSS LOW" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "yumpu-epaper-publishing 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "yeemail 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "yaysmtp 2.6.5 Authenticated.(Administrator+).SQL.Injection MEDIUM" "yaysmtp 2.6.4 2.6.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "yr-activity-link 1.2.4 Contributor+.Stored.XSS MEDIUM" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yogo-booking 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yayforms 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-ajax-search 2.8.1 Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.5 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "yotpo-social-reviews-for-woocommerce 1.7.10 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "youtube-embed 5.4 Admin+.Stored.XSS LOW" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "your-simple-svg-support 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "yml-for-yandex-market 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "ymm-search 1.0.12 Cross-Site.Request.Forgery MEDIUM" "yphplista No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yphplista No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "youneeq-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "years-since No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "youzify 1.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.(save_addon_key_license) MEDIUM" "youzify 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "youzify 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Review.Deletion MEDIUM" "youzify 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.youzify_media.Shortcode MEDIUM" "youzify 1.3.1 Subscriber+.Arbitrary.Attachment.Deletion MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "yottie-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "zoho-crm-forms 1.7.9.8 Contributor+.SQL.Injection MEDIUM" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zohocreator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zapier 1.5.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery.via.updated_user.Function MEDIUM" "z-downloads 1.11.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "z-downloads 1.11.6 Unauthenticated.Stored.XSS HIGH" "z-downloads 1.11.5 Admin+.Arbitrary.File.Upload MEDIUM" "z-downloads 1.11.7 Admin+.Stored.XSS.via.SVG.Upload LOW" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "zartis-job-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH" "zotpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.'nickname' MEDIUM" "zotpress 7.3.13 Missing.Authorization MEDIUM" "zotpress 7.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL" "ziggeo 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zemanta No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Attachment.Upload.and.Set.Post.Featured.Image MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zero-bs-crm 4.2.4 Unauthorized.Invoice.Disclosure LOW" "znajdz-prace-z-pracapl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.201 Missing.Authorization MEDIUM" "zephyr-project-manager 3.3.102 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zajax-ajax-navigation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "zstore-manager-basic No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Cache.Clearing MEDIUM" "zephyr-modern-admin-theme 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "z-inventory-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "z-inventory-manager 3.1.7 Unauthenticated.PHP.Object.Injection CRITICAL" "zita-site-library 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "zarinpal-paid-downloads No.known.fix Reflected.XSS HIGH" "zarinpal-paid-downloads No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "zarinpal-paid-downloads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "zalo-official-live-chat No.known.fix Cross-Site.Request.Forgery MEDIUM" "zalo-live-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "zoorum-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zionbuilder No.known.fix Contributor+.Stored.XSS MEDIUM" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "zmseo No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ziplist-recipe-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "zx-csv-upload No.known.fix ZX_CSV.Upload.1..Authenticated.SQL.Injection HIGH" "zoho-subscriptions 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zoho-flow 2.13.4 Missing.Authorization MEDIUM" "zoho-flow 2.8.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zij-kart No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zhina-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "zox-news 3.17.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Modification HIGH" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "zd-scribd-ipaper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zenphotopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "zigaform-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zielke-design-project-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zm-gallery No.known.fix ZM.Gallery.1,0..Authenticated.Blind.SQL.Injection HIGH" "zalomeni No.known.fix Admin+.Stored.XSS LOW" "zen-social-sticky No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "zooom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "z-companion 1.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "z-companion 1.1.0 Missing.Authorization MEDIUM" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM")
pp "Plugin: Version"
rplugins=(`grep -oP ".*/wp-content/plugins/\K[a-zA-Z0-9-_.]+" $file | sort -u`)
d=true; [[ ! ${rplugins[@]} ]] && d=false || d=true
z=0; if [[ ${rplugins[@]} =~ "wp-statistics" ]]; then rplugins=(${rplugins[@]/wp-statistics}); v=$(grep -oP '^<\!-- Analytics by [a-zA-Z ]+\K[\d.]+' $file); sap wp-statistics; fi; if [[ ${rplugins[@]} =~ "google-analytics-for-wordpress" ]]; then rplugins=(${rplugins[@]/google-analytics-for-wordpress}); v=$(grep -oP "Google Analytics[a-zA-Z ]+\K[\d.]+" $file); sap google-analytics; fi; if [[ $(grep -i "wp-super-cache" $file) ]]; then ((z++)); rg wp-super-cache readme.txt; sap wp-super; fi; if [[ $(grep -i "w3-total-cache" $file) ]]; then ((z++)); rplugins=(${rplugins[@]/w3-total-cache}); rg w3-total-cache readme.txt; sap w3-total; fi; if [[ ${rplugins[@]} =~ "svg-support" ]]; then rplugins=(${rplugins[@]/svg-support}); rg svg-support readme.txt; sap svg-support; fi; if [[ ${rplugins[@]} =~ "pixelyoursite" ]]; then rplugins=(${rplugins[@]/pixelyoursite}); v=$(grep -m1 -oP "PixelYourSite.*[a-zA-Z ]+\K[\d.]+" $file); sap pixelyoursite; fi
