jc/wordpress_enumeration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
698a055eceb795432473b4e8923318485477caa6
wordpress_enumeration/enum.sh
T
jc 698a055ece Updated with scrap.py
2026-03-23 09:49:41 +00:00

173 lines
2.4 MiB
Plaintext
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# Optimize the scrapping plugins with a difference in slashes i.e https:\/\/ke.cicinsurancegroup.com\/wp-content\/plugins\/awsm-team-pro\/js
# Add gap seperating vulnerabilities section in script
# Add author-sitemap.xml as enumeration try out for users
# Optimize source code scraping -> URL Encoding e.g CIC%20Sliders
# change site-kit-by-google to google-site-kit and redux to redux-framework
# add the plugins found in capitalfm source code to consideration -> like tplugins
pp(){
len=30; for ((c=1; c<$(($len+1)); c++)); do echo -n "="; done; echo; echo "[+] $1"; for ((c=1; c<$(($len+1)); c++)); do echo -n "="; done; echo
}
ch(){
[[ `curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s -I $url $url/doesnotexist $url/wp-admin -k -L | grep -i "x-redirect-by\|x-powered-by\|link\|x-tec-api-root"` =~ (WordPress|WP|Strattic|Netlify|wp-json) ]] && return 0 || return 1
}
cf(){
[[ `file $file` =~ "gzip" ]] && { zcat $file > a; mv a $file; }
}
cwv(){
# check if the version of wordpress is outdated or not
[[ $wp_version == $lv ]] && { echo -n "Wordpress version: $wp_version "; cg_color bbg "(Up-to-date)"; return 1; }; for ((c=0; c<${#releases[@]}; c++)); do [[ ${releases[c]} =~ $wp_version ]] && break; done; b=c; a=(${releases[b]}); c=$(($c-1)); d=(${releases[c]}); if [[ ${d[0]} =~ ^[0-9]\.[0-9]$ || ${safe[@]} =~ $wp_version ]]; then echo -n "Wordpress version: $wp_version"; cg_color olbg " [SAFE] "; echo -n "(Outdated - Released: "; else echo -n "Wordpress version: $wp_version (Outdated - Released: "; fi; echo "${a[1]}, Latest version: $lv)"
}
cv(){
# compare versions
[[ $p == $v ]] && return 1
[[ $(echo $p | cut -d "." -f1) -gt $(echo $v | cut -d "." -f1) ]] && { flag+=($j); return 1; }
[[ ${#p} == ${#v} ]] && [[ $(printf "$p\n$v" | sort -rn | head -n1) == $p ]] && { flag+=($j); return 1; }
[[ $(echo $p | cut -d "." -f1) == $(echo $v | cut -d "." -f1) ]] && [[ $(echo $p | cut -d "." -f2) -gt $(echo $v | cut -d "." -f2) ]] && { flag+=($j); return 1; }
[[ $(echo $p | cut -d "." -f1) == $(echo $v | cut -d "." -f1) ]] && [[ $(echo $p | cut -d "." -f2) == $(echo $v | cut -d "." -f2) ]] && [[ ${#p} -gt ${#v} ]] && { flag+=($j); return 1; }
}
cg_color(){
[[ $1 == olbr ]] && echo -en "\e[1;31m$2\e[0m" || { [[ $1 == olbg ]] && echo -en "\e[1;92m$2\e[0m"; } || { [[ $1 == olbb ]] && echo -en "\e[1;94m$2\e[0m"; } || { [[ $1 == olby ]] && echo -en "\e[1;93m$2\e[0m"; } || { [[ $1 == olhr ]] && echo -en "\e[1;91m\e[0m"; } || { [[ $1 == bbr ]] && echo -e "\e[1;31m$2\e[0m"; } || { [[ $1 == bbg ]] && echo -e "\e[1;92m$2\e[0m"; } || { [[ $1 == bbb ]] && echo -e "\e[1;94m$2\e[0m"; } || { [[ $1 == bby ]] && echo -e "\e[1;93m$2\e[0m"; } || { [[ $1 == bhr ]] && echo -e "\e[1;91m$2\e[0m"; } || { [[ $1 == olbp ]] && echo -en "\e[1;95m$2\e[0m"; } || { [[ $1 == bbp ]] && echo -e "\e[1;95m$2\e[0m"; }
}
sapv(){
# search plugin in array and print if vulnerable or not
flag=(); for ((j=0; j<${#vulns_plugins[@]}; j++)); do g=(${vulns_plugins[j]}); p=${g[1]}; [[ ! ${g[0]} =~ ^$1$ ]] && continue; [[ $p == $v ]] && continue; cv; done; [[ ${flag[@]} ]] && { cg_color olbr " [VULNERABLE] "; flagz+=(${flag[@]}); } || cg_color olbg " [CLEAN] "
}
sap(){
# search plugin in array and print if outdated or not
[[ $# == 2 ]] && { a="$1-$2"; set -- "$a"; } || { [[ $# == 3 ]] && { a="$1-$2-$3"; set -- "$a"; }; } || { [[ $# == 4 ]] && { a="$1-$2-$3-$4"; set -- "$a"; }; }
[[ ! $v ]] && { echo "$1: Version not detected"; return 1; }; for ((x=0; x<${#releases_plugins[@]}; x++)); do w=(${releases_plugins[x]}); if [[ ${w[0]} =~ ^$1$ ]]; then u=(${releases_plugins[x]}); k=${u[1]}; kk=${u[0]}; [[ $v == $k ]] && { echo -n "$kk: "; echo -n $v; sapv $1; echo "(Up-to-date)"; } || { echo -n "$kk: "; echo -n $v; sapv $1; echo "(Outdated - Latest version: $k)"; }; break; fi; [[ $x == $((${#releases_plugins[@]}-1)) ]] && { echo -n "$1: $v"; sapv $1; echo; }; done
}
saptv(){
# search theme in array and print if vulnerable or not
flag=(); for ((j=0; j<${#vulns_themes[@]}; j++)); do g=(${vulns_themes[j]}); p=${g[1]}; [[ ! ${g[0]} =~ ^$1$ ]] && continue; [[ $p == $v ]] && continue; cv; done; [[ ${flag[@]} ]] && { cg_color olbr " [VULNERABLE] "; flagz+=(${flag[@]}); } || cg_color olbg " [CLEAN] "
}
sapt(){
# search theme in array and print if outdated or not
[[ ! $v ]] && { echo "$1: Version not detected"; return 1; }; for ((x=0; x<${#releases_themes[@]}; x++)); do w=(${releases_themes[x]}); if [[ ${w[0]} =~ ^$1$ ]]; then u=(${releases_themes[x]}); k=${u[1]}; kk=${u[0]}; [[ $v == $k ]] && { echo -n "$kk: "; echo -n $v; saptv $1; echo "(Up-to-date)"; } || { echo -n "$kk: "; echo -n $v; saptv $1; echo "(Outdated - Latest version: $k)"; }; break; fi; [[ $x == $((${#releases_themes[@]}-1)) ]] && { echo -n "$1: $v"; saptv $1; echo; }; done
}
rg(){
v=$(curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/$1/$2 -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1)
}
ver(){
lv=6.9.4
range=("6.4.3 - 6.6" "6.1.2 - 6.4.2" "5.8.3 - 6.1.1" "5.6.1 - 5.8.2" "5.3.3 - 5.6" "5.0.3 - 5.3.2")
releases=("6.9.4 11-03-2026" "6.9.3 10-03-2026" "6.9.2 10-03-2026" "6.9.1 03-02-2026" "6.9 02-12-2025" "6.8.5 11-03-2026" "2.3 10-03-2026" "2.2 30-09-2025" "2.1 15-07-2025" "2.0 30-04-2025" "1.5 15-04-2025" "1.2 11-03-2026" "1.0 30-09-2025" "0.71 05-08-2025" "6.7.5 11-02-2025" "6.7.4 21-11-2024" "6.7.3 12-11-2024" "6.7.2 11-03-2026" "6.7.1 30-09-2025" "6.7 05-08-2025" "6.6.5 10-09-2024" "6.6.4 23-07-2024" "6.6.3 16-07-2024" "6.6.2 11-03-2026" "6.6.1 30-09-2025" "6.6 05-08-2025" "6.5.8 24-06-2024" "6.5.7 05-06-2024" "6.5.6 07-05-2024" "6.5.5 09-04-2024" "6.5.4 02-04-2024" "6.5.3 11-03-2026" "6.5.2 30-09-2025" "6.5 05-08-2025" "6.4.8 24-06-2024" "6.4.7 09-04-2024" "6.4.6 30-01-2024" "6.4.5 06-12-2023" "6.4.4 09-11-2023" "6.4.3 07-11-2023" "6.4.2 12-03-2026" "6.4.1 30-09-2025" "6.4 05-08-2025" "6.3.8 24-06-2024" "6.3.7 09-04-2024" "6.3.6 30-01-2024" "6.3.5 12-10-2023" "6.3.4 29-08-2023" "6.3.3 08-08-2023" "6.3.2 12-03-2026" "6.3.1 30-09-2025" "6.3 05-08-2025" "6.2.9 24-06-2024" "6.2.8 09-04-2024" "6.2.7 30-01-2024" "6.2.6 12-10-2023" "6.2.5 20-05-2023" "6.2.4 16-05-2023" "6.2.3 29-03-2023" "6.2.2 12-03-2026" "6.2.1 30-09-2025" "6.2 05-08-2025" "6.1.10 24-06-2024" "6.1.9 09-04-2024" "6.1.8 30-01-2024" "6.1.7 12-10-2023" "6.1.6 20-05-2023" "6.1.5 16-05-2023" "6.1.4 15-11-2022" "6.1.3 02-11-2022" "6.1.2 30-09-2025" "6.1.1 05-08-2025" "6.1 24-06-2024" "6.0.11 10-04-2024" "6.0.10 30-01-2024" "6.0.9 12-10-2023" "6.0.8 20-05-2023" "6.0.7 16-05-2023" "6.0.6 17-10-2022" "6.0.5 30-08-2022" "6.0.4 12-07-2022" "6.0.3 24-05-2022" "6.0.2 12-03-2026" "6.0.1 30-09-2025" "6.0 05-08-2025" "5.9.13 24-06-2024" "5.9.12 30-01-2024" "5.9.11 12-10-2023" "5.9.10 20-05-2023" "5.9.9 16-05-2023" "5.9.8 17-10-2022" "5.9.7 30-08-2022" "5.9.6 05-04-2022" "5.9.5 11-03-2022" "5.9.4 22-02-2022" "5.9.3 25-01-2022" "5.9.2 12-03-2026" "5.9.1 30-09-2025" "5.9 05-08-2025" "5.8.13 24-06-2024" "5.8.12 30-01-2024" "5.8.11 12-10-2023" "5.8.10 16-05-2023" "5.8.9 17-10-2022" "5.8.8 30-08-2022" "5.8.7 11-03-2022" "5.8.6 06-01-2022" "5.8.5 10-11-2021" "5.8.4 09-09-2021" "5.8.3 20-07-2021" "5.8.2 12-03-2026" "5.8.1 30-09-2025" "5.8 05-08-2025" "5.7.15 24-06-2024" "5.7.14 30-01-2024" "5.7.13 12-10-2023" "5.7.12 16-05-2023" "5.7.11 17-10-2022" "5.7.10 30-08-2022" "5.7.9 11-03-2022" "5.7.8 06-01-2022" "5.7.7 10-11-2021" "5.7.6 09-09-2021" "5.7.5 12-05-2021" "5.7.4 15-04-2021" "5.7.3 09-03-2021" "5.7.2 12-03-2026" "5.7.1 30-09-2025" "5.7 05-08-2025" "5.6.17 24-06-2024" "5.6.16 30-01-2024" "5.6.15 12-10-2023" "5.6.14 16-05-2023" "5.6.13 17-10-2022" "5.6.12 30-08-2022" "5.6.11 11-03-2022" "5.6.10 06-01-2022" "5.6.9 10-11-2021" "5.6.8 09-09-2021" "5.6.7 12-05-2021" "5.6.6 15-04-2021" "5.6.5 22-02-2021" "5.6.4 03-02-2021" "5.6.3 08-12-2020" "5.6.2 12-03-2026" "5.6.1 30-09-2025" "5.6 05-08-2025" "5.5.18 24-06-2024" "5.5.17 30-01-2024" "5.5.16 12-10-2023" "5.5.15 16-05-2023" "5.5.14 17-10-2022" "5.5.13 30-08-2022" "5.5.12 11-03-2022" "5.5.11 06-01-2022" "5.5.10 10-11-2021" "5.5.9 09-09-2021" "5.5.8 12-05-2021" "5.5.7 15-04-2021" "5.5.6 30-10-2020" "5.5.5 29-10-2020" "5.5.4 01-09-2020" "5.5.3 11-08-2020" "5.5.2 12-03-2026" "5.5.1 30-09-2025" "5.5 05-08-2025" "5.4.19 24-06-2024" "5.4.18 30-01-2024" "5.4.17 12-10-2023" "5.4.16 16-05-2023" "5.4.15 17-10-2022" "5.4.14 30-08-2022" "5.4.13 11-03-2022" "5.4.12 06-01-2022" "5.4.11 10-11-2021" "5.4.10 09-09-2021" "5.4.9 12-05-2021" "5.4.8 15-04-2021" "5.4.7 30-10-2020" "5.4.6 29-10-2020" "5.4.5 10-06-2020" "5.4.4 29-04-2020" "5.4.3 31-03-2020" "5.4.2 12-03-2026" "5.4.1 30-09-2025" "5.4 05-08-2025" "5.3.21 24-06-2024" "5.3.20 30-01-2024" "5.3.19 12-10-2023" "5.3.18 16-05-2023" "5.3.17 17-10-2022" "5.3.16 30-08-2022" "5.3.15 11-03-2022" "5.3.14 06-01-2022" "5.3.13 10-11-2021" "5.3.12 11-09-2021" "5.3.11 12-05-2021" "5.3.10 15-04-2021" "5.3.9 30-10-2020" "5.3.8 29-10-2020" "5.3.7 10-06-2020" "5.3.6 29-04-2020" "5.3.5 18-12-2019" "5.3.4 12-12-2019" "5.3.3 12-11-2019" "5.3.2 13-03-2026" "5.3.1 30-09-2025" "5.3 05-08-2025" "5.2.24 24-06-2024" "5.2.23 30-01-2024" "5.2.22 12-10-2023" "5.2.21 16-05-2023" "5.2.20 17-10-2022" "5.2.19 30-08-2022" "5.2.18 11-03-2022" "5.2.17 06-01-2022" "5.2.16 10-11-2021" "5.2.15 09-09-2021" "5.2.14 12-05-2021" "5.2.13 15-04-2021" "5.2.12 30-10-2020" "5.2.11 29-10-2020" "5.2.10 10-06-2020" "5.2.9 29-04-2020" "5.2.8 12-12-2019" "5.2.7 14-10-2019" "5.2.6 05-09-2019" "5.2.5 18-06-2019" "5.2.4 21-05-2019" "5.2.3 07-05-2019" "5.2.2 13-03-2026" "5.2.1 30-09-2025" "5.2 05-08-2025" "5.1.22 24-06-2024" "5.1.21 30-01-2024" "5.1.20 12-10-2023" "5.1.19 16-05-2023" "5.1.18 17-10-2022" "5.1.17 30-08-2022" "5.1.16 11-03-2022" "5.1.15 06-01-2022" "5.1.14 21-09-2021" "5.1.13 13-05-2021" "5.1.12 15-04-2021" "5.1.11 30-10-2020" "5.1.10 29-10-2020" "5.1.9 10-06-2020" "5.1.8 29-04-2020" "5.1.7 29-04-2020" "5.1.6 14-10-2019" "5.1.5 05-09-2019" "5.1.4 13-03-2019" "5.1.3 21-02-2019" "5.1.2 13-03-2026" "5.1.1 30-09-2025" "5.1 05-08-2025" "5.0.25 24-06-2024" "5.0.24 30-01-2024" "5.0.23 12-10-2023" "5.0.22 16-05-2023" "5.0.21 17-10-2022" "5.0.20 30-08-2022" "5.0.19 11-03-2022" "5.0.18 06-01-2022" "5.0.17 21-09-2021" "5.0.16 13-05-2021" "5.0.15 15-04-2021" "5.0.14 29-10-2020" "5.0.13 10-06-2020" "5.0.12 29-04-2020" "5.0.11 12-12-2019" "5.0.10 14-10-2019" "5.0.9 05-09-2019" "5.0.8 13-03-2019" "5.0.7 09-01-2019" "5.0.6 19-12-2018" "5.0.4 13-12-2018" "5.0.3 06-12-2018" "5.0.2 13-03-2026" "5.0.1 30-09-2025" "5.0 05-08-2025" "4.9.29 24-06-2024" "4.9.28 30-01-2024" "4.9.27 12-10-2023" "4.9.26 16-05-2023" "4.9.25 17-10-2022" "4.9.24 30-08-2022" "4.9.23 11-03-2022" "4.9.22 06-01-2022" "4.9.21 13-05-2021" "4.9.20 15-04-2021" "4.9.19 29-10-2020" "4.9.18 10-06-2020" "4.9.17 29-04-2020" "4.9.16 12-12-2019" "4.9.15 14-10-2019" "4.9.14 05-09-2019" "4.9.13 13-03-2019" "4.9.12 13-12-2018" "4.9.11 02-08-2018" "4.9.10 05-07-2018" "4.9.9 17-05-2018" "4.9.8 03-04-2018" "4.9.7 06-02-2018" "4.9.6 05-02-2018" "4.9.5 16-01-2018" "4.9.4 29-11-2017" "4.9.3 16-11-2017" "4.9.2 13-03-2026" "4.9.1 30-09-2025" "4.9 05-08-2025" "4.8.28 24-06-2024" "4.8.27 30-01-2024" "4.8.26 12-10-2023" "4.8.25 16-05-2023" "4.8.24 17-10-2022" "4.8.23 30-08-2022" "4.8.22 11-03-2022" "4.8.21 06-01-2022" "4.8.20 13-05-2021" "4.8.19 15-04-2021" "4.8.18 29-10-2020" "4.8.17 10-06-2020" "4.8.16 29-04-2020" "4.8.15 12-12-2019" "4.8.14 14-10-2019" "4.8.13 05-09-2019" "4.8.12 13-03-2019" "4.8.11 13-12-2018" "4.8.10 05-07-2018" "4.8.9 03-04-2018" "4.8.8 16-01-2018" "4.8.7 29-11-2017" "4.8.6 31-10-2017" "4.8.5 19-09-2017" "4.8.4 02-08-2017" "4.8.3 08-06-2017" "4.8.2 13-03-2026" "4.8.1 30-09-2025" "4.8 05-08-2025" "4.7.32 24-06-2024" "4.7.31 30-01-2024" "4.7.30 12-10-2023" "4.7.29 16-05-2023" "4.7.28 17-10-2022" "4.7.27 30-08-2022" "4.7.26 11-03-2022" "4.7.25 06-01-2022" "4.7.24 13-05-2021" "4.7.23 15-04-2021" "4.7.22 29-10-2020" "4.7.21 10-06-2020" "4.7.20 29-04-2020" "4.7.19 12-12-2019" "4.7.18 14-10-2019" "4.7.17 05-09-2019" "4.7.16 13-03-2019" "4.7.15 13-12-2018" "4.7.14 05-07-2018" "4.7.13 03-04-2018" "4.7.12 16-01-2018" "4.7.11 29-11-2017" "4.7.10 31-10-2017" "4.7.9 19-09-2017" "4.7.8 16-05-2017" "4.7.7 20-04-2017" "4.7.6 06-03-2017" "4.7.5 26-01-2017" "4.7.4 11-01-2017" "4.7.3 06-12-2016" "4.7.2 17-07-2025" "4.7.1 24-06-2024" "4.7 30-01-2024" "4.6.30 12-10-2023" "4.6.29 16-05-2023" "4.6.28 17-10-2022" "4.6.27 30-08-2022" "4.6.26 11-03-2022" "4.6.25 06-01-2022" "4.6.24 13-05-2021" "4.6.23 29-10-2020" "4.6.22 10-06-2020" "4.6.21 29-04-2020" "4.6.20 12-12-2019" "4.6.19 14-10-2019" "4.6.18 05-09-2019" "4.6.17 13-03-2019" "4.6.16 13-12-2018" "4.6.15 05-07-2018" "4.6.14 03-04-2018" "4.6.13 16-01-2018" "4.6.12 29-11-2017" "4.6.11 31-10-2017" "4.6.10 19-09-2017" "4.6.9 16-05-2017" "4.6.8 20-04-2017" "4.6.7 06-03-2017" "4.6.6 26-01-2017" "4.6.5 11-01-2017" "4.6.4 07-09-2016" "4.6.3 16-08-2016" "4.6.2 15-07-2025" "4.6.1 24-06-2024" "4.6 30-01-2024" "4.5.33 12-10-2023" "4.5.32 16-05-2023" "4.5.31 17-10-2022" "4.5.30 30-08-2022" "4.5.29 11-03-2022" "4.5.28 06-01-2022" "4.5.27 13-05-2021" "4.5.26 29-10-2020" "4.5.25 10-06-2020" "4.5.24 29-04-2020" "4.5.23 12-12-2019" "4.5.22 14-10-2019" "4.5.21 05-09-2019" "4.5.20 13-03-2019" "4.5.19 13-12-2018" "4.5.18 05-07-2018" "4.5.17 03-04-2018" "4.5.16 16-01-2018" "4.5.15 29-11-2017" "4.5.14 31-10-2017" "4.5.13 19-09-2017" "4.5.12 16-05-2017" "4.5.11 20-04-2017" "4.5.10 06-03-2017" "4.5.9 26-01-2017" "4.5.8 11-01-2017" "4.5.7 07-09-2016" "4.5.6 21-06-2016" "4.5.5 06-05-2016" "4.5.4 26-04-2016" "4.5.3 12-04-2016" "4.5.2 15-07-2025" "4.5.1 24-06-2024" "4.5 30-01-2024" "4.4.34 12-10-2023" "4.4.33 16-05-2023" "4.4.32 17-10-2022" "4.4.31 30-08-2022" "4.4.30 11-03-2022" "4.4.29 06-01-2022" "4.4.28 13-05-2021" "4.4.27 29-10-2020" "4.4.26 10-06-2020" "4.4.25 29-04-2020" "4.4.24 12-12-2019" "4.4.23 14-10-2019" "4.4.22 05-09-2019" "4.4.21 13-03-2019" "4.4.20 13-12-2018" "4.4.19 05-07-2018" "4.4.18 03-04-2018" "4.4.17 16-01-2018" "4.4.16 29-11-2017" "4.4.15 31-10-2017" "4.4.14 19-09-2017" "4.4.13 16-05-2017" "4.4.12 20-04-2017" "4.4.11 06-03-2017" "4.4.10 26-01-2017" "4.4.9 11-01-2017" "4.4.8 07-09-2016" "4.4.7 21-06-2016" "4.4.6 06-05-2016" "4.4.5 02-02-2016" "4.4.4 06-01-2016" "4.4.3 08-12-2015" "4.4.2 15-07-2025" "4.4.1 24-06-2024" "4.4 30-01-2024" "4.3.35 12-10-2023" "4.3.34 16-05-2023" "4.3.33 17-10-2022" "4.3.32 30-08-2022" "4.3.31 11-03-2022" "4.3.30 06-01-2022" "4.3.29 13-05-2021" "4.3.28 29-10-2020" "4.3.27 10-06-2020" "4.3.26 29-04-2020" "4.3.25 12-12-2019" "4.3.24 14-10-2019" "4.3.23 05-09-2019" "4.3.22 13-03-2019" "4.3.21 13-12-2018" "4.3.20 05-07-2018" "4.3.19 03-04-2018" "4.3.18 16-01-2018" "4.3.17 29-11-2017" "4.3.16 31-10-2017" "4.3.15 19-09-2017" "4.3.14 16-05-2017" "4.3.13 20-04-2017" "4.3.12 06-03-2017" "4.3.11 26-01-2017" "4.3.10 11-01-2017" "4.3.9 07-09-2016" "4.3.8 21-06-2016" "4.3.7 06-05-2016" "4.3.6 02-02-2016" "4.3.5 06-01-2016" "4.3.4 15-09-2015" "4.3.3 18-08-2015" "4.3.2 15-07-2025" "4.3.1 24-06-2024" "4.3 30-01-2024" "4.2.39 12-10-2023" "4.2.38 16-05-2023" "4.2.37 17-10-2022" "4.2.36 30-08-2022" "4.2.35 11-03-2022" "4.2.34 06-01-2022" "4.2.33 13-05-2021" "4.2.32 29-10-2020" "4.2.31 10-06-2020" "4.2.30 29-04-2020" "4.2.29 12-12-2019" "4.2.28 14-10-2019" "4.2.27 05-09-2019" "4.2.26 13-03-2019" "4.2.25 13-12-2018" "4.2.24 05-07-2018" "4.2.23 03-04-2018" "4.2.22 16-01-2018" "4.2.21 29-11-2017" "4.2.20 31-10-2017" "4.2.19 19-09-2017" "4.2.18 16-05-2017" "4.2.17 20-04-2017" "4.2.16 06-03-2017" "4.2.15 26-01-2017" "4.2.14 11-01-2017" "4.2.13 07-09-2016" "4.2.12 21-06-2016" "4.2.11 06-05-2016" "4.2.10 02-02-2016" "4.2.9 06-01-2016" "4.2.8 15-09-2015" "4.2.7 04-08-2015" "4.2.6 23-07-2015" "4.2.5 07-05-2015" "4.2.4 27-04-2015" "4.2.3 23-04-2015" "4.2.2 15-07-2025" "4.2.1 24-06-2024" "4.2 30-01-2024" "4.1.42 12-10-2023" "4.1.41 16-05-2023" "4.1.40 17-10-2022" "4.1.39 30-08-2022" "4.1.38 11-03-2022" "4.1.37 06-01-2022" "4.1.36 13-05-2021" "4.1.35 29-10-2020" "4.1.34 10-06-2020" "4.1.33 29-04-2020" "4.1.32 12-12-2019" "4.1.31 14-10-2019" "4.1.30 05-09-2019" "4.1.29 13-03-2019" "4.1.28 13-12-2018" "4.1.27 05-07-2018" "4.1.26 03-04-2018" "4.1.25 16-01-2018" "4.1.24 29-11-2017" "4.1.23 31-10-2017" "4.1.22 19-09-2017" "4.1.21 16-05-2017" "4.1.20 20-04-2017" "4.1.19 06-03-2017" "4.1.18 26-01-2017" "4.1.17 11-01-2017" "4.1.16 07-09-2016" "4.1.15 21-06-2016" "4.1.14 06-05-2016" "4.1.13 02-02-2016" "4.1.12 06-01-2016" "4.1.11 15-09-2015" "4.1.10 04-08-2015" "4.1.9 23-07-2015" "4.1.8 07-05-2015" "4.1.7 27-04-2015" "4.1.6 23-04-2015" "4.1.5 21-04-2015" "4.1.4 18-02-2015" "4.1.3 18-12-2014" "4.1.2 30-11-2022" "4.1.1 17-10-2022" "4.1 30-08-2022" "4.0.38 11-03-2022" "4.0.37 06-01-2022" "4.0.36 13-05-2021" "4.0.35 29-10-2020" "4.0.34 10-06-2020" "4.0.33 29-04-2020" "4.0.32 12-12-2019" "4.0.31 14-10-2019" "4.0.30 05-09-2019" "4.0.29 13-03-2019" "4.0.28 13-12-2018" "4.0.27 05-07-2018" "4.0.26 03-04-2018" "4.0.25 16-01-2018" "4.0.24 29-11-2017" "4.0.23 31-10-2017" "4.0.22 19-09-2017" "4.0.21 16-05-2017" "4.0.20 20-04-2017" "4.0.19 06-03-2017" "4.0.18 26-01-2017" "4.0.17 11-01-2017" "4.0.16 07-09-2016" "4.0.15 21-06-2016" "4.0.14 06-05-2016" "4.0.13 02-02-2016" "4.0.12 06-01-2016" "4.0.11 15-09-2015" "4.0.10 04-08-2015" "4.0.9 23-07-2015" "4.0.8 06-05-2015" "4.0.7 27-04-2015" "4.0.6 23-04-2015" "4.0.5 21-04-2015" "4.0.4 20-11-2014" "4.0.3 04-09-2014" "4.0.2 30-11-2022" "4.0.1 17-10-2022" "4.0 30-08-2022" "3.9.40 11-03-2022" "3.9.39 06-01-2022" "3.9.37 13-05-2021" "3.9.36 29-10-2020" "3.9.35 10-06-2020" "3.9.34 29-04-2020" "3.9.33 12-12-2019" "3.9.32 14-10-2019" "3.9.31 05-09-2019" "3.9.30 13-03-2019" "3.9.29 13-12-2018" "3.9.28 05-07-2018" "3.9.27 03-04-2018" "3.9.26 16-01-2018" "3.9.25 29-11-2017" "3.9.24 31-10-2017" "3.9.23 19-09-2017" "3.9.22 16-05-2017" "3.9.21 20-04-2017" "3.9.20 06-03-2017" "3.9.19 26-01-2017" "3.9.18 11-01-2017" "3.9.17 07-09-2016" "3.9.16 21-06-2016" "3.9.15 06-05-2016" "3.9.14 02-02-2016" "3.9.13 06-01-2016" "3.9.12 15-09-2015" "3.9.11 04-08-2015" "3.9.10 23-07-2015" "3.9.9 07-05-2015" "3.9.8 23-04-2015" "3.9.7 21-04-2015" "3.9.6 20-11-2014" "3.9.5 06-08-2014" "3.9.4 08-05-2014" "3.9.3 16-04-2014" "3.9.2 30-11-2022" "3.9.1 17-10-2022" "3.9 30-08-2022" "3.8.41 11-03-2022" "3.8.40 06-01-2022" "3.8.39 13-05-2021" "3.8.38 29-10-2020" "3.8.37 10-06-2020" "3.8.36 29-04-2020" "3.8.35 12-12-2019" "3.8.34 14-10-2019" "3.8.33 05-09-2019" "3.8.32 21-03-2019" "3.8.31 13-12-2018" "3.8.30 05-07-2018" "3.8.29 03-04-2018" "3.8.28 16-01-2018" "3.8.27 29-11-2017" "3.8.26 31-10-2017" "3.8.25 19-09-2017" "3.8.24 16-05-2017" "3.8.23 20-04-2017" "3.8.22 06-03-2017" "3.8.21 26-01-2017" "3.8.20 11-01-2017" "3.8.19 07-09-2016" "3.8.18 21-06-2016" "3.8.17 06-05-2016" "3.8.16 02-02-2016" "3.8.15 06-01-2016" "3.8.14 15-09-2015" "3.8.13 04-08-2015" "3.8.12 23-07-2015" "3.8.11 07-05-2015" "3.8.10 23-04-2015" "3.8.9 21-04-2015" "3.8.8 20-11-2014" "3.8.7 06-08-2014" "3.8.6 14-04-2014" "3.8.5 08-04-2014" "3.8.4 23-01-2014" "3.8.3 12-12-2013" "3.8.2 30-11-2022" "3.8.1 17-10-2022" "3.8 30-08-2022")
pp "Version information"
wp_version=(`grep -oP "WordPress \K[\d.]+" $file || curl -k -L -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-links-opml.php | grep -oP "WordPress/\K[\d.]+"`)
[[ $wp_version && ${#wp_version} -le 7 ]] && cwv
if [[ ! $wp_version ]]; then year=$(curl -k -L -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/license.txt | grep -m1 -oP "Copyright [\d-]+" | cut -d " " -f2 | cut -d "-" -f2); [[ ! $year ]] && { echo "Wordpress version: Version not detected"; return 1; }; if [[ $year == 2024 ]]; then wp_version=${range[0]}; elif [[ $year == 2023 ]]; then wp_version=${range[1]}; elif [[ $year == 2022 ]]; then wp_version=${range[2]}; elif [[ $year == 2021 ]]; then wp_version=${range[3]}; elif [[ $year == 2020 ]]; then wp_version=${range[4]}; elif [[ $year == 2019 ]]; then wp_version=${range[5]}; else wp_version=$wp_version; fi; echo "Wordpress version: $wp_version"; fi
}
plugins(){
flagz=()
releases_plugins=("1-flash-gallery 1.9.0" "360-view 1.1.0" "0-day-analytics 4.9.0" "404-error-monitor 1.1" "404page 11.4.8" "alley-elementor-widget 1.0.7" "amp-wp 1.5.18" "article-analytics 1.0" "admire-extra 1.7" "all-video-gallery 1.2" "best-addons-for-elementor 1.0.5" "backend-designer 1.4" "confirm-user-registration 2.1.5" "custom-field-bulk-editor 1.9.1" "clio-grow-form 1.0.4" "cluevo-lms 1.13.3" "dx-delete-attached-media 2.0.6" "database-peek 1.2" "defend-wp-firewall 1.1.6" "demomentsomtres-classify-on-publish 201703020805" "easy-prayer 1.2" "external-login 1.11.2" "fusedesk 6.8" "fastcgi-cache-purge-and-preload-nginx 2.1.5" "free-product-sample 1.4.2" "firedrum-email-marketing 1.69" "gn-publisher 1.5.27" "gf-infusionsoft 1.2.7" "hana-flv-player 3.1.3" "hello-in-all-languages 1.0.6" "iq-testimonials 2.2.7" "infusionsoft-official-opt-in-forms 2.0.3" "instagrate-to-wordpress 1.4" "imagemagick-sharpen-resized-images 1.1.7" "jay-login-register 2.6.05" "kevins-plugin 2.0.0" "kiwi-logo-carousel 1.7.4" "lock-your-updates 1.1" "leanpress 1.0.0" "media-author 1.0.4" "motors-car-dealership-classified-listings 1.4.106" "material-design-for-contact-form-7 2.6.5" "mediabay-lite 1.6" "navigation-tree-elementor 1.0.1" "ninjafirewall 4.8.4" "ovic-import-demo 1.6.4" "photo-gallery-pearlbells 4.0" "paytm-payments 2.8.7" "per-page-add-to 1.4.4" "paymaya-checkout-for-woocommerce 1.3.4" "quiz-maker 6.7.1.19" "quick-audio-player 1.0.2" "rotatingtweets 1.9.10" "svgator 1.3.5" "social-discussions 6.2.1" "simple-google-photos-grid 1.6" "thinkun-remind 1.1.4" "teachpress 9.0.12" "twwc-protein 1.0.24" "utech-world-time-for-wp 1.0" "ultimate-gutenberg 2.5.1" "voting-record 2.0" "woo-cart-count-shortcode 1.1.1" "wp-fiddle 1.0" "wp-fevents-book 0.46" "wp-ultimate-recipe 3.13.0" "wp-post-category-notifications 1.0" "xtremelocator 3.0.1" "xpro-addons-beaver-builder-elementor 1.5.7" "yet-another-webclap-for-wordpress 0.2" "yada-wiki 3.6" "zweb-social-mobile 1.0.0" "zeno-font-resizer 1.8.2")
vulns_plugins=("1180px-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'class'.Shortcode.Attribute MEDIUM" "0-day-analytics 4.1.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "3d-photo-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.4.27 Authenticated.(Auhtor+).Stored.Cross-Site.Scripting.via.PDF.Page.Labels MEDIUM" "3d-flipbook-dflip-lite 2.3.67 DOM-Based.Reflected.Cross-Site.Scripting.via.'pdf-source' MEDIUM" "3d-flipbook-dflip-lite 2.3.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.3.42 Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "360-sphere-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "12-step-meeting-list 3.18.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.16.6 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "12-step-meeting-list 3.16.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "12-step-meeting-list 3.16.6 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "3dvieweronline-wp 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "404-page 1.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "012-ps-multi-languages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "404-error-monitor No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.updatePluginSettings.Function MEDIUM" "404page 11.4.8 Reflected.Cross-Site.Scripting MEDIUM" "17track No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "123-chat-videochat No.known.fix Video.Chat.<=.1.3.1.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "3d-presentation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "1-decembrie-1918 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "5-sterrenspecialist 1.5 Reflected.Cross-Site.Scripting HIGH" "360-product-rotation No.known.fix Reflected.XSS MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "360deg-javascript-viewer 1.7.30 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'coating_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'infill_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'printer_text' MEDIUM" "3dprint-lite 2.1.3.7 Authenticated.(Admin+).SQL.Injection.via.'material_text' MEDIUM" "3dprint-lite 2.1.3.6 Cross-Site.Request.Forgery MEDIUM" "3dprint-lite 2.1 Settings.Update.via.CSRF MEDIUM" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "5centscdn No.known.fix Reflected.Cross-Site.Scripting HIGH" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "4-author-cheer-up-donate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "1-jquery-photo-gallery-slideshow-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "10centmail-subscription-management-and-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "1003-mortgage-application No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "3d-image-gallery 2.0.0 Missing.Authorization MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "3d-avatar-user-profile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "1-click-backup-restore-database-by-sunbytes No.known.fix Missing.Authorization MEDIUM" "3-word-address-validation-field 4.0.16 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "1-click-migration 2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "1-click-migration No.known.fix Unauthenticated.Information.Disclsoure MEDIUM" "1-click-migration 2.3 Cross-Site.Request.Forgery.to.Backup.Process.Cancellation MEDIUM" "1-click-migration 2.3 Unauthenticated.Sensitive.Information.Exposure.via.Database.Backup.in.class-ocm-backup.php MEDIUM" "4stats No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "4ecps-webforms No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "404-solution 3.1.1 Authenticated.(Admin+).SQL.Injection.via.'filterText'.Parameter MEDIUM" "404-solution 2.35.20 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.18 Missing.Authentication.to.Sensitive.Information.Exposure MEDIUM" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "2d-tag-cloud-widget-by-sujin No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "avchat-3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "animation-addons-for-elementor 2.4.6 Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "animation-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Slider.and.Tabs.Widget.Elementor.Template MEDIUM" "ai-image-generator-lab No.known.fix Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "adsmiddle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-elementor-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "ai-seo-translator 1.6.3 Cross-Site.Request.Forgery.via.update_integration_option MEDIUM" "ai-auto-tool No.known.fix 2.3.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation MEDIUM" "ai-auto-tool No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-auto-tool 2.2.8 Subscriber+.SQLi HIGH" "ai-auto-tool 2.1.3 Missing.Authorization MEDIUM" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "arkhe-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arkhe-blocks 2.27.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block.attributes MEDIUM" "arkhe-blocks 2.27.0 Contributor+.Stored.XSS MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "ajax-content-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "accessibility-checker 1.31.1 Missing.Authorization MEDIUM" "accessibility-checker 1.31.1 Missing.Authorization MEDIUM" "accessibility-checker 1.30.1 Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "autoptimize 3.1.15 Contributor+.Stored.XSS.via.'ao_post_preload'.Meta.Value MEDIUM" "autoptimize 3.1.15 Contributor+.Stored.XSS.via.Lazy-loaded.Image.Attributes MEDIUM" "autoptimize 3.1.14 Contributor+.Stored.XSS MEDIUM" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "arconix-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.19 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.17 Reflected.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.16 Reflected.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "arconix-shortcodes 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "affiliate-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advance-portfolio-grid 1.07.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "assistant-for-nextgen-gallery No.known.fix Unauthenticated.Arbitrary.Directory.Deletion HIGH" "at-internet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Admin+.SQL.Injection MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "awin-advertiser-tracking 2.0.1 Product.Feed.Generation.via.CSRF MEDIUM" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "acl-floating-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "a-team-showcase No.known.fix Missing.Authorization MEDIUM" "ad-inserter-pro 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "add-ribbon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "advanced-event-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "about-author 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "ajs-footnotes No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "appsero-helper 1.3.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "appsero-helper 1.3.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "agile-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "anchor-episodes-index 2.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor_episodes.Shortcode MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "ad-inserter 2.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "ad-inserter 2.8.1 Ad.Manager.and.AdSense.Ads..<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.38 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "advance-wp-query-search-filter No.known.fix Reflected.XSS.via.taxo_ajax HIGH" "advance-wp-query-search-filter No.known.fix Reflected.XSS.via.counter HIGH" "advance-wp-query-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "amazing-neo-icon-font-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "appointmind 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "appointmind 4.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "animation-addons-for-elementor-pro 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "amp-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ai-related-products No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "antideo-email-validator 1.0.11 Unauthenticated.SQL.Injection HIGH" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.7 Admin+.Stored.XSS LOW" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "atelier-create-cv No.known.fix Settings.Update.via.CSRF MEDIUM" "auto-featured-image-from-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "author-discussion No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "add-to-header No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "animategl No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "airdrop No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "analytics-unbounce No.known.fix Cross-Site.Request.Forgery MEDIUM" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "admin-menu-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ajax-wp-query-search-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aitasi-coming-soon No.known.fix Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "ari-fancy-lightbox 1.4.1 Contributor+.Stored.XSS MEDIUM" "ari-fancy-lightbox 1.3.18 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "ai-content 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "add-fields-to-checkout-page-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "automatically-hierarchic-categories-in-menu 2.0.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "ays-slider 2.7.1 Responsive.Slider.and.Carousel.<.2.7.1.-.Cross-Site.Request.Forgery.to.Arbitrary.Slider.Deletion MEDIUM" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "apollo13-framework-extensions 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'a13_alt_link'.Parameter MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "advanced-floating-content 3.8.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "access-code-feeder No.known.fix CSRF MEDIUM" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apptivo-business-site 5.4 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "apptivo-business-site No.known.fix Cross-Site.Request.Forgery.to.IP.Address.Block MEDIUM" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "ayyash-studio No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "activecampaign-subscription-forms 8.1.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "advanced-classifieds-and-directory-pro 3.3.0 Cross-Site.Request.Forgery MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "analyse-uploads No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "auto-attachments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "autolisticle-automatically-update-numbered-list-articles 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatorwp 5.3.7 Missing.Authorization.To.Authenticated.(Subscriber+).Remote.Code.Execution.via.Automation.Creation HIGH" "automatorwp 5.3.8 Authenticated.(Subscriber+).Missing.Authorization.to.Multiple.Functions MEDIUM" "automatorwp 5.2.5 Authenticated.(Administrator+).SQL.Injection MEDIUM" "automatorwp 5.2.6 Authenticated.(Administrator+).SQL.Injection.via.field_conditions HIGH" "automatorwp 5.2.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "automatorwp 5.1.0 Reflected.Cross-Site.Scripting.via.a-0-o-search_field_value CRITICAL" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "appmaps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "aa-audio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auyautochat-for-wp No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "accept-sagepay-payments-using-contact-form-7 2.1 Unauthenticated.Information.Exposure MEDIUM" "april-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "april-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "april-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "aiomatic-automatic-ai-content-writer 2.5.1 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.5.1.-.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "aiomatic-automatic-ai-content-writer 2.3.9 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.9.-.Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "aiomatic-automatic-ai-content-writer 2.3.7 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrator.Actions MEDIUM" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "adifier-system 3.1.