len=$(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | wc -l); tplugins=$(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tr '[:upper:]' '[:lower:]'); for ((c=0; c<${#rplugins[@]}; c++)); do [[ ${tplugins[@],,} =~ ^${rplugins[c],,}$ ]] && rplugins=(${rplugins[@]/${rplugins[c]}}); done; for ((c=0; c<$len; c++)); do if [[ `echo -n $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]')` == "slider revolution" ]]; then rplugins=(${rplugins[@]/revslider}); v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap revslider; elif [[ `echo -n $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]')` == "all in one seo (aioseo)" ]]; then v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap all-in-one-seo-pack; else v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]'); fi; done
if ! "$d" && [[ z -eq 0 ]]; then [[ ! ${tplugins[@]} ]] && { cg_color bbg "No plugins detected"; return 1; }; fi
links=($(len=${#rplugins[@]}; for ((c=0; c<$len; c++)); do if [[ $tplugins =~ ${rplugins[c]} ]]; then continue; elif [[ $(grep -oP "<(script|link).*/wp-content/plugins/${rplugins[c]}/.*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+" | sort -u | wc -l) == 1 ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/[a-zA-Z-_/.?]+=([\d]+\.[\d.]+|[\d]+)" $file; continue; fi; k=0; vz=(`grep -oP "<script.*/wp-content/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+"`); l=${#vz[@]}; for ((i=0; i<$l-1; i++)); do if [[ ${vz[i]} == ${vz[i+1]} ]]; then ((k++)); fi; done; if [[ $k == $(($l-1)) ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=${vz[0]}" $file && continue; elif [[ $k > 0 && $k > $(($(($l-1))/2)) ]]; then y=$(grep -oP "^<script.*/wp-content/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+|[\d]+)" $file | sort | uniq -cd | sort | tail -n 1 | cut -d " " -f8); grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/wp-content/plugins/${rplugins[c]}/.*ver=$y" $file; continue; fi; grep -m1 -oP "<script.*src=.*/wp-content/plugins/${rplugins[c]}/.*id='${rplugins[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || grep -m1 -oP "<script.*src=.*/wp-content/plugins/${rplugins[c]}/.*id=\"${rplugins[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || if [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/plugins/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/plugins/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; fi; done))
i=0; len=${#rplugins[@]}; for ((c=0; c<$len; c++)); do [[ $tplugins =~ ${rplugins[c]} ]] && continue; if [[ ${links[i]} =~ ${rplugins[c]} ]]; then if [[ ! $wp_version ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sap ${rplugins[c]}; ((i++)); continue; fi; if [[ ! ${links[i]} =~ $wp_version ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sap ${rplugins[c]}; ((i++)); continue; else v=$(curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt $url/wp-content/plugins/${rplugins[c]}/README.txt $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); if [[ $v ]]; then sap ${rplugins[c]}; ((i++)); continue; else echo "${rplugins[c]}: Version not detected"; ((i++)); continue; fi; fi; else echo "${rplugins[c]}: Version not detected"; fi; done
pp "Vulnerabilities"
if [[ ${flagz[@]} ]]; then for ((c=0; c<${#flagz[@]}; c++)); do hh=(${vulns_plugins[${flagz[c]}]}); cg_color olbb "(${hh[0]}) "; echo -n ${hh[2]} | tr "." " "; if [[ ${hh[3]} == "CRITICAL" ]]; then cg_color bbr " [${hh[3]}]"; elif [[ ${hh[3]} == "HIGH" ]]; then cg_color bhr " [${hh[3]}]"; elif [[ ${hh[3]} == "MEDIUM" ]]; then cg_color bby " [${hh[3]}]"; elif [[ ${hh[3]} == "LOW" ]]; then cg_color bbp " [${hh[3]}]"; fi; done; else cg_color bbg "No vulnerabilities detected"; fi
}
themes(){
flagz=()
releases_themes=("transcend 1.2.1")
vulns_themes=("15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "5star No.known.fix CSRF.File.Upload HIGH" "aapna No.known.fix Reflected.XSS HIGH" "almera 1.1.8 Information.Disclosure HIGH" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "accesspress-staple No.known.fix Authenticated.(Subscriber+).Arbitrary.Plugin.Activation.and.Deactivation HIGH" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anima 1.4.1.1 Contributor+.Stored.XSS MEDIUM" "arrival No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "aports No.known.fix Reflected.XSS HIGH" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "accio 1.1.1 Information.Disclosure HIGH" "aora 1.3.10 Unauthenticated.Local.File.Inclusion CRITICAL" "anih No.known.fix Creative.Agency.WordPress.Theme.<=.2024.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "axioma 1.1.2 Information.Disclosure HIGH" "atlast-business No.known.fix Reflected.XSS HIGH" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "anfaust No.known.fix Reflected.XSS HIGH" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anand No.known.fix Reflected.XSS HIGH" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "antioch No.known.fix Arbitrary.File.Download HIGH" "arkhe No.known.fix Local.File.Inclusion.via.CSRF HIGH" "altair No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "altair 5.2.5 Unauthenticated.Arbitrary.Options.Update.via.pp_import_current CRITICAL" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "arlo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "auramart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avantage No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "adforest 5.1.9 Authentication.Bypass CRITICAL" "adforest 5.1.8 Classified.Ads.WordPress.Theme.<.5.1.8.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post/Attachment.Deletion MEDIUM" "adforest 5.1.7 Authentication.Bypass CRITICAL" "adforest 5.1.7 Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aurum-minimalist-shopping-theme 4.0.3 WordPress.&.WooCommerce.Shopping.Theme.<.4.0.3.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Content.Import MEDIUM" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "anywhere-elementor-pro No.known.fix Missing.Authorization MEDIUM" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "ashley 1.8.0 Unauthenticated.Local.File.Inclusion CRITICAL" "airin-blog 1.6.3 Unauthenticated.PHP.Object.Injection HIGH" "acerola No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "acerola No.known.fix Missing.Authorization MEDIUM" "aihub 1.3.8 Unauthenticated.Arbitrary.File.Upload.in.generate_image CRITICAL" "aihub No.known.fix Startup.&.Technology.WordPress.Theme.<=.1.3.3.