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "amilia-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addonify-wishlist 2.0.16 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Cross-Site.Request.Forgery.to.Activation.Status.Update MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "amr-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appsplate No.known.fix Unauthenticated.SQL.Injection HIGH" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "astra-widgets 1.2.17 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adif-log-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-builder No.known.fix Missing.Authorization MEDIUM" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "auction-feed No.known.fix Cross-Site.Request.Forgery MEDIUM" "anytrack-affiliate-link-manager 1.5.5 Missing.Authorization MEDIUM" "aio-contact No.known.fix Missing.Authorization MEDIUM" "aio-contact No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "apptha-slider-gallery No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "aphorismus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "auto-thumbnailer No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "amazon-auto-links No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "amazon-auto-links 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "affiliate-toolkit-starter 3.7.4 Cross-Site.Request.Forgery MEDIUM" "affiliate-toolkit-starter 3.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atkp_product.Shortcode MEDIUM" "affiliate-toolkit-starter 3.6 Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "arforms No.known.fix Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "arforms No.known.fix Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "azurecurve-floating-featured-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliatewp-external-referral-links 1.2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-chatgpt-assistant 2.7.6 Missing.Authorization.to.Unauthenticated.API.Key.Modification MEDIUM" "ays-chatgpt-assistant 2.7.1 Unauthenticated.Server-Side.Request.Forgery.via.'pinecone_url'.Parameter MEDIUM" "ays-chatgpt-assistant 2.7.1 Missing.Authorization.to.Unauthenticated.Media.File.Uploads MEDIUM" "ays-chatgpt-assistant 2.6.7 Unauthenticated.Information.Exposure HIGH" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "att-youtube No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ai-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.22 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "abcapp-creator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "amministrazione-aperta 3.8 Admin+.LFI LOW" "appointment-booking-calendar 1.3.97 Missing.Authorization.to.Arbitrary.Booking.Confirmation.via.'cpabc_ipncheck'.Parameter MEDIUM" "appointment-booking-calendar 1.3.96 Missing.Authorization MEDIUM" "appointment-booking-calendar 1.3.93 Missing.Authorization MEDIUM" "appointment-booking-calendar 1.3.93 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "ai-wp-writer 3.8.4.5 Cross-Site.Request.Forgery MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "axima-payment-gateway 2.7 Cross-Site.Request.Forgery MEDIUM" "advanced-notifications 1.2.8 Missing.Authorization MEDIUM" "aa-block-country No.known.fix Unauthenticated.IP.Address.Spoofing.via.X-Forwarded-For.Header MEDIUM" "all-in-one-seo-pack 4.9.3 Contributor+.AI.Access.Token.and.Credit.Disclosure LOW" "all-in-one-seo-pack 4.9.1.1 Contributor+.SQL.Injection MEDIUM" "all-in-one-seo-pack 4.8.7 Subscriber+.Information.Exposure MEDIUM" "all-in-one-seo-pack 4.9.0 Contributor+.Arbitrary.Media.Deletion LOW" "all-in-one-seo-pack 4.8.7.2 Contributor+.Sensitive.Information.Exposure LOW" "all-in-one-seo-pack 4.8.7.2 Missing.Authorization LOW" "all-in-one-seo-pack 4.8.2 Contributor+.Stored.XSS.via.Post.Meta.Description.and.Canonical.URL MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ark-core 1.71.0 Unauthenticated.Remote.Code.Execution CRITICAL" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "admin-in-english-with-switch No.known.fix Cross-Site.Request.Forgery MEDIUM" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "acme-divi-modules No.known.fix Missing.Authorization MEDIUM" "admin-cleanup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aryo-activity-log 2.11.2 Unauthenticated.Stored.XSS.via.Event.Context HIGH" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "ayo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'color'.Shortcode.Attribute MEDIUM" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "alt-text-generator 1.8.4 Missing.Authorization.to.Authenticated.(Subscriber+).API.Key.Deletion MEDIUM" "affiliate-reviews 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.numColumns.Parameter MEDIUM" "append-extensions-on-pages No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "amp-enhancer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.AMP.Custom.CSS.Setting MEDIUM" "advanced-options-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atec-duplicate-page-post 1.2.21 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Duplication.and.Data.Exposure MEDIUM" "abandoned-contact-form-7 No.known.fix Missing.Authorization MEDIUM" "acf-link-picker-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "artificial-intelligence-auto-content-generator No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "ai-copilot No.known.fix Missing.Authorization MEDIUM" "awesome-event-booking 2.8.5 Reflected.Cross-Site.Scripting MEDIUM" "awesome-event-booking 2.8.0 Cross-Site.Request.Forgery MEDIUM" "awesome-event-booking 2.7.5 Missing.Authorization MEDIUM" "awesome-event-booking 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "awesome-shortcodes 1.7.3 Reflected.XSS HIGH" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "affiliate-tools-viet-nam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "aardvark-plugin No.known.fix Missing.Authorization MEDIUM" "author-box-with-different-description No.known.fix Cross-Site.Request.Forgery MEDIUM" "add-multiple-marker 1.3 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "accordions 2.3.16 Missing.Authorization MEDIUM" "accordions 2.3.16 Missing.Authorization MEDIUM" "accordions 2.3.12 Contributor+.PHP.Object.Injection MEDIUM" "accordions 2.2.100 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "addonify-quick-view 2.0.5 Missing.Authorization MEDIUM" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "aawp-obfuscator No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "add-to-all 2.2.0 Contributor+.Stored.XSS MEDIUM" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "acf-city-selector No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "acf-city-selector 1.15.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "app-ads-txt 1.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "awesome-studio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "anycomment No.known.fix Missing.Authorization MEDIUM" "anycomment No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "anycomment No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "azz-anonim-posting No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "add-to-cart-button-labels-for-woocommerce 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aplazo-payment-gateway 1.5.0 Missing.Authorization.to.Unauthenticated.Order.Status.Manipulation MEDIUM" "automatic-featured-images-from-videos 1.2.8 Missing.Authorization MEDIUM" "automatic-featured-images-from-videos 1.2.5 Missing.Authorization MEDIUM" "apa-register-newsletter-form No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "ahathat No.known.fix Cross-Site.Request.Forgery.to.AHA.Page.Deletion MEDIUM" "ahathat No.known.fix Authenticated.(Administrator+).SQL.Injection.via.id.Parameter MEDIUM" "ahathat No.known.fix Reflected.XSS.via.REQUEST_URI MEDIUM" "ahathat No.known.fix Admin+.SQL.Injection MEDIUM" "advanced-what-should-we-write-about-next No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "advanced-what-should-we-write-about-next No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "arscode-ninja-popups No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "asmember No.known.fix Admin+.Stored.XSS LOW" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "add-product-frontend-for-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "appmysite 3.15.1 Missing.Authorization MEDIUM" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "aftership-woocommerce-tracking 1.17.18 Missing.Authorization MEDIUM" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "appy-pie-connect-for-woocommerce 1.1.3 Unauthenticated.Privilege.Escalation CRITICAL" "ablocks No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Modification MEDIUM" "ablocks 1.9.3 Contributor+.Stored.XSS MEDIUM" "ablocks 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-tag-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-post-thumbnail 4.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Thumbnail.Modification MEDIUM" "auto-post-thumbnail 4.2.0 Authenticated.(Author+).Server-Side.Request.Forgery HIGH" "auto-post-thumbnail 4.1.3 Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 4.1.4 Author+.SSRF MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "appbanners No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "alert-me No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "appointy-appointment-scheduler No.known.fix Cross-Site.Request.Forgery.to.Settings.Change MEDIUM" "accessibility-toolbar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accessibility-toolbar 2.1.0 Cross-Site.Request.Forgery MEDIUM" "ajax-hits-counter No.known.fix Missing.Authorization MEDIUM" "ab-testing-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.97.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.92.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "admin-note No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "automotive 18.7 Unauthenticated.SQL.Injection HIGH" "acf-google-font-selector-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-google-plus-one-social-share-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "auto-listings 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-lazy-load No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aicomments 1.4.2 Cross-Site.Request.Forgery MEDIUM" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "animated-icon-banner-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-botkit-for-lead-generation 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "aba-payway-woocommerce-payment-gateway 2.1.5 Reflected.XSS HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "advanced-cf7-database No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "antibots 1.50 Missing.Authorization MEDIUM" "advanced-post-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "anonymous-restricted-content 1.6.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "ar-for-woocommerce 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard 2.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard 2.6 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard 2.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "adforest-elementor 3.0.12 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "authentication-and-xmlrpc-log-writer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "adirectory 3.0.4 Missing.Authorization MEDIUM" "adirectory 2.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "adirectory 1.9 Unauthenticated.PHP.Object.Injection HIGH" "adirectory 1.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "appreview No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "avaibook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addfunc-mobile-detect No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content-pipelines No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "adstxt-guru-connect 1.1.2 Cross-Site.Request.Forgery MEDIUM" "alt-monitoring No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "adiaha-hotel No.known.fix Missing.Authorization MEDIUM" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "age-restriction No.known.fix Subscriber+.Privilege.Escalation HIGH" "age-restriction No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "age-restriction No.known.fix Unauthenticated.Arbitrary.File.Read/Write CRITICAL" "all-in-one-bannerWithPlaylist No.known.fix AllInOne.-.Banner.with.Playlist.<=.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-bannerWithPlaylist No.known.fix AllInOne.-.Banner.with.Playlist.<=.3.8.-.Authenticated.(Contributor+).SQL.Injection MEDIUM" "aio-shortcodes 1.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ableplayer 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ableplayer 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.preload.Parameter MEDIUM" "availability No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-search-by-my-solr-server No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "add-custom-codes 5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "add-custom-codes 5.0 Missing.Authorization MEDIUM" "add-custom-codes 5.0 Cross-Site.Request.Forgery MEDIUM" "add-custom-codes 5.0 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "arcadeready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auphonic-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "azurecurve-shortcodes-in-comments No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "aeropage-sync-for-airtable 3.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "aeropage-sync-for-airtable 3.3.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ai-site-builder No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation CRITICAL" "ace-user-management No.known.fix Subscriber+.Authentication.Bypass.via.Password.Rest HIGH" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "append-content No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "acf-frontend-form-element 3.28.24 Unauthenticated.Stored.Cross-Site.Scripting.via.'update_field' HIGH" "acf-frontend-form-element 3.28.26 Missing.Authorization.to.Unauthenticated.Arbitrary.Data.Deletion.via.'delete.post'.Form.Element CRITICAL" "acf-frontend-form-element 3.28.30 Unauthenticated.Privilege.Escalation.to.Administrator.via.Role.Form.Field CRITICAL" "acf-frontend-form-element 3.28.21 Unauthenticated.Arbitrary.Options.Update CRITICAL" "acf-frontend-form-element 3.28.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "acf-frontend-form-element 3.28.8 Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "acf-frontend-form-element 3.25.18 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.25.2 Unauthenticated.SQL.Injection MEDIUM" "acf-frontend-form-element 3.25.1 Unauthenticated.Privilege.Escalation HIGH" "acf-frontend-form-element 3.25.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "absolute-addons No.known.fix Missing.Authorization MEDIUM" "absolute-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "armember-membership 4.0.52 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "application-passwords No.known.fix Reflected.Cross-Site.Scripting.via.reject_url MEDIUM" "ajax-comment-form-cst No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "ai-image-alt-text-generator-for-wp No.known.fix Missing.Authorization MEDIUM" "ai-image-alt-text-generator-for-wp 1.1.6 Missing.Authorization MEDIUM" "ai-image-alt-text-generator-for-wp 1.1.2 Missing.Authorization MEDIUM" "ai-image-alt-text-generator-for-wp No.known.fix Subscriber+.Sensitive.Information.Exposure MEDIUM" "ai-image-alt-text-generator-for-wp 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "akismet-htaccess-writer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "attention-bar No.known.fix Contributor+.SQLi MEDIUM" "all-in-one-forms 1.3.19 Authenticated.(Admin+).Arbitrary.File.Upload.via.Zip.Import HIGH" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "age-gate 3.6.0 Missing.Authorization MEDIUM" "age-gate 3.5.4 Unauthenticated.Local.PHP.File.Inclusion.via.'lang' CRITICAL" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "awcode-toolkit 1.0.19 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aco-product-labels-for-woocommerce 1.5.11 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-ai-lite 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-thumbnailsBanner No.known.fix AllInOne.-.Banner.with.Thumbnails.<=.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-thumbnailsBanner No.known.fix AllInOne.-.Banner.with.Thumbnails.<=.3.8.-.Authenticated.(Contributor+).SQL.Injection MEDIUM" "attachments-handler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "all-bootstrap-blocks 1.3.29 Missing.Authorization MEDIUM" "all-bootstrap-blocks 1.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.20 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "awesome-surveys No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-performance-accelerator No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "all-in-one-performance-accelerator 1.3 Missing.Authorization MEDIUM" "all-social-share-options No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2026.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2025.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2025.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2025.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Host.Header MEDIUM" "advanced-iframe 2025.