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "ashe 2.244 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "art-theme 3.12.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Option.Delete MEDIUM" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "bw-zagg No.known.fix Electronics.&.Accessories.WooCommerce.WordPress.Theme.<=.1.4.1.-.Unauthenticated.Local.File.Inclusion HIGH" "bulk No.known.fix Missing.Authorization MEDIUM" "bootstrap-ultimate No.known.fix Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boliin No.known.fix Reflected.XSS HIGH" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "backpacktraveler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "beauty No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.tpl_featured_cat_id.Parameter MEDIUM" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "barter 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "business-pro No.known.fix Reflected.XSS HIGH" "bw-craftxtore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bw-petito No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "build No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbe 1.53 Direct.Object.Reference MEDIUM" "bellevuex No.known.fix Missing.Authorization MEDIUM" "bimber No.known.fix Viral.Magazine.WordPress.Theme.<=.9.2.5.-.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "buzzclub 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update MEDIUM" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "big-store 2.0.9 Missing.Authorization MEDIUM" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "besa 2.3.10 Unauthenticated.Local.File.Inclusion CRITICAL" "butcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "butcher No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bricks 1.9.7 Authenticated.(Contributor+).Privilege.Escalation.via.create_autosave HIGH" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "builty 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "bodycenter No.known.fix Gym,.Fitness.WooCommerce.WordPress.Theme.<=.2.4.-.Unauthenticated.Local.File.Inclusion CRITICAL" "bravada 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "boot-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "bicycleshop 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bw-fitrush No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bunnypresslite 2.1 Reflected.XSS HIGH" "blessing 1.3.2.1 Information.Disclosure HIGH" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "brandy 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.98 Missing.Authorization LOW" "blocksy 2.0.78 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "bloggie No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "bloggie No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "bard 2.217 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "brooklyn 4.9.9.3 Authenticated.(Subscriber+).PHP.Object.Injection.in.ot_decode HIGH" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brooklyn No.known.fix PHP.Object.Injection HIGH" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brain-power No.known.fix Reflected.XSS HIGH" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "betheme 28.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betheme 27.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme 27.5.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "bw-giftxtore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "cas No.known.fix Unauthenticated.SSRF HIGH" "car-repair-services No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "celestial-aura No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "catch-base 3.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "create 2.9.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "carzine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cardealer No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "cardealer 1.6.5 Arbitrary.Theme.Option.Update.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "cardealer 1.6.5 Missing.Authorization.to.Authenticated.(Subscriber+).Change.and.Delete.JS.and.CSS.Files MEDIUM" "cardealer 1.6.5 Cross-Site.Request.Forgery.to.User.Update.via.update_user_profile HIGH" "cardealer 1.6.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion.and.Read HIGH" "cardealer 1.1.9 Information.Disclosure HIGH" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cww-portfolio No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "city-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "carspot 2.4.4 Unauthenticated.Arbitrary.Password.Reset/Account.Takeover CRITICAL" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "couponxl No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "conult No.known.fix Reflected.XSS HIGH" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "civi No.known.fix Authentication.Bypass.via.Password.Update CRITICAL" "civi No.known.fix Authentication.Bypass.via.Non-Randomized.Password.for.SSO.Accounts MEDIUM" "civi No.known.fix Sensitive.Information.Exposure HIGH" "ciyashop No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "ciyashop 4.19.1 Multipurpose.WooCommerce.Theme.<.4.19.1.-.Unauthenticated.PHP.Object.Injection CRITICAL" "click-mag 3.7.0 Viral.WordPress.News.Magazine/Blog.Theme.<.3.7.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "course-builder 3.6.6 Online.Course.WordPress.Theme.<.3.6.6.-.Unauthenticated.PHP.Object.Injection CRITICAL" "clean-retina 3.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "college 1.5.1 Reflected.XSS HIGH" "cozystay 1.7.1 Unauthenticated.Local.File.Inclusion CRITICAL" "cozystay 1.7.1 Unauthenticated.PHP.Object.Injection CRITICAL" "cozystay 1.7.1 Missing.Authorization.to.Arbitrary.Action.Execution.in.ajax_handler HIGH" "cozystay 1.7.1 Unauthenticated.PHP.Object.Injection.in.ajax_handler CRITICAL" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "connections-reloaded No.known.fix Reflected.XSS HIGH" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "crafts-and-arts No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "churel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customify-theme No.known.fix Missing.Authorization MEDIUM" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "constix No.known.fix Reflected.XSS HIGH" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "capie No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "drop 1.22 Reflected.XSS HIGH" "dessau 1.9 Unauthenticated.Local.File.Inclusion CRITICAL" "directory 3.0.2 Reflected.XSS HIGH" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "diplomat 1.0.3 Information.Disclosure HIGH" "digi-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dor 2.4.1 Unauthenticated.Local.File.Inclusion CRITICAL" "digitally No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "diza 1.