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2025.0 Unauthenticated.Settings.Update MEDIUM" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "acf-yandex-maps-field No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-wordpress No.known.fix Cross-Site.Request.Forgery MEDIUM" "ar-for-wordpress 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-wordpress 7.4 Missing.Authorization.to.Unauthenticated.Limited.File.Upload LOW" "ar-for-wordpress 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "anac-xml-viewer 1.8.3 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "anac-xml-viewer 1.7.1 Admin+.Stored.XSS LOW" "alphabetic-pagination 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "artibot No.known.fix Reflected.Cross-Site.Scripting.via.PostMessage MEDIUM" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "awesome-fitness-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amen No.known.fix Admin+.Stored.XSS LOW" "azurecurve-bbcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Shortcode MEDIUM" "admin-menu-groups No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "aco-woo-dynamic-pricing 4.5.10 Authenticated.(Shop.Manager+).Arbitrary.Code.Execution HIGH" "aco-woo-dynamic-pricing 4.5.9 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db 2.0.3 Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aparat-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anonymize-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-alt-text 2.5.3 Cross-Site.Request.Forgery MEDIUM" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "all-in-one-music-player No.known.fix Authenticated.(Contributor+).Path.Traversal.via.theme.Parameter MEDIUM" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "annie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "alert-box-block 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Box.Block MEDIUM" "alert-box-block 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "audio-editor-recorder 2.2.4 Unauthenticated.Information.Exposure MEDIUM" "audio-editor-recorder 2.2.2 Missing.Authorization MEDIUM" "aweber-web-form-widget 7.3.21 Admin+.Stored.XSS LOW" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "aggregator-advanced-settings No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "adverts-click-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adverts-click-tracker No.known.fix Missing.Authorization MEDIUM" "awesome-progess-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "additional-order-filters-for-woocommerce 1.23 Cross-Site.Request.Forgery MEDIUM" "additional-order-filters-for-woocommerce 1.22 Reflected.Cross-Site.Scripting MEDIUM" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "am-lottieplayer 3.5.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Lottie.File MEDIUM" "author-showcase No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "appexperts No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "appexperts No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "appexperts 1.4.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "appexperts 1.4.5 Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "another-wordpress-classifieds-plugin 4.4.4 Unauthenticated.Information.Exposure MEDIUM" "another-wordpress-classifieds-plugin No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "aruba-hispeed-cache 3.0.3 Missing.Authorization.to.Unauthenticated.Plugin's.Settings.Modification MEDIUM" "aruba-hispeed-cache 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "aruba-hispeed-cache 3.0.5 Missing.Authorization MEDIUM" "aruba-hispeed-cache 3.0.3 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "autowp-ai-content-writer-rewriter No.known.fix Missing.Authorization MEDIUM" "autowp-ai-content-writer-rewriter 2.0.9 Cross-Site.Request.Forgery MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "ai-post-generator No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Post/Page.Deletion MEDIUM" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "accounting-for-woocommerce 1.6.9 Unauthenticated.Local.File.Inclusion CRITICAL" "accounting-for-woocommerce 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accounting-for-woocommerce 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "ap-background No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ap-background No.known.fix Cross-Site.Request.Forgery MEDIUM" "ap-background No.known.fix 3.8.2.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload.via.advParallaxBackAdminSaveSlider.Function HIGH" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "addonskit-for-elementor 1.1.7 Contributor+.Stored.XSS MEDIUM" "activitytime 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "activitytime 1.1.0 Unauthenticated.SQL.Injection HIGH" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appender No.known.fix Missing.Authorization MEDIUM" "auto-load-next-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "alleaktien-quantitativ No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ap-plugin-scripteo 5.1 Missing.Authorization MEDIUM" "ap-plugin-scripteo No.known.fix Multi-Purpose.WordPress.Advertising.Manager.<=.4.95.-.Unauthenticated.SQL.Injection.via.site_id HIGH" "ap-plugin-scripteo No.known.fix Multi-Purpose.WordPress.Advertising.Manager.<=.4.89.-.Unauthenticated.Time-Based.SQL.Injection.via.bsa_pro_id' HIGH" "ap-plugin-scripteo No.known.fix Multi-Purpose.WordPress.Advertising.Manager.<=.4.89.-.Unauthenticated.SQL.Injection.via.oid HIGH" "ap-plugin-scripteo No.known.fix Multi-Purpose.WordPress.Advertising.Manager.<=.4.89.-.Cross-Site.Request.Forgery.to.PHP.Code.Injection.in.bsaCreateAdTemplate HIGH" "ap-plugin-scripteo No.known.fix Multi-Purpose.WordPress.Advertising.Manager.<=.4.89.-.Unauthenticated.SQL.Injection HIGH" "ap-plugin-scripteo No.known.fix Multi-Purpose.WordPress.Advertising.Manager.<=.4.89.-.Unauthenticated.Local.File.Inclusion.to.Remote.Code.Execution CRITICAL" "ap-plugin-scripteo No.known.fix Multi-Purpose.WordPress.Advertising.Manager.<=.4.89.-.Unauthenticated.Local.File.Inclusion HIGH" "ap-plugin-scripteo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ap-plugin-scripteo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ap-plugin-scripteo 4.89 Multi-Purpose.WordPress.Advertising.Manager.<.4.89.-.Unauthenticated.SQL.Injection HIGH" "any-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "alttext-ai 1.10.18 Missing.Authorization MEDIUM" "alttext-ai 1.9.94 Missing.Authorization MEDIUM" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "altra-side-menu No.known.fix Abitrary.Menu.Deletion.via.CSRF MEDIUM" "altra-side-menu No.known.fix Admin+.SQL.Injection MEDIUM" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "ai-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-product-fields-for-woocommerce 1.6.19 Missing.Authorization MEDIUM" "advanced-product-fields-for-woocommerce 1.6.18 Cross-Site.Request.Forgery.to.Product.Field.Group.Duplication.and.Publication MEDIUM" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "achilles-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "awesome-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "add-widget-after-content 2.5 Admin+.Stored.XSS LOW" "auto-tag-links No.known.fix Cross-Site.Request.Forgery MEDIUM" "accessibility-by-audioeye 1.1.0 Missing.Authorization MEDIUM" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ajax-filter-posts 3.4.14 Reflected.Cross-Site.Scripting.via.argsArray['read_more_text'] MEDIUM" "ajax-filter-posts No.known.fix Missing.Authorization MEDIUM" "ajax-filter-posts 3.4.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ajax-filter-posts 3.4.13 Missing.Authorization.to.Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.12 Contributor+.Stored.XSS MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "aioseo-multibyte-descriptions No.known.fix Cross-Site.Request.Forgery MEDIUM" "aweber-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "annuncifunebri-onoranza 4.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Options.Deletion MEDIUM" "admin-bookmarks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "anyclip-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anyclip-media No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "alt-manager 1.8.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Post.Title MEDIUM" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-wc-analytics No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ab-categories-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "ancient-world-linked-data-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-iframe 2.0 Contributor+.XSS.via.Shortcode MEDIUM" "auto-iframe 1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.tag.Parameter MEDIUM" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amadiscount No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ajar-productions-in5-embed No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ajar-productions-in5-embed 3.1.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "awesome-timeline No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-contentSlider No.known.fix AllInOne.-.Content.Slider.<=.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-contentSlider No.known.fix AllInOne.-.Content.Slider.<=.3.8.-.Authenticated.(Contributor+).SQL.Injection MEDIUM" "advanced-custom-fields-table-field 1.3.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Table.Cell.Content MEDIUM" "ajax-woosearch No.known.fix Unauthenticated.SQL.Injection HIGH" "arielbrailovsky-viralad No.known.fix Unauthenticated.SQL.Injection HIGH" "arielbrailovsky-viralad No.known.fix Unauthenticated.SQL.Injection HIGH" "ali2woo-lite 3.5.4 Open.Redirect HIGH" "ali2woo-lite 3.4.7 Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.4 PHP.Object.Injection.via.CSRF HIGH" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "announcer 6.0.1 Missing.Authorization MEDIUM" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "all-in-one-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "agency-toolkit 1.0.25 Missing.Authorization MEDIUM" "agency-toolkit 1.0.24 Unauthenticated.Arbitrary.Options.Update CRITICAL" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "automatic-translation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "are-you-robot-recaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adminify 4.0.7.8 Unauthenticated.Sensitive.Information.Exposure.via.'get-addons-list'.REST.API MEDIUM" "adminify 4.0.7 Missing.Authorization MEDIUM" "adminify 4.0.7 Missing.Authorization MEDIUM" "adminify 4.0.1.7 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "agile-store-locator 1.6.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "agile-store-locator 1.5.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "agile-store-locator 1.5.3 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "admin-menu-post-list No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "amz-configurator-core No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "am-login-logo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aoa-downloadable No.known.fix Unauthenticated.SSRF HIGH" "aoa-downloadable No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "auto-date-year-month 2.0.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "advanced-custom-css No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliator-lite No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "analytics-insights 6.3 Open.Redirect MEDIUM" "animated-number-counters 2.2 Editor+.Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "advanced-post-list No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "admin-menu-editor 1.15 Cross-Site.Request.Forgery MEDIUM" "admin-menu-editor 1.14.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.placeholder.Parameter MEDIUM" "appten-image-rotator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "a-gateway-for-pasargad-bank-on-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "awesome-wp-image-gallery No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-wp-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-accessibility 1.16 Missing.Authorization MEDIUM" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "asgaros-forum 3.3.0 Cross-Site.Request.Forgery.to.Subscription.Settings.Update MEDIUM" "asgaros-forum 3.2.0 Unauthenticated.SQL.Injection HIGH" "asgaros-forum 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "asgaros-forum 3.1.0 Subscriber+.Authorization.Bypass MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "alphaomega-captcha-anti-spam No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "addonify-compare-products 1.1.18 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "administrator-z 2025.03.30 Authenticated.(Admin+).Directory.Traversal LOW" "administrator-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "administrator-z No.known.fix Contributor+.Stored.XSS MEDIUM" "administrator-z 2025.03.27 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "administrator-z 2024.10.21 Subscriber+.SQL.Injection HIGH" "ameliabooking 2.0 Employee+.Privilege.Escalation HIGH" "ameliabooking 2.0 Missing.Authorization MEDIUM" "ameliabooking 2.0.0 Missing.Authorization.to.Unauthenticated.Multiple.AJAX.Actions MEDIUM" "ameliabooking 1.2.37 1.2.36.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.36 Unauthenticated.SQL.Injection.via.search HIGH" "ameliabooking 1.2.20 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.2.17 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "ameliabooking 1.2.5 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "admin-site-enhancements-pro 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements-pro 7.6.3 Missing.Authorization MEDIUM" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addfreestats 4.22 Missing.Authorization MEDIUM" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "athemes-addons-for-elementor-lite 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "athemes-addons-for-elementor-lite 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "athemes-addons-for-elementor-lite 1.1.4 Contributor+.Local.File.Inclusion HIGH" "athemes-addons-for-elementor-lite 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "addi-simple-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apartment-management No.known.fix Unauthenticated.SQL.Injection HIGH" "apartment-management No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "apartment-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "apartment-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "apartment-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "apartment-management No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "apartment-management No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "aumenu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "alink-tap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "abcsubmit No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "aapanel-wp-toolkit 1.2 1.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation.via.auto_login().Function HIGH" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "authorsy 1.0.7 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "authorsy 1.0.6 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "animated-al-list No.known.fix Reflected.XSS HIGH" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "albumreviewer No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "awesome-hooks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adwork-media-ez-content-locker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "academy-pro 3.3.9 Unauthenticated.Sensitive.Information.Exposure.via.'enqueue_social_login_script' MEDIUM" "academy-pro 3.3.8 Unauthenticated.Privilege.Escalation.via.Social.Login.Addon HIGH" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "aqua-svg-sprite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "apk-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 15 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "admin-and-client-message-after-order-for-woocommerce 15 Missing.Authorization.to.Unauthenticated.User.Impersonation.in.Order.Messages MEDIUM" "admin-and-client-message-after-order-for-woocommerce 14 Unauthenticated.Arbitrary.File.Read HIGH" "admin-and-client-message-after-order-for-woocommerce 13.3 Authenticated.(Subscriber+).Limited.File.Upload.to.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "author-work-in-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordion-slider-gallery No.known.fix Missing.Authorization MEDIUM" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auction-nudge 7.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "amazon-product-in-a-post-plugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "accelerated-mobile-pages 1.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.1.10 Cross-Site.Request.Forgery.to.Comment.Submission MEDIUM" "accelerated-mobile-pages 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.99.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "acf-recent-posts-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avif-support 1.1.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "avif-support 1.1.1 Author+.Stored.XSS.via.SVG.Uplaod MEDIUM" "advanced-database-cleaner 3.1.7 Cross-Site.Request.Forgery MEDIUM" "advanced-database-cleaner 3.1.7 Settings.Manipulation.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "amr-personalise No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "amr-cron-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "authnet-cim-for-woo No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "aibuddy-openai-chatgpt No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "advanced-advertising-system No.known.fix Open.Redirect MEDIUM" "advanced-advertising-system No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "amberlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "ai-text-to-speech 3.0.4 Missing.Authorization MEDIUM" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "all-in-one-bannerRotator No.known.fix Banner.Rotator.