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "darcie 1.1.6 Reflected.XSS HIGH" "disconnected No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "dash No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "design-comuni-wordpress-theme 1.1.2 Unauthenticated.Stored.XSS HIGH" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delicate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "dwt-listing 3.3.5 Directory.&.Listing.WordPress.Theme.<=3.3.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dwt-listing 3.3.4 Directory.&.Listing.WordPress.Theme.<.3.3.4.-.Reflected.Cross-Site.Scripting MEDIUM" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "edumall 4.3.0 Unauthenticated.Local.File.Inclusion HIGH" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "estrutura-basica No.known.fix Local.File.Download. HIGH" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "epic No.known.fix Arbitrary.File.Download HIGH" "everest-news-pro No.known.fix Reflected.XSS HIGH" "envo-multipurpose No.known.fix Missing.Authorization LOW" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "edmin No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "edmin No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "edmin No.known.fix Reflected.Cross-Site.Scripting HIGH" "everest-news No.known.fix Reflected.XSS HIGH" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "education-lms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eximius No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "empowerment No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "enfold 7.0 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.attachment_id MEDIUM" "enfold 7.0 Missing.Authorization.to.Sensitive.Information.Disclosure.in.avia-export-class.php MEDIUM" "enfold 6.0.4 Contributor+.Stored.XSS.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enzio No.known.fix Responsive.Business.WordPress.Theme.<=.1.1.8.-.Unauthenticated.Local.File.Inclusion CRITICAL" "esotera 1.2.6 Contributor+.Stored.XSS MEDIUM" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "eduma 5.6.5 Missing.Authorization MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "entrada No.known.fix Unauthenticated.SQL.Injection HIGH" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eco-nature 2.1.0 Environment.&.Ecology.WordPress.Theme.<.2.1.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "fashionable-store No.known.fix Reflected.XSS HIGH" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "fullbase 1.2.1 Reflected.XSS HIGH" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "finance No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "foton 2.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "fioxen No.known.fix Reflected.XSS HIGH" "folo No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "folo No.known.fix Reflected.Cross-Site.Scripting HIGH" "fude No.known.fix Reflected.XSS HIGH" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "fish-house No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "full-frame 2.7.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "flozen-theme 1.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "freely No.known.fix Information.Disclosure HIGH" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "forumengine 1.9 Reflected.Cross-Site.Scripting MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "flap No.known.fix Business.WordPress.Theme.<=.1.5.-.Unauthenticated.PHP.Object.Injection CRITICAL" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flatnews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flashy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flixita 1.0.83 Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "fana 1.1.29 Unauthenticated.Local.File.Inclusion CRITICAL" "flex-mag 3.6.0 Responsive.WordPress.News.Theme.<.3.6.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "fluida 1.8.8.1 Contributor+.Stored.XSS MEDIUM" "grandtour No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "gameplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grandrestaurant No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "grandrestaurant No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Deletion HIGH" "grandrestaurant No.known.fix Unauthenticated.PHP.Object.Injection.via.Path.Traversal CRITICAL" "grandrestaurant No.known.fix Cross-Site.Request.Forgery MEDIUM" "grandrestaurant No.known.fix Missing.Authorization MEDIUM" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "golo 1.7.1 Authentication.Bypass.to.Account.Takeover CRITICAL" "golo 1.6.11 Directory.&.Listing,.Travel.WordPress.Theme.<.1.6.11.-.Missing.Authorization.to.Privilege.Escalation.via.Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "gowilds No.known.fix Reflected.XSS HIGH" "ghostwriter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glossy-blog No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "grip No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "grace-mag No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grandprix 1.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "gravel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hmd 2.2 Reflected.Cross-Site.Scripting MEDIUM" "halpes No.known.fix Reflected.XSS HIGH" "hara 1.2.11 Unauthenticated.Local.File.Inclusion CRITICAL" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "homey 2.4.5 Booking.and.Rentals.WordPress.Theme.<.2.4.5.-.Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "homey 2.4.5 Booking.and.Rentals.WordPress.Theme.<.2.4.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Reservation.&.Post.Deletion MEDIUM" "homey 2.4.4 Cross-Site.Request.Forgery.to.User.Verification MEDIUM" "homey 2.4.4 Limited.Authentication.Bypass HIGH" "homey 2.4.3 Unauthenticated.Privilege.Escalation.in.homey_save_profile CRITICAL" "homey No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.3.0 Subscriber+.Privilege.Escalation HIGH" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "home-services No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hostiko 30.1 Hosting.WordPress.&.WHMCS.Theme.<.30.1.-.Unauthenticated.Local.File.Inclusion HIGH" "hostiko 30.1 Hosting.WordPress.&.WHMCS.Theme.<.30.1.