<=.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-bannerRotator No.known.fix Banner.Rotator.<=.3.8.-.Authenticated.(Contributor+).SQL.Injection MEDIUM" "admin-options-pages 0.9.8 Reflected.Cross-Site.Scripting HIGH" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-content-generation No.known.fix Missing.Authorization MEDIUM" "ai-content-generation 1.2.6 Missing.Authorization MEDIUM" "awesome-logo-carousel-block 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sliderId.Parameter MEDIUM" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "add-custom-google-tag-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "anac-xml-render No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "author-bio-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "attach-gallery-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "anchor-smooth-scroll No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "app-builder No.known.fix Unauthenticated.Privilege.Escalation.via.'role'.Parameter MEDIUM" "app-builder 5.5.8 Missing.Authorization MEDIUM" "app-builder 5.3.8 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-dewplayer No.known.fix Missing.Authorization MEDIUM" "alpha-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'alpha_block_css'.Post.Meta MEDIUM" "alike No.known.fix WordPress.Custom.Post.Comparison.<=.3.0.1.-.Reflected.Cross-Site.Scripting MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "ajax-rating-with-custom-login No.known.fix Unauthenticated.SQL.Injection HIGH" "aklamator-infeed No.known.fix Reflected.XSS HIGH" "aklamator-infeed No.known.fix Admin+.Stored.XSS LOW" "ask-me-anything-anonymously No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "addons-for-elementor-builder 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "aeroscroll-gallery No.known.fix Unauthenticated.Directory.Traversal HIGH" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "accept-authorize-net-payments-using-contact-form-7 2.6 Unauthenticated.Information.Exposure MEDIUM" "accept-authorize-net-payments-using-contact-form-7 2.3 Unauthenticated.Information.Exposure MEDIUM" "avishi-wp-paypal-payment-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "abundatrade-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "api-bing-map-2018 5.0 CSRF MEDIUM" "awa-plugins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "advanced-accordion-block 5.0.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auxin-portfolio 2.3.12 Unauthenticated.Local.File.Inclusion.via.args[extra_template_path] HIGH" "auxin-portfolio 2.3.5 Contributor+.Stored.XSS MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "awebooking No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "ai-engine 3.3.3 Editor+.Arbitrary.File.Upload HIGH" "ai-engine 3.3.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 3.3.3 Editor+.Arbitrary.File.Upload HIGH" "ai-engine 3.1.9 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 3.1.9 Subscriber+.PHP.Object.Injection.via.PHAR.Deserialization HIGH" "ai-engine 3.1.4 Unauthenticated.Privilege.Escalation CRITICAL" "ai-engine 2.9.6 Missing.Authorization.to.Unauthenticated.Uploaded.Files.Disclosure.And.Deletion MEDIUM" "ai-engine 2.9.5 2.9.4.-.Subscriber+.Arbitrary.File.Upload HIGH" "ai-engine 2.9.5 Missing.URL.Scheme.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Read.via.simpleTranscribeAudio.and.get_audio.Functions MEDIUM" "ai-engine 2.8.5 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'mwai_chatbot'.Shortcode.'id'.Parameter MEDIUM" "ai-engine 2.8.5 Insecure.OAuth.Implementation HIGH" "ai-engine 2.8.4 2.8.3.-.Subscriber+.Privilege.Escalation.via.MCP HIGH" "ai-engine 2.6.5 Admin+.SQLi MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "auxin-elements 2.17.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.Widget MEDIUM" "auxin-elements 2.17.14 Unauthenticated.Draft.Posts.Information.Exposure MEDIUM" "auxin-elements No.known.fix Missing.Authorization MEDIUM" "auxin-elements No.known.fix Unauthenticated.Information.Exposure MEDIUM" "auxin-elements 2.17.5 Missing.Authorization MEDIUM" "auxin-elements 2.17.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Staff.Widget MEDIUM" "auxin-elements 2.17.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aux_contact_box.and.aux_gmaps.Shortcodes MEDIUM" "auxin-elements 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.and.Icon.Picker.Widgets MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements 2.17.6 Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "advanced-video-player-with-analytics No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ap-google-maps No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "advanced-category-and-custom-taxonomy-image 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_tax_image.Shortcode MEDIUM" "ars-affiliate-page 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "academy 3.5.4 Missing.Authorization MEDIUM" "academy 3.5.1 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "academy 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "academy 3.3.9 Authenticated.(Administrator+).PHP.Object.Injection.via.'import_all_courses' HIGH" "academy 3.3.5 Authenticated.(Academy.Instructor+).Insecure.Direct.Object.Reference MEDIUM" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "advanced-gutenberg 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-gutenberg 3.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-gutenberg 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accessibility-plus 2.0.5 Missing.Authorization MEDIUM" "ai-quiz No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ai-quiz No.known.fix Missing.Authorization MEDIUM" "acf-cpt-options-pages No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.9.5 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.9.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-privacy-policy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "advanced-settings 3.2.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "advanced-settings 3.2.0 Cross-Site.Request.Forgery MEDIUM" "advanced-settings 3.0.2 Cross-Site.Request.Forgery MEDIUM" "autocompleter No.known.fix Cross-Site.Request.Forgery MEDIUM" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "axeptio-sdk-integration 2.5.5 Unauthenticated.Local.File.Inclusion CRITICAL" "add-expires-headers No.known.fix Missing.Authorization MEDIUM" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "allow-php-execute No.known.fix Authenticated.(Editor+).PHP.Code.Injection HIGH" "addonify-floating-cart No.known.fix Missing.Authorization MEDIUM" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "add-custom-page-template No.known.fix Authenticated.(Administrator+).PHP.Code.Injection.to.Remote.Code.Execution HIGH" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "actionwear-products-sync No.known.fix Missing.Authorization MEDIUM" "actionwear-products-sync No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "actionwear-products-sync 2.3.3 Unauthenticated.Full.Patch.Disclosure MEDIUM" "animated-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "activitypub 8.0.2 Unauthenticated.Drafts/Scheduled/Pending.Posts.Disclosure HIGH" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "affiliatex 1.4.0 1.3.9.3.-.Authenticated.(Subscriber+).Missing.Authorization.to.Stored.Cross-Site.Scripting.via.save_customization_settings MEDIUM" "affiliatex 1.4.0 Missing.Authorization MEDIUM" "affiliatex 1.2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anber-elementor-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Banner.button.link MEDIUM" "anber-elementor-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Carousel.button.link MEDIUM" "allow-html-in-category-descriptions No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Category.Descriptions MEDIUM" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allpost-contactform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "ap-honeypot No.known.fix Cross-Site.Request.Forgery MEDIUM" "animated-counters No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-blog-post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adsensei-b30 No.known.fix Reflected.Cross-Site.Scripting HIGH" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "abbie-expander No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-text-block 1.0.8 Missing.Authorization MEDIUM" "auto-post-after-image-upload No.known.fix Missing.Authorization MEDIUM" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awstats-script No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-divi 4.0.6 Contributor+.Stored.XSS MEDIUM" "addons-for-divi 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ai-responsive-gallery-album No.known.fix Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "audio-comparison-lite 3.5 Contributor+.Stored.XSS MEDIUM" "animated-pixel-marquee-creator No.known.fix Cross-Site.Request.Forgery.via.'marquee'.Parameter MEDIUM" "ai-co-pilot-for-wp 1.2.8 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "ai-co-pilot-for-wp 1.2.8 Authenticated.(Contributor+).Information.Exposure MEDIUM" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "as-english-admin No.known.fix Open.Redirection MEDIUM" "affiliateimportereb No.known.fix Reflected.XSS HIGH" "affiliateimportereb No.known.fix Reflected.XSS.via.Search HIGH" "aiktp 5.0.05 Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrator.Actions MEDIUM" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "add-admin-css 2.5 Unauthenticated.Full.Path.Dislcosure MEDIUM" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "apppresser 4.5.1 Missing.Authorization.to.Unauthenticated.Limited.Sensitive.Information.Exposure MEDIUM" "apppresser 4.4.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "apppresser 4.4.7 Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "apppresser 4.4.5 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "aviation-weather-from-noaa No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "add-polylang-support-for-customizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-reorder-image-text-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.4.42 Author+.Arbitrary.File.Upload.via.WXR.Upload.Bypass HIGH" "astra-sites 4.4.10 Cross-Site.Request.Forgery MEDIUM" "astra-sites 4.4.1 Author+.Stored.XSS MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "a-simple-multilanguage No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "admin-renamer-extended No.known.fix CSRF MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "apus-framework 2.5 Authenticated.(Subscriber+).Arbitrary.Options.Update.in.import_page_options HIGH" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adventure-bucket-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amo-team-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.amoteam_skills.Shortcode MEDIUM" "aco-wishlist-for-woocommerce 1.1.23 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Wishlist.Item.Deletion MEDIUM" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accordions-wp 3.0.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "audio4-html5 4.4.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "affiliate-coupons 1.7.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "amin-chat-button 1.4.2 Stored.XSS.via.CSRF HIGH" "amount-left-free-shipping-woocommerce 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amount-left-free-shipping-woocommerce 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "abbs-bing-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "authorsure No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "authorsure No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-images-ai 1.0.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "advanced-angular-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "another-events-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avcp 7.7.1 Reflected.Cross-Site.Scripting MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "apa-banner-slider No.known.fix Cross-Site.Request.Forgery.to.SLQ.Injection HIGH" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "album-and-image-gallery-plus-lightbox 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Plugin's.Shortcode MEDIUM" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "azonbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "accordion-panel-for-category-and-products No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-scrollbar 1.1.9 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-post-to-social-media-wp-to-social-champ 1.3.6 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-coupons-for-woocommerce-free 4.6.9 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "autogen-headers-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'head_class'.Shortcode.Parameter MEDIUM" "auto-thickbox No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.ThickBox.JavaScript.Library MEDIUM" "anant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anant-addons-for-elementor 1.1.9 Arbitrary.Plugin.Installation.via.CSRF MEDIUM" "anant-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-faq-manager 1.5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "advanced-faq-manager 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alex-reservations 2.2.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "alex-reservations 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-custom-fields 6.4.3 HTML.Injection MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "add-code-to-head No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-link-tracker No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "adwords-conversion-tracking-code No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-online-ordering-and-delivery-platform No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-custom-fields-pro 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "amazon-product-price No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "affiliate-links 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "affiliate-links 3.1.0 Missing.Authorization.to.Unauthenticated.Import/Export.and.PHP.Object.Injection HIGH" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "automation-web-platform 4.5 Missing.Authorization MEDIUM" "automation-web-platform 3.0.18 Unauthenticated.Privilege.Escalation CRITICAL" "acknowledgify 1.1.4 Missing.Authorization MEDIUM" "auto-upload-images No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "auto-upload-images 3.3.1 CSRF MEDIUM" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "ace-post-type-builder 2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Custom.Taxonomy.Deletion.via.'taxonomy'.Parameter MEDIUM" "acclectic-media-organizer No.known.fix Missing.Authorization MEDIUM" "acf-images-search-and-insert No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "afiliados-de-amazon-lite No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "afiliados-de-amazon-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "as-password-field-in-default-registration-form No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "aweos-wp-lock 1.4.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "add-replace-affiliate-links-for-amazon No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "auto-last-youtube-video No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "ahachat-messenger-marketing No.known.fix Authentication.Bypass MEDIUM" "ahachat-messenger-marketing No.known.fix Reflected.XSS HIGH" "ashe-extra 1.3 Missing.Authorization MEDIUM" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "all-in-menu No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accept-stripe-payments-using-contact-form-7 3.2 Reflected.Cross-Site.Scripting.via.failure_message MEDIUM" "accept-stripe-payments-using-contact-form-7 3.1 Unauthenticated.Information.Exposure MEDIUM" "accept-stripe-payments-using-contact-form-7 2.6 Unauthenticated.Information.Exposure MEDIUM" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "audio-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "appizy-app-embed 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "asgard No.known.fix Reflected.XSS HIGH" "auto-x-line No.known.fix Auto.x.LINE.<=.1,0,0..Unauthenticated.REST.API.Endpoints.Call HIGH" "ab-google-map-travel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "audiocase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.134 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "advanced-google-universal-analytics No.known.fix Missing.Authorization MEDIUM" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "assist24it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acf-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amazon-showcase-wordpress-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "az-content-finder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aparat-responsive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arprice No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arprice 4.2 Reflected.Cross-Site.Scripting HIGH" "arprice 4.2 Unauthenticated.PHP.Object.Injection HIGH" "arprice 4.2 Subscriber+.PHP.Object.Injection HIGH" "arprice 4.2 Unauthenticated.SQL.Injection HIGH" "arprice 4.2 Subscriber+.SQLi HIGH" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "accordion-slider-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "authldap 2.6.2 Admin+.Stored.XSS LOW" "anthologize No.known.fix Cross-Site.Request.Forgery MEDIUM" "anthologize 0.8.3 Cross-Site.Request.Forgery MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "admin-sms-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "add-categories-post-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "append-link-on-copy No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "audiotube No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-logos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-logos No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "azon-addon-js-composer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azon-addon-js-composer No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "aajoda-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-form No.known.fix Authenticated.