-.Reflected.Cross-Site.Scripting MEDIUM" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hester No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "healsoul No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "hotstar No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "hotstar No.known.fix Missing.Authorization MEDIUM" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ivy-school 1.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "inset No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "industrial-lite No.known.fix Missing.Authorization MEDIUM" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "industrial 1.7.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insurance No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "ilex 1.4.2 Reflected.XSS HIGH" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "itsulu 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "jobify 4.2.8 Job.Board.WordPress.Theme.<.4.2.8.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery,.Arbitrary.Image.Upload,.and.Image.Generation MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Missing.Authorization MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Cross-Site.Request.Forgery MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Unauthenticated.Arbitrary.File.Read HIGH" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "jarvis No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "js-o3-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-o3-lite No.known.fix Reflected.XSS HIGH" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "js-paper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jnews No.known.fix Missing.Authorization MEDIUM" "jnews 11.6.7 WordPress.Newspaper.Magazine.Blog.AMP.Theme.<.11.6.7.-.Unauthorized.User.Registration MEDIUM" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "kleo 5.4.4 Missing.Authorization MEDIUM" "kleo 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kahuna 1.7.0.1 Contributor+.Stored.XSS MEDIUM" "kinsley 3.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "kata-app No.known.fix Reflected.XSS HIGH" "kidsplanet 2.2.14.1 Unauthenticated.PHP.Object.Injection CRITICAL" "kaffen 1.2.6 Unauthenticated.Local.File.Inclusion CRITICAL" "kata-business No.known.fix Reflected.XSS HIGH" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "krste 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "krowd No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "kiamo No.known.fix Responsive.Business.Service.WordPress.Theme.<=.1.3.3.-.Unauthenticated.Local.File.Inclusion CRITICAL" "kata 1.2.9 Reflected.XSS HIGH" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "lafka No.known.fix Multi.Store.Burger.-.Pizza.&.Food.Delivery.WooCommerce.Theme.<=.4.5.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "looki-lite 1.3.0 Reflected.XSS HIGH" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "listingo No.known.fix Business.Listing.and.Directory.WordPress.Theme.<=.3.2.7.-.Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "lasa 1.1.1 Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro 2.9.5 Subscriber+.Local.File.Inclusion HIGH" "listingpro 2.9.5 Unauthenticated.SQL.Injection CRITICAL" "listingpro 2.9.5 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "lattice 1.1.4 Unspecified.XSS MEDIUM" "larson 1.6.0 Unauthenticated.Local.File.Inclusion CRITICAL" "luique 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "lestin No.known.fix Reflected.XSS HIGH" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "laboom No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listivo 2.3.68 Classified.Ads.WordPress.Theme.<.2.3.68.-.Reflected.Cross-Site.Scripting MEDIUM" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "madara 2.2.2.1 Unauthenticated.Local.File.Inclusion CRITICAL" "monolit 2.0.7 Reflected.XSS HIGH" "mTheme-Unus No.known.fix Local.File.Inclusion.(LFI) HIGH" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mediclinic 2.2 Unauthenticated.Local.File.Inclusion CRITICAL" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "mags 1.1.7 Unauthenticated.Local.File.Inclusion CRITICAL" "medicenter 14.7 Health.Medical.Clinic.WordPress.Theme.<.14.7.-.Missing.Authorization MEDIUM" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "multifox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "minimog 3.8.0 Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "my-flatonica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-white No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "my-wooden-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meris No.known.fix Reflected.XSS HIGH" "moseter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moseter No.known.fix Reflected.XSS HIGH" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "motors 5.6.68 Unauthenticated.Privilege.Escalation.via.Password.Update/Account.Takeover CRITICAL" "motors 5.6.66 Car.Dealer,.Rental.&.Listing.WordPress.theme.<.5.6.66.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "meta-news 1.1.8 Unauthenticated.Local.File.Inclusion CRITICAL" "medicare No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "massive-dynamic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "mocho-blog No.known.fix Reflected.XSS HIGH" "modins No.known.fix Reflected.XSS HIGH" "maia 1.1.16 Unauthenticated.Local.File.Inclusion CRITICAL" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "morningtime-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "newsy No.known.fix Reflected.Cross-Site.Scripting HIGH" "newsy No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "nrgbusiness No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "nrgbusiness No.known.fix Missing.Authorization MEDIUM" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newseqo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "noo-jobmonster 4.7.6 Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.7.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nrgfashion No.known.fix Model.Agency.One.Page.Beauty.Theme.<=.1.4.4.-.Unauthenticated.PHP.Object.Injection CRITICAL" "nightlife No.known.fix CSRF.File.Upload HIGH" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsblogger 0.2.5.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "newsblogger 0.2.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation HIGH" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "nika 1.2.9 Unauthenticated.Local.File.Inclusion CRITICAL" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "newsdaily No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newscard 1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "nexter 2.0.4 Missing.Authorization MEDIUM" "newsmash 1.0.