(Admin+).PHP.Object.Injection HIGH" "admin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ays-popup-box 5.5.0 Admin+.Stored.Cross-Site.Scripting.(XSS).via.CSRF MEDIUM" "ays-popup-box 6.1.2 Cross-Site.Request.Forgery.to.Popup.Status.Change MEDIUM" "ays-popup-box 6.0.8 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 5.5.5 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.9.8 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "ays-popup-box 4.7.8 Admin+.Stored.XSS LOW" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "accordion-slider 1.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordion-slider 1.9.13 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "accordion-slider 1.9.12 Authenticted.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Attribute MEDIUM" "aec-kiosque 1.9.4 Reflected.Cross-Site.Scripting MEDIUM" "audier-elementor No.known.fix Missing.Authorization MEDIUM" "ajax-login-and-registration-modal-popup 2.25 Reflected.XSS MEDIUM" "ajax-login-and-registration-modal-popup 2.24 Author+.Stored.XSS MEDIUM" "advanced-fancybox No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "admin-login-url-change No.known.fix Missing.Authorization MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arena_embed_amp.Shortcode MEDIUM" "arena-liveblog-and-chat-tool 0.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-infos-to-the-events-calendar 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-seo 2.6.6 Stored.XSS.via.CSRF HIGH" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "advanced-google-recaptcha 1.30 Authenticated.(Subscriber+).Limited.SQL.Injection.via.'sSearch'.Parameter MEDIUM" "advanced-google-recaptcha 1.28 Built-in.Math.CAPTCHA.Bypass MEDIUM" "advanced-google-recaptcha 1.26 Brute.Force.Protection.IP.Unblock LOW" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "awsa-shipping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aone-sms No.known.fix Authentication.Bypass HIGH" "aone-sms No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "addons-for-beaver-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title'.and.'value'.Shortcode.Attributes MEDIUM" "addons-for-beaver-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "ad-blocking-detector No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-ads 2.0.15 Missing.Authorization.to.Authenticated.(Subscriber+).Ad.Placements.Update MEDIUM" "advanced-ads 2.0.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "advanced-ads 2.0.15 Editor+.Remote.Code.Execution.via.Shortcode HIGH" "advanced-ads 2.0.13 Unauthenticated.Limited.Code.Execution MEDIUM" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-comments No.known.fix Admin+.Stored.XSS LOW" "applay-shortcodes No.known.fix Shortcodes.<=.3.7.-.Authenticated.(Contributor+).PHP.Object.Injection HIGH" "addons-for-visual-composer No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-whatsapp-button 2.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "addressbook No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "authors-autocomplete-meta-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alpha-price-table-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "advance-block-extend No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TitleColor.Block.Attribute MEDIUM" "analyticswp 2.1.5 Unauthenticated.SQL.Injection HIGH" "analyticswp No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "analyticswp No.known.fix Missing.Authorization MEDIUM" "analyticswp 2.1.0 Unauthenticated.SQL.Injection HIGH" "app-template-blocks-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "allada-tshirt-designer-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "appointment-hour-booking 1.5.61 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'Min/Max.Length'.Field.Configuration MEDIUM" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "artplacer-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "artplacer-widget 2.23 Authenticated.(Contributor+).SQL.Injection MEDIUM" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "advanced-data-table-for-elementor 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acf-onyx-poll 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "advanced-custom-fields-font-awesome 5.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "authors-list 2.0.6.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Limited.Method.Call.in.Plugin's.Shortcode MEDIUM" "authors-list No.known.fix Cross-Site.Request.Forgery MEDIUM" "authors-list 2.0.6.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "authors-list 2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "accessibility-task-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admail No.known.fix Missing.Authorization MEDIUM" "amazing-service-box-visual-composer-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "allmart-core No.known.fix Unauthenticated.SQL.Injection HIGH" "allmart-core No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "add-rss No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-css3-related-posts-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "alchemist-ajax-upload No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Media.File.Deletion MEDIUM" "automatic-internal-links-for-seo 1.2.2 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "awesome-support 6.3.7 Missing.Authorization.to.Unauthenticated.Role.Demotion MEDIUM" "awesome-support 6.3.6 Authenticated.(Support.Manager+).PHP.Object.Injection HIGH" "awesome-support 6.3.7 Information.Exposure MEDIUM" "awesome-support 6.3.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "awesome-support 6.3.2 Missing.Authorization MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "ahime-image-printer No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "awesome-gallery-singsys No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acnoo-flutter-api No.known.fix Authentication.Bypass CRITICAL" "activity-link-preview-for-buddypress 1.6.0 Activity.Link.Preview.For.BuddyPress.<.1.6.0.-.Unauthenticated.Server-Side.Request.Forgery HIGH" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "add-to-feedly No.known.fix Cross-Site.Request.Forgery MEDIUM" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "advance-food-menu No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "admire-extra 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "ajax-awesome-css No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "absolute-links No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "attesa-extra 1.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attesa-extra 1.4.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content-writing-assistant No.known.fix Missing.Authorization MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "admin-menu-organizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-cufon No.known.fix Cross-Site.Request.Forgery MEDIUM" "ajax-search-for-woocommerce 1.32.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.thegem_te_search.Shortcode MEDIUM" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acf-flexible-layouts-manager No.known.fix Missing.Authorization.to.Unauthenticated.Custom.Field.Update MEDIUM" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "add-linked-images-to-gallery-v01 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aforms-eats 1.3.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "assistant 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "assistant 1.5.1.1 Authenticated.(Editor+).PHP.Object.Injection HIGH" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "a3-user-importer No.known.fix Authenticated.(Admin+).CSV.Injection MEDIUM" "affs 11.1.0 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "affs 11.1.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "awesome-tool-tip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-minifier No.known.fix Unauthenticated.SQL.Injection HIGH" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "apply-with-linkedin-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "apply-with-linkedin-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "admin-management-xtended 2.5.2 Missing.Authorization MEDIUM" "admin-management-xtended 2.4.7 Contributor+.Stored.XSS MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "appointify No.known.fix Cross-Site.Request.Forgery MEDIUM" "appointify No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "appointify No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "apply-online 2.6.7.2 Missing.Authorization MEDIUM" "apply-online 2.6.3 Unauthenticated.Application.File.Access MEDIUM" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "advanced-woo-search 3.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aws_search_terms.Shortcode MEDIUM" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-blocks-pro No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "animate No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-country-blocker 2.3.2 Unauthenticated.Authorization.Bypass MEDIUM" "affiliate-links-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-embed-addons-for-elementor 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "academist-membership 1.2 Authentication.Bypass CRITICAL" "advanced-pdf-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ai-feeds 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'aife_post_meta'.Shortcode MEDIUM" "ai-feeds 1.0.12 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-postpix 1.1.8.1 Subscriber+.Arbitrary.File.Upload HIGH" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "a3-lazy-load 2.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-bulb-finder-for-wp-wc 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "axle-demo-importer No.known.fix Author+.Arbitrary.File.Upload CRITICAL" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "accordion-and-accordion-slider 1.4.6 Missing.Authorization.to.Authenticated.(Contributor+).Attachment.Metadata.Modification MEDIUM" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "arca-payment-gateway 1.3.4 Stored.XSS.via.CSRF HIGH" "attachment-manager No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "a1post-bg-shipping-for-woocommerce 1.5.1 Privilege.Escalation.via.CSRF HIGH" "anywhere-elementor 1.2.12 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "audiomack No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-shortcodes-for-genesis No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "anonform-embedded-secure-form 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apocalypse-meow 23.0.0 Authenticated.(Administrator+).SQL.Injection.via.'type'.Parameter MEDIUM" "autocatset No.known.fix Cross-Site.Request.Forgery MEDIUM" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "advertising-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ayecode-connect 1.3.9 Missing.Authorization MEDIUM" "audio-album 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acymailing 9.11.1 Reflected.Cross-Site.Scripting MEDIUM" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "ai-preloader No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "attendance-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "analytics-tracker 1.1.1 XSS MEDIUM" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "advanced-appointment-booking-scheduling No.known.fix Cross-Site.Request.Forgery MEDIUM" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "auto-ftp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "add-image-to-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "anyguide No.known.fix Cross-Site.Request.Forgery MEDIUM" "auto-prune-posts 3.1.0 Cross-Site.Request.Forgery MEDIUM" "auto-prune-posts 3.0.0 Admin+.Stored.XSS LOW" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "atarim-visual-collaboration 4.2.2 Missing.Authorization MEDIUM" "atarim-visual-collaboration 4.3.2 Missing.Authorization MEDIUM" "atarim-visual-collaboration 4.2.2 Unauthenticated.Information.Exposure MEDIUM" "atarim-visual-collaboration 4.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "atarim-visual-collaboration 4.2.2 Unauthenticated.Information.Exposure MEDIUM" "atarim-visual-collaboration 4.2.2 Unauthenticated.Privilege.Escalation CRITICAL" "atarim-visual-collaboration 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 4.0.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 4.1.0 Missing.Authorization.to.Authenticated.(Subscriber+).Project.Page/File.Deletion MEDIUM" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "acf-to-rest-api No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).ACF.Field/Option.Modification MEDIUM" "acf-to-rest-api No.known.fix Unauthenticated.Information.Exposure MEDIUM" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "amazon-associate-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "administrative-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'login'.and.'logout'.Shortcode.Attributes MEDIUM" "administrative-shortcodes No.known.fix Authenticated.(Contributor+).Local.File.Inclusion.via.'slug'.Shortcode.Attribute HIGH" "advanced-woo-labels 2.37 Authenticated.(Contributor+).Remote.Code.Execution.via.'callback'.Parameter HIGH" "advanced-woo-labels 2.16 Contributor+.Stored.XSS MEDIUM" "advanced-woo-labels 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 4.7.5 Reflected.Cross-Site.Scripting.via.'vi'.Parameter MEDIUM" "all-in-one-video-gallery 4.7.1 4.6.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.User.Meta.Update MEDIUM" "all-in-one-video-gallery 4.7.1 Missing.Authorization.to.Unauthenticated.Bunny.Stream.Video.Creation/Deletion MEDIUM" "all-in-one-video-gallery 4.6.4 Authenticated.(Author+).Arbitrary.File.Upload.via.VTT.Upload.Bypass HIGH" "all-in-one-video-gallery 4.6.4 4.5.7..Authenticated.(Author+).Arbitrary.File.Upload.via.Import.ZIP HIGH" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "addons-for-elementor 8.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piechart_settings.Parameter MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "autopilot 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "awesome-responsive-photo-gallery 1.2 Missing.Authorization MEDIUM" "awesome-responsive-photo-gallery 2.1 Reflected.Cross-Site.Scripting MEDIUM" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "acf-extended 0.9.2.2 Unauthenticated.Privilege.Escalation HIGH" "acf-extended 0.9.2 0.9.1.1.-.Unauthenticated.Remote.Code.Execution.in.prepare_form CRITICAL" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "a4-barcode-generator 3.4.11 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "automatic-ban-ip No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "archive-page 1.0.3 Contributor+.Stored.XSS MEDIUM" "awesome-twitter-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "all-in-one-wp-migration 7.98 Admin+.Stored.XSS LOW" "all-in-one-wp-migration 7.90 Unauthenticated.PHP.Object.Injection HIGH" "all-in-one-wp-migration 7.87 Authenticated.(Administrator+).Arbitrary.PHP.Code.Injection HIGH" "all-in-one-wp-migration 7.87 Unauthenticated.Information.Disclosure.via.Error.Logs MEDIUM" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "alt-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "apimo No.known.fix Missing.Authorization MEDIUM" "apimo No.known.fix Settings.Update.via.CSRF MEDIUM" "absolute-reviews 1.1.4 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Criteria.Name MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "add-user-meta No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "arconix-faq 1.9.7 Missing.Authorization MEDIUM" "arconix-faq 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "agreeme-checkboxes-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "arrow-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "appointment-buddy-online-appointment-booking-by-accrete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "article-directory No.known.fix Admin+.Stored.XSS LOW" "awesome-gallery No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accessibe 2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "accessibe 2.11 Missing.Authorization MEDIUM" "accessibe 2.11 Cross-Site.Request.Forgery MEDIUM" "accessibe 2.6 Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "activity-reactions-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-hotel-booking 1.0.4 Incorrect.Authorization.to.Unauthenticated.Arbitrary.Booking.Modification MEDIUM" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.14 Contributor+.Sensitive.Information.Disclosure LOW" "addon-elements-for-elementor-page-builder 1.13.