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nothing-personal No.known.fix Reflected.XSS HIGH" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "newsmunch 1.0.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nokri 1.6.3 Unauthenticated.Arbitrary.Password.Change CRITICAL" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "neighborly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "nioland 1.2.7 Reflected.Cross-Site.Scripting.via.s MEDIUM" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "newscrunch 1.8.4.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "newscrunch 1.8.4.1 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "oceanwp 4.1.0 Contributor+.Stored.XSS.via.Select.HTML.Tag MEDIUM" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "oxpitan No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ober 1.3.4 Unauthenticated.Local.File.Inclusion CRITICAL" "ogami No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "onepress No.known.fix Missing.Authorization MEDIUM" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "olivia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offset-writing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offset-writing No.known.fix Reflected.XSS HIGH" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "orgarium No.known.fix Reflected.XSS HIGH" "opstore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "photobox No.known.fix Reflected.Cross-Site.Scripting HIGH" "photobox No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "photography No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "photography No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "photography No.known.fix Missing.Authorization MEDIUM" "pinzolo 1.2.10 Reflected.XSS HIGH" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "plato 1.1.9 Reflected.XSS HIGH" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "pearl 3.4.8 Corporate.Business.<.3.4.8.-.Unauthenticated.Local.File.Inclusion CRITICAL" "plant No.known.fix Gardening.&.Houseplants.WordPress.Theme.<=.1.0.0.-.Unauthenticated.Information.Exposure MEDIUM" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "press-grid No.known.fix Frontend.Publish.Reaction.&.Multimedia.Theme.<=.1.3.1.-.Unauthenticated.PHP.Object.Injection CRITICAL" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "polka-dots No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "power-mag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "point No.known.fix Cross-Site.Request.Forgery MEDIUM" "plain-post 1.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posterity No.known.fix Contributor+.Stored.XSS MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "paroti No.known.fix Reflected.XSS HIGH" "pressmart 1.2.17 Modern.Elementor.WooCommerce.WordPress.Theme.<.1.2.17.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pubnews 1.0.8 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "puzzles 4.2.5 Unauthenticated.PHP.Object.Injection HIGH" "puzzles 4.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "puzzles 4.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "pimp No.known.fix Creative.MultiPurpose.<=.1.7.-.Unauthenticated.PHP.Object.Injection CRITICAL" "pisole No.known.fix Reflected.XSS HIGH" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "pont No.known.fix Privilige.Escalation HIGH" "petsworld No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "qempo No.known.fix Reflected.XSS HIGH" "quota 1.2.5 Unspecified.XSS MEDIUM" "qizon No.known.fix Reflected.XSS HIGH" "quasar 2.0 Privilege.Escalation HIGH" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "rapyd-payments No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "revo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "realhomes 4.4.1 Real.Estate.WordPress.Theme.<.4.4.1.-.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "realhomes 4.3.7 Privilege.Escalation CRITICAL" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "reconstruction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "realestate-7 3.5.3 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.5.5 Authenticated.(Custom).Arbitrary.File.Upload HIGH" "realestate-7 3.5.2 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "rozario No.known.fix Missing.Authorization MEDIUM" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "roseta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "ruizarch 1.2.0 Unauthenticated.Local.File.Inclusion CRITICAL" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "rainbownews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "rezo No.known.fix Reflected.Cross-Site.Scripting HIGH" "rezo No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "reales-wp-real-estate-wordpress-theme No.known.fix Real.Estate.WordPress.Theme.<=.2.1.2.-.Missing.Authorization.to.Unauthenticated.Attachment.Deletion.and.Favorite.Property.Updates MEDIUM" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "ruza 1.0.8 Unauthenticated.Local.File.Inclusion CRITICAL" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "resido 3.6.1 Real.Estate.WordPress.Theme.<.3.6.1.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery.and.API.Key.Settings.Update MEDIUM" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "sidepane No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "sidepane No.known.fix Reflected.Cross-Site.Scripting HIGH" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "sapa 1.1.15 Unauthenticated.Local.File.Inclusion CRITICAL" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "spabiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simpolio No.known.fix Privilige.Escalation HIGH" "store-commerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snsevon No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "soho-hotel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spare No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "spare No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spare No.known.fix Cross-Site.Request.Forgery MEDIUM" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "saul 1.1.0 Reflected.XSS HIGH" "sean-lite 1.4.6 Reflected.XSS HIGH" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sevenstars No.known.fix Cross-Site.Request.Forgery MEDIUM" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "shopo No.known.fix Reflected.Cross-Site.Scripting HIGH" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "sweet-dessert 1.1.13 Unauthenticated.PHP.Object.Injection CRITICAL" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "socialv 2.0.16 Social.Network.and.Community.BuddyPress.Theme.<.2.0.16.-.Missing.Authorization.to.Arbitrary.File.Download MEDIUM" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sominx No.known.fix Reflected.XSS HIGH" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "snsnitan No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "sweetdate 3.8.0 Unauthenticated.Privilege.Escalation CRITICAL" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "solar No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "smartit No.known.fix Information.Disclosure HIGH" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "septera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "style No.known.fix Information.Disclosure HIGH" "sparkling 2.4.10 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "samantha 1.2.0 Unauthenticated.Local.File.Inclusion CRITICAL" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "storebiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "sirat No.known.fix Missing.Authorization MEDIUM" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "snsanton No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "soledad 8.6.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "streamit 4.0.3 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Email.Change/Account.Takeover HIGH" "streamit 4.0.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "streamit 4.0.2 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "simplecharm 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snssimen No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "simplish No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "specialist No.known.fix CSRF.File.Upload HIGH" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "slide No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "slide No.known.fix Reflected.Cross-Site.Scripting HIGH" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "taina No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "the-wound No.known.fix Unauthenticated.LFI HIGH" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "thegem 5.10.3.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "thegem 5.10.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Theme.Options.Update MEDIUM" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "th-shop-mania 1.5.0 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "tevily No.known.fix Reflected.XSS HIGH" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "traveltour 5.2.4 Reflected.XSS HIGH" "t1 No.known.fix Open.Redirect MEDIUM" "top-store 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "tijaji No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.XSS HIGH" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "traveler 3.2.1 Missing.Authorization MEDIUM" "traveler 3.2.1 Missing.Authorization MEDIUM" "traveler 3.2.1 Unauthenticated.PHP.Object.Injection HIGH" "traveler 3.2.1 Unauthenticated.SQL.Injection HIGH" "traveler 3.1.9 Unauthenticated.Local.File.Inclusion.via.hotel_alone_load_more_post CRITICAL" "traveler 3.1.9 Reflected.Cross-Site.Scripting MEDIUM" "traveler 3.2.0 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "traveler 3.1.7 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "traveler 3.1.7 Unauthenticated.SQL.Injection.via.order_id HIGH" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "tinysalt 3.10.0 Unauthenticated.PHP.Object.Injection HIGH" "tinysalt 3.10.0 Unauthenticated.Local.File.Inclusion HIGH" "tinysalt 3.10.0 Unauthenticated.PHP.Object.Injection.in.ajax_handler CRITICAL" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tweaker5 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-ultralight No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuaug4 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "teardrop No.known.fix Privilige.Escalation HIGH" "tydskrif No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "tiger No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "tiger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "triton-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "tastyc 2.5.2 Unauthenticated.Local.File.Inclusion CRITICAL" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "tantyyellow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tantyyellow No.known.fix Reflected.XSS HIGH" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "uncode 2.9.1.7 Unauthenticated.Arbitrary.File.Read.in.uncode_admin_get_oembed HIGH" "uncode 2.9.1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.mle-description MEDIUM" "uncode 2.9.1.7 Subscriber+.Arbitrary.File.Read.in.uncode_recordMedia MEDIUM" "unseen-blog No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "upfrontwp No.known.fix Reflected.XSS HIGH" "u-design No.known.fix Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unlimited 1.46 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultralight No.known.fix Reflected.XSS HIGH" "udesign 4.11.3 Missing.Authorization MEDIUM" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "umberto No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultrapress No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vizeon No.known.fix Business.Consulting.<=.1.1.7.-.Unauthenticated.Local.File.Inclusion CRITICAL" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vikinger 1.9.31 Authenticated.(Subscriber+).Privilege.Escalation.via.'vikinger_user_meta_update_ajax' HIGH" "veda No.known.fix MultiPurpose.WordPress.Theme.<=.4.2.-.Authenticated.(Subscriber+).PHP.Object.Injection CRITICAL" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "vw-automobile-lite No.known.fix Missing.Authorization MEDIUM" "valen No.known.fix Sport,.Fashion.WooCommerce.WordPress.Theme.<=.2.4.-.Unauthenticated.Local.File.Inclusion CRITICAL" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "villar 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viburno 1.3.2 Reflected.XSS HIGH" "vernissage 1.3 Privilige.Escalation HIGH" "vw-storefront 1.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "verbosa 1.2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "venice-lite 1.5.5 Reflected.XSS HIGH" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "whitish-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "wp-foodbakery No.known.fix Cross-Site.Request.Forgery.in.Multiple.Functions HIGH" "wp-foodbakery 4.8 Missing.Authorization.in.Multiple.Functions HIGH" "wp-weixin 1.3.