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.table_saved_sections MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Missing.Authorization MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "authentication-via-otp-using-firebase No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "advanced-speed-increaser No.known.fix Cross-Site.Request.Forgery MEDIUM" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "auto-scroll-for-reading No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "author-box-after-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-for-seo 1.2.10 Missing.Authorization MEDIUM" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "attire-blocks 1.9.7 Cross-Site.Request.Forgery MEDIUM" "attire-blocks 1.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "altima-lookbook-free-for-woocommerce No.known.fix Refletced.Cross-Site.Scripting MEDIUM" "advanced-control-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-control-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anything-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ahmeti-wp-guzel-sozler No.known.fix Cross-Site.Request.Forgery MEDIUM" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "awesome-contact-form7-for-elementor 3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-contact-form-integration-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "add-search-to-menu 5.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'menu_gcse'.and.'nothing_found_text'.Parameters MEDIUM" "add-search-to-menu 5.5.13 Missing.Authorization MEDIUM" "add-search-to-menu 5.5.10 Admin+.Stored.XSS LOW" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ark-relatedpost 2.20 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "aptivada-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-random-posts No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "aio-time-clock-lite 2.0.4 Missing.Authorization.to.Page.Creation.and.Information.Exposure MEDIUM" "aio-time-clock-lite 2.0.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.Clocking.In/Out MEDIUM" "aio-time-clock-lite 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "aio-time-clock-lite 1.3.326 Cross-Site.Request.Forgery MEDIUM" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "ach-invoice-app No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "alobaidi-captcha No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "acf-views 3.7.20 Author+.Remote.Code.Execution.via.SSTI HIGH" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "asynchronous-javascript No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner-pro 3.2.11 Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "address-bar-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-lite 4.13.4 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "ajax-search-lite 4.13.2 Missing.Authorization.to.Unauthenticated.Basic.Information.Exposure.via.ASL_Query.in.AJAX.Search.Handler MEDIUM" "ajax-search-lite 4.12.5 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.4 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "all-push-notification No.known.fix Authenticated.(Administrator+).SQL.Injection.via.'delete_id'.Parameter MEDIUM" "all-push-notification No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-push-notification No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "all-push-notification No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ajax-load-more 7.8.2 Incorrect.Authorization.to.Unauthenticated.Private/Draft.Post.Title.and.Excerpt.Exposure MEDIUM" "ajax-load-more 7.6.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ajax-load-more 7.4.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.3.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.3 Ajax.Load.More.<.7.1.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "ajax-load-more 2.11.2 Local.File.Inclusion.(LFI) HIGH" "avatar No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "avatar No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "atp-call-now No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "adbuddy-adblocker-detection No.known.fix Admin+.Stored.XSS LOW" "atarapay-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "abcbiz-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "allaccessible 1.3.5 Subscriber+.Privilege.Escalation HIGH" "allaccessible 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "amministrazione-trasparente 9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.print_r.Function MEDIUM" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "applicantpro 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "atec-debug 1.2.23 Admin+.Arbitrary.File.Read MEDIUM" "atec-debug 1.2.23 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "atec-debug 1.2.23 Admin+.Arbitrary.File.Deletion MEDIUM" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "affiliate-disclosure-statement No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-site-enhancements 8.1.0 Missing.Authorization MEDIUM" "admin-site-enhancements 7.9.8 Authenticated.Stored.XSS.via.SVG MEDIUM" "admin-site-enhancements 7.6.10 Password.Protection.Bypass MEDIUM" "admin-site-enhancements 7.6.10 Limit.Login.Attempt.Bypass.via.IP.Spoofing MEDIUM" "admin-site-enhancements 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements 7.6.3 Missing.Authorization LOW" "admin-site-enhancements 7.5.2 Authenticated.Stored.Cross-Site.Scripting.via.SVG MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "auto-save-remote-images-drafts No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "arforms-form-builder No.known.fix Unauthenticated.Blind.Arbitrary.Shortcode.Execution MEDIUM" "arforms-form-builder 1.7.2 HTML.Injection MEDIUM" "arforms-form-builder 1.7.1 Unauthenticated.Stored.XSS MEDIUM" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "af-tell-a-friend No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "adthrive-ads No.known.fix Missing.Authorization MEDIUM" "adthrive-ads 3.9.0 Reflected.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.4 Reflected.Cross-Site.Scripting HIGH" "adthrive-ads 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.1 Missing.Authorization.to.Unauthenticated.Data/Settings.Reset MEDIUM" "advanced-typekit No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ald-login-page 1.3 .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "arabic-webfonts No.known.fix Missing.Authorization MEDIUM" "auto-login-after-registration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "agendapress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "atomchat No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Options.Update MEDIUM" "atomchat No.known.fix Missing.Authorization MEDIUM" "atomchat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "atomchat 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atomchat.Shortcode MEDIUM" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "accordion-title-for-elementor 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "abg-rich-pins No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alpack 1.1.2 Missing.Authorization.to.Unauthenticated.Premium.Feature.Activation.via.check_activate_permission.Function HIGH" "ahmeti-wp-timeline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ai-image 1.5.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "aria-font No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "aw-woocommerce-kode-pembayaran No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "accredible-certificates 1.5.0 Authenticated.(Administrator+).SQL.Injection.via.orderby.Parameter MEDIUM" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aprils-call-posts 2.2.0 Stored.XSS.via.CSRF HIGH" "ad-sliding-faq No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "admin-dashboard-rss-feed 3.4 Administrator+.Stored.XSS LOW" "activedemand 0.2.47 Missing.Authorization MEDIUM" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "alphabetical-list No.known.fix Settings.Update.via.CSRF MEDIUM" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ai-content-generator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Private.Templates.Content.Disclosure MEDIUM" "add-custom-content-after-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adminquickbar No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "adminquickbar 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "alloggio-membership 1.2 Authentication.Bypass CRITICAL" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "agecheckernet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesomepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "affiliate-wp 2.29.0 Unauthenticated.SQL.Injection HIGH" "ajax-extend No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "amocrm-webform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliates-manager-google-recaptcha-integration 1.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "anything-order-by-terms No.known.fix Missing.Authorization MEDIUM" "am-events No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "algori-pdf-viewer 1.0.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ah-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'column'.Shortcode.Attribute MEDIUM" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "artiss-currency-converter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbpress-notify-nospam 2.20 Reflected.Cross-Site.Scripting MEDIUM" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bizlibrary No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "bootstrap-modals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booked No.known.fix Authentication.Bypass MEDIUM" "bg-church-memos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brand-my-footer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "best-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "blog-designer No.known.fix Missing.Authorization MEDIUM" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "basepress-migration-tools No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "blrt-wp-embed No.known.fix Reflected.Cross-Site.Scripting HIGH" "blrt-wp-embed No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "better-section-navigation 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-media 4.7.4 4.7.3.-.Missing.Authorization.to.Unauthenticated.Information.Disclosure.via.handle_rest_pre_dispatch.Function LOW" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.10.5 Authenticated.(Shop.Manager+).Directory.Traversal LOW" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.9.1 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.7.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "blur-text 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-contact-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "banner-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bold-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bold-page-builder No.known.fix Authenticated.(Author+).Stored.DOM-based.Cross-Site.Scripting.in.Post.Grid MEDIUM" "bold-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_tabs.Shortcode MEDIUM" "bold-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_accordion_item.Shortcode MEDIUM" "bold-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'percentage'.Parameter MEDIUM" "bold-page-builder 5.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.3 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 5.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.additional_settings.Parameter MEDIUM" "bold-page-builder 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'data-text'.Parameter MEDIUM" "bold-page-builder 5.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.6 Authenticated.(Editor+).Path.Traversal LOW" "bold-page-builder 5.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.4 Missing.Authorization MEDIUM" "bold-page-builder 5.1.1 -.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "better-protected-pages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "black-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-user-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "b-slider 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "b-slider 2.0.0 Missing.Authorization MEDIUM" "b-slider 2.0.1 Gutenberg.Slider.Block.for.WP.<.2.0.1.-.Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "b-slider 2.0.1 Gutenberg.Slider.Block.for.WP.<.2.0.1.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "b-slider 2.0.0 Gutenberg.Slider.Block.for.WP.<.2.0.0.-.Authenticated.(Subscriber+).Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "b-slider 1.1.24 Gutenberg.Slider.Block.for.WP.<.1.1.24.-.Authenticated.(Contributor+).Private.Post.Disclosure.via.bsb-slider.Shortcode MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "button-generation 3.1.2 Cross-Site.Request.Forgery MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "bulk-me-now No.known.fix Reflected.XSS HIGH" "bulk-me-now No.known.fix Message.Deletion.via.CSRF MEDIUM" "bulk-me-now No.known.fix Stored.XSS.via.Shortcode HIGH" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "beek-widget-extention No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "boldgrid-backup 1.17.0 Authenticated.(Admin+).Command.Injection HIGH" "boldgrid-backup 1.16.9 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "boldgrid-backup 1.16.7 Authenticated.(Administrator+).Remote.Code.Execution.via.Backup.Settings HIGH" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "be-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bodi0s-easy-cache 0.9 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bverse-convert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bm-builder 3.16.3.3 Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "bm-builder 3.16.3.3 Authenticated.(Contributor+).Arbitrary.File.Deletion HIGH" "bm-builder 3.16.3 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.ux_cb_page_options_save MEDIUM" "bm-builder 3.16.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booster-plus-for-woocommerce 7.2.5 Reflected.Cross-Site.Scripting MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "bricksable 1.6.60 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "booking-and-rental-manager-for-woocommerce 2.6.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "booking-and-rental-manager-for-woocommerce 2.5.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "booking-and-rental-manager-for-woocommerce 2.5.5 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "booking-and-rental-manager-for-woocommerce 2.3.9 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.3.7 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.9 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "booking-and-rental-manager-for-woocommerce 2.2.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "booking-and-rental-manager-for-woocommerce 2.2.2 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "bulk-menu-edit 1.3.1 Missing.Authorization MEDIUM" "broken-link-manager No.known.fix Reflected.XSS HIGH" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "bet-sport-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "biteship No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).View.Order.Tracking.Details MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "beauty-contact-popup-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bulk-delete-users-by-email 2.0.0 User.Deletion.via.CSRF HIGH" "bulk-delete-users-by-email 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "booking-manager 2.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-manager 2.1.15 Contributor+.Booking.Deletion MEDIUM" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "broken-link-notifier 1.3.6 Missing.Authorization MEDIUM" "broken-link-notifier 1.3.1 Unauthenticated.Server-Side.Request.Forgery HIGH" "broken-link-notifier 1.3.1 Authenticated.(Contributor+).CSV.Injection MEDIUM" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bnm-blocks 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.8.17 Missing.Authorization MEDIUM" "ba-book-everything 1.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.babe-search-form.Shortcode MEDIUM" "ba-book-everything 1.6.21 Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Cross-Site.Request.Forgery.to.Email.Address.Update/Account.Takeover HIGH" "ba-book-everything 1.6.21 Unauthenticated.Arbitrary.User.Password.Reset MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "beyondcart 3.0.2 Missing.Configuration.of.JWT.Secret.to.Unauthenticated.Privilege.Escalation.via.determine_current_user.Filter CRITICAL" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "bg-patriarchia-bu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bard-extra 1.2.8 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "banner-system No.known.fix Missing.Authorization MEDIUM" "banner-system No.known.fix Privilege.Escalation HIGH" "banner-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blossomthemes-instagram-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "bluetrait-event-viewer No.known.fix Settings.Update.via.CSRF MEDIUM" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "better-bp-registration No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Export MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Order.Deletion MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Import MEDIUM" "buddytask 1.4.0 Missing.Authorization.to.Authenticated.