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weddingalbum No.known.fix Information.Disclosure HIGH" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wp-moose 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wishful-blog No.known.fix Reflected.XSS HIGH" "wolmart 1.8.12 Unauthenticated.Arbitrary.Shortcode.Execution.in.wolmart_loadmore HIGH" "winnex No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woffice 5.4.22 Authentication.Bypass.via.Registration.Role CRITICAL" "woffice 5.4.15 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wedding-bride 1.0.2 Reflected.XSS HIGH" "woostify 1.9.2 CSRF.Bypass MEDIUM" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "wlow 1.2.7 Reflected.XSS HIGH" "wireless-butler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woodmart 8.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wigi No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Unauthenticated.Privilege.Escalation CRITICAL" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.2 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Instructor+).SQL.Injection MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wplms 1.9.9.5 Unauthenticated.Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wplms 1.9.9.1 Missing.Authorization.to.Unauthenticated.User.Token.Generation MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5 Authenticated.(Student+).Remote.Code.Execution HIGH" "wplms 4.963 Unauthenticated.Arbitrary.File.Read.and.Deletion CRITICAL" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "wanderland 1.7.2 Unauthenticated.Local.File.Inclusion CRITICAL" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "wproject 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wproject 5.8.0 Missing.Authorization.to.Unauthenticated.Content.Modification.and.Deletion MEDIUM" "wproject 5.8.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "welowe No.known.fix Reflected.XSS HIGH" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "wilmer 3.4.2 Unauthenticated.Local.File.Inclusion CRITICAL" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "xin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "xews-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "yozi No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zass No.known.fix WooCommerce.Theme.for.Handmade.Artists.and.Artisans.<=.3.9.9.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "zegen No.known.fix Church.WordPress.Theme.<=.1.1.9.-.Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Options.Updates MEDIUM" "zox-news 3.17.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zilom No.known.fix Reflected.XSS HIGH" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zota 1.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM")
pp "Theme: Version"
rthemes=(`grep -oP ".*/wp-content/themes/\K[a-zA-Z0-9-_.]+" $file | sort -u`)
d=true; [[ ! ${rthemes[@]} ]] && d=false || d=true
if ! "$d"; then cg_color bbg "No themes detected"; return 1; fi
links=($(len=${#rthemes[@]}; for ((c=0; c<$len; c++)); do if [[ $(grep -oP "<(script|link).*/wp-content/themes/${rthemes[c]}/.*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+" | sort -u | wc -l) == 1 ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/[a-zA-Z-_/.?]+=([\d]+\.[\d.]+|[\d]+)" $file; continue; fi; k=0; vz=(`grep -oP "<script.*/wp-content/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+"`); l=${#vz[@]}; for ((i=0; i<$l-1; i++)); do if [[ ${vz[i]} == ${vz[i+1]} ]]; then ((k++)); fi; done; if [[ $k == $(($l-1)) ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=${vz[0]}" $file && continue; elif [[ $k > 0 && $k > $(($(($l-1))/2)) ]]; then y=$(grep -oP "^<script.*/wp-content/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+|[\d]+)" $file | sort | uniq -cd | sort | tail -n 1 | cut -d " " -f8); grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/wp-content/themes/${rthemes[c]}/.*ver=$y" $file; continue; fi; grep -m1 -oP "<script.*src=.*/wp-content/themes/${rthemes[c]}/.*id='${rthemes[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || grep -m1 -oP "<script.*src=.*/wp-content/themes/${rthemes[c]}/.*id=\"${rthemes[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || if [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rthemes[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; fi; done))
i=0; len=${#rthemes[@]}; for ((c=0; c<$len; c++)); do if [[ ${links[i]} =~ ${rthemes[c]} ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sapt ${rthemes[c]}; ((i++)); continue; else echo "${rthemes[c]}: Version not detected"; fi; done
pp "Vulnerabilities"
if [[ ${flagz[@]} ]]; then for ((c=0; c<${#flagz[@]}; c++)); do hh=(${vulns_themes[${flagz[c]}]}); cg_color olbb "(${hh[0]}) "; echo -n ${hh[2]} | tr "." " "; if [[ ${hh[3]} == "CRITICAL" ]]; then cg_color bbr " [${hh[3]}]"; elif [[ ${hh[3]} == "HIGH" ]]; then cg_color bhr " [${hh[3]}]"; elif [[ ${hh[3]} == "MEDIUM" ]]; then cg_color bby " [${hh[3]}]"; elif [[ ${hh[3]} == "LOW" ]]; then cg_color bbp " [${hh[3]}]"; fi; done; else cg_color bbg "No vulnerabilities detected"; fi
}
users(){
pp "Users"
resp=$(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/\?rest_route=/wp/v2/users/ -k -L)
if [[ ! $resp =~ (rest_user_cannot_view|WordPress) ]] && [[ ! ${#resp} < 5 ]]; then
users=($(echo $resp | grep -oP "slug\":\"[a-zA-Z90-9-_]+" | cut -c 8- | tr "\n" " "))
for ((c=0; c<((${#users[@]}-1)); c++)); do cg_color olbb "${users[c]}, "; done
cg_color bbb ${users[-1]}
elif [[ $resp =~ (rest_user_cannot_view|WordPress) ]]; then
users=($(curl -s $url/\?rest_route=/wp/v2/posts | grep -oP '"author":"\K[\w-]+"' | sort -u | rev | cut -c 2- | rev))
if [[ ${users[@]} ]]; then
for ((c=0; c<((${#users[@]}-1)); c++)); do cg_color olbb "${users[c]}, "; done
cg_color bbb ${users[-1]}
else
cg_color bbg "No users discovered"
fi
else
cg_color bbg "No users discovered"
fi
}
do_it(){
echo "--> Scanning $url"
# Save file
file=$(echo $url | grep -oP "://(www.\K[a-z0-9]+|\K[a-z0-9]+)")".html"
# Check if site is live
s=$(date +"%s")
curl --connect-timeout 7 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url -k -L -o $file
e=$(date +"%s")
t=$(($e-$s))
[[ $t>=7 ]] && { echo "Site might not be live"; return 1; }
# Check if the site is running wordpress
ch || { echo "Site is not running Wordpress"; return 1; }
# Check filetype
cf
# Enumerate Wordpress version
ver
# Enumerate Plugins
plugins
# Enumerate themes
themes
# Enumerate users
users
}
# Syntax
[[ $# < 1 ]] && { echo "Syntax: ./enum.sh [url]"; exit; }
# Check if URL is valid
if [[ $# == 1 && $1 =~ ^(http|https)://.* ]]; then
url=`echo $1 | grep -oP "[a-z]+://[a-z0-9-_.]+\.[a-z.]+|[a-z]+://[\d.]+:[\d]+|[a-z]+://[\d.]+"`
do_it
elif [[ $# > 1 ]]; then
for url in $@; do
do_it
echo
done
else
echo "Invalid url"
exit
fi
Reference in New Issue View Git Blame Copy Permalink