(Subscriber+).Cross-Group.Task.Board.Access.and.Manipulation MEDIUM" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "badgearoo No.known.fix Admin+.Stored.XSS LOW" "badgearoo No.known.fix Reflected.XSS HIGH" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "bug-library 2.1.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "blockspare 3.2.14 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "blockspare 3.2.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Carousel.and.Image.Slider.Widgets MEDIUM" "blockspare 3.2.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "bit-form 2.21.11 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.21.7 Missing.Authorization.to.Unauthenticated.Workflow.Replay MEDIUM" "bit-form 2.20.4 Bit.Form.<.2.20.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "bit-form 2.17.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bit-form 2.18.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bit-form 2.18.1 Open.Redirect HIGH" "bit-form 2.17.5 Authenticated.(Administrator+).Server-Side.Request.Forgery LOW" "bit-form 2.17.4 Missing.Authorization.to.Authenticated.(Subscriber+).Form.Submission.Disclosure MEDIUM" "bit-form 2.15.3 Admin+.Arbitrary.File.Read LOW" "bit-form 2.13.12 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.13.11 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.13.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "banhammer 3.4.9 Unauthenticated.Protection.Mechanism.Bypass MEDIUM" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-email-assign-templates No.known.fix Missing.Authorization.to.Authorization.Bypass MEDIUM" "bp-email-assign-templates 1.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-email-assign-templates 1.6 Reflected.XSS HIGH" "bulma-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-filter 1.7.4 Contributor+.Stored.XSS MEDIUM" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "booqable-rental-reservations No.known.fix Cross-Site.Request.Forgery MEDIUM" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "bulk-role-change No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bigbuy-wc-dropshipping-connector No.known.fix Unauthenticated.IP.Spoofing.to.phpinfo().Exposure MEDIUM" "bigbuy-wc-dropshipping-connector 2.0.1 Unauthenticated.Full.Path.Disclosute MEDIUM" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "best-posts-summary No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "beeteam368-extensions-pro 2.3.5 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Deletion HIGH" "bakkbone-florist-companion 7.3.0 Reflected.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "broken-links-remover No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "blu-logistics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brave-popup-builder 0.8.4 Missing.Authorization MEDIUM" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 8.3.18 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 8.3.14 Cross-Site.Request.Forgery MEDIUM" "bdthemes-element-pack-lite 8.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Open.Street.Map.widget MEDIUM" "bdthemes-element-pack-lite 8.2.6 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "bdthemes-element-pack-lite 8.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Open.Street.Map.Widget.Marker.Content MEDIUM" "bdthemes-element-pack-lite 8.1.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.data-caption.Attribute MEDIUM" "bdthemes-element-pack-lite 5.11.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.29 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.15 Addons.for.Elementor.<.5.10.15.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.13 Missing.Authorization MEDIUM" "bdthemes-element-pack-lite 5.10.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Lightbox.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+.Stored.Cross-Site.Scripting.via.Open.Map.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "bdthemes-element-pack-lite 5.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "builderall-cheetah-for-wp No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "builderall-cheetah-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "buy-now-plus 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "baiduseo 2.1.5 Missing.Authorization MEDIUM" "baiduseo 2.0.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bootstrap-multi-language-responsive-portfolio No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bread-butter 8.0.1398 Arbitrary.File.Upload.via.CSRF MEDIUM" "bread-butter 7.5.880 Contributor+.Stored.XSS MEDIUM" "bonanza-woocommerce-free-gifts-lite No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Opt.In.Success MEDIUM" "booking-calendar-pro 11.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "boxers-and-swipers No.known.fix Author+.Stored.XSS MEDIUM" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "breeze 2.2.22 Missing.Authorization.to.Cache.Deletion MEDIUM" "breeze 2.2.22 Missing.Authorization MEDIUM" "breeze 2.2.14 Missing.Authorization MEDIUM" "breeze 2.1.15 Missing.Authorization MEDIUM" "breeze 2.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "booking-calendar-contact-form 1.2.61 Missing.Authorization.to.Unauthenticated.Arbitrary.Booking.Confirmation.via.'dex_bccf_ipn'.Parameter MEDIUM" "booking-calendar-contact-form 1.2.59 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.56 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "boo-recipes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "beacon-for-helpscout No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "button-block 1.2.1 Cross-Site.Request.Forgery MEDIUM" "button-block 1.1.6 Missing.Authorization MEDIUM" "button-block 1.2.0 Contributor+.Stored.XSS MEDIUM" "button-block 1.1.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "button-block 1.1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "buttoner-elementor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "boot-modal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bacon-ipsum No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bannerlid No.known.fix Reflected.XSS HIGH" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "back-button-widget 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bukazu-search-widget 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'shortcode'.Shortcode.Attribute MEDIUM" "bbp-api No.known.fix Missing.Authorization MEDIUM" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "booktics 1.0.17 Unauthenticated.Get.Items.via.REST.API.endpoints MEDIUM" "booktics 1.0.17 Unauthenticated.Addons.Installation MEDIUM" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "borderless 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "borderless 1.6.1 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "borderless 1.6.0 Missing.Authorization.to.Icon.Font.Deletion MEDIUM" "borderless 1.5.9 Editor+.Stored.XSS MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "browser-update-notify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bfg-tools-extension-zipper 1.0.8 Authenticated.(Administrator+).Path.Traversal.via.'first_file'.Parameter MEDIUM" "bamazoo-button-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dgs.Shortcode MEDIUM" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "basticom-framework 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "basticom-framework 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "baidushare-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "booking-ultra-pro 1.1.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.21 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.20 Reflected.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "backuply 1.4.9 Admin+.Arbitrary.File.Deletion MEDIUM" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "bp-restrict 1.5.3 Missing.Authorization.to.Unauthenticated.Tracking.Status.Update MEDIUM" "broadstreet 1.52.2 Missing.Authorization MEDIUM" "broadstreet 1.51.8 Reflected.XSS HIGH" "broadstreet 1.51.3 Contributor+.Stored.XSS MEDIUM" "broadstreet 1.52.2 Subscriber+.Stored.XSS HIGH" "broadstreet 1.52.2 Cross-Site.Request.Forgery MEDIUM" "broadstreet 1.51.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.zone.Parameter MEDIUM" "branda-white-labeling 3.4.29 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "branda-white-labeling 3.4.22 Reflected.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "bigmart-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bei-fen No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "brid-video-easy-publish 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.placeholder_img.Parameter MEDIUM" "brid-video-easy-publish 3.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "brid-video-easy-publish No.known.fix Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "brid-video-easy-publish 3.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.brid_override_yt.Shortcode MEDIUM" "brid-video-easy-publish 3.8.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "broken-link-checker-seo 1.2.7 Authenticated.(Author+).SQL.Injection MEDIUM" "broken-link-checker-seo 1.2.6 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Trashing MEDIUM" "broken-link-checker-seo 1.2.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "business-directory-plugin 6.4.21 Missing.Authorization.to.Unauthenticated.Arbitrary.Listing.Modification MEDIUM" "business-directory-plugin 6.4.22 Unauthenticated.SQL.Injection.via.payment.Parameter HIGH" "business-directory-plugin 6.4.20 Missing.Authorization MEDIUM" "business-directory-plugin 6.4.20 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 6.4.19 Missing.Authorization MEDIUM" "business-directory-plugin 6.4.15 Easy.Listing.Directories.for.WordPress.<.6.4.15.-.Insecure.Direct.Object.Reference.to.Listing.Arbitrary.Image.Addition MEDIUM" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "bulk-editor 1.0.9 Authenticated.(Editor+).SQL.Injection MEDIUM" "bulk-editor 1.0.8.6 Authenticated.(Editor+).Path.Traversal LOW" "bulk-editor 1.0.8.4 Authenticated.(Editor+).CSV.Path.Traversal LOW" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "bertha-ai-free No.known.fix Missing.Authorization MEDIUM" "bertha-ai-free No.known.fix Missing.Authorization MEDIUM" "bertha-ai-free 1.12.11 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "block-controller No.known.fix Reflected.Cross-Site.Scripting HIGH" "bootstrap-collapse No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "blockart-blocks 2.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockart-blocks 2.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'timestamp'.Attribute MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Slider.Widget MEDIUM" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "broken-images-redirection No.known.fix Cross-Site.Request.Forgery MEDIUM" "bluesnap-payment-gateway-for-woocommerce 3.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Order.Status.Manipulation HIGH" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "bbcode-deluxe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bravis-addons 1.3.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "beautiful-taxonomy-filters 2.4.4 Unauthenticated.SQL.Injection HIGH" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "boombox-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "bsecure No.known.fix 1.7.9.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.order_info.REST.Endpoint CRITICAL" "bsecure No.known.fix Unauthenticated.SQL.Injection HIGH" "boom-fest 2.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "booking-calendar-and-notification No.known.fix Unauthenticated.SQL.Injection HIGH" "booking-calendar-and-notification No.known.fix Authentication.Bypass CRITICAL" "booking-calendar-and-notification No.known.fix Missing.Authorization.via.wpcb_all_bookings,.wpcb_update_booking_post,.and.wpcb_delete_posts.Functions MEDIUM" "betpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.38 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.23 Unauthenticated.Export.File.Download MEDIUM" "bookingpress-appointment-booking 1.1.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "brodos-net-onlineshop No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blizzard-quotes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "b-blocks 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "b-blocks 2.0.7 Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.rgfr_registration.Function CRITICAL" "b-blocks 2.0.1 The.ultimate.block.collection.<.2.0.1.-.Contributor+.Stored.XSS MEDIUM" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "backlink-monitoring-manager No.known.fix Reflected.XSS HIGH" "bonway-static-block-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).SQL.Injection.via.tab.Parameter MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "bold-pagos-en-linea 3.1.5 Reflected.Cross-Site.Scripting HIGH" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "bitspecter-suite 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bon-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-x No.known.fix 1.1.2.-.Missing.Authorization.to.Unauthenticated.Sensitive.Information.Disclosure.via.export_now().Function HIGH" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "background-takeover 4.1.5 Directory.Traversal HIGH" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "builderpress No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bybrick-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "byconsole-woo-order-delivery-time No.known.fix Unauthenticated.Payment.Bypass MEDIUM" "byconsole-woo-order-delivery-time 2.5.2 Unauthenticated.Full.Path.Dsiclosure MEDIUM" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "blocks 25.09.30.1006 Admin+.Stored.XSS LOW" "brzon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "bus-ticket-booking-with-seat-reservation 5.4.4 Cross-Site.Request.Forgery MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bears-backup 2.1.0 Unauthenticated.Remote.Code.Execution CRITICAL" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "boldermail No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "blog-designer-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "bandsintown 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-country No.known.fix Cross-Site.Request.Forgery MEDIUM" "bamboo-enquiries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "builder-shortcode-extras No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bb-plugin 2.9.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'auto_play' MEDIUM" "bb-plugin 2.9.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulk-image-resizer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Options.Update MEDIUM" "bookify 1.0.10 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beacon-by 1.5.9 Cross-Site.Request.Forgery MEDIUM" "beacon-by 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-link-tracker No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "bauernregeln No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "bdvs-password-reset 0.0.17 Insecure.Password.Reset.Code.Creation HIGH" "b-tiktok-feed 1.0.24 Missing.Authorization MEDIUM" "b-tiktok-feed 1.0.22 Missing.Authorization MEDIUM" "bbp-core 2.0.0 Missing.Authorization MEDIUM" "bbp-core 1.2.6 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "b2i-investor-tools 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business-card-block 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-categories-assign No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-a-room No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "buddypress-docs 2.2.5 Subscriber+.Arbitrary.Document.Read/Update MEDIUM" "buddypress-docs 2.2.4 Reflected.Cross-Site.Scripting HIGH" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "better-chat-support 1.2.19 Missing.Authorization MEDIUM" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "beds24-online-booking 2.0.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.29 Contributor+.Local.File.Inclusion HIGH" "beds24-online-booking 2.0.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.28 Contributor+.Stored.XSS.via.beds24-link.Shortcode MEDIUM" "beds24-online-booking 2.0.26 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.25 Contributor+.Stored.XSS MEDIUM" "bbp-topic-count No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogger-image-import No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bp-member-type-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-messages-tool 2.5 Reflected.Cross-Site.Scripting MEDIUM" "block-logic 2.0.0 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "bitcoin-donate-button No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "bcm-duplicate-menu No.known.fix Cross-Site.Request.Forgery MEDIUM" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "bg-orthodox-calendar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map 2.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "board-document-manager-from-chuhpl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "boxberry No.known.fix Missing.Authorization MEDIUM" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "bitly-linker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bwl-pro-voting-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "bwl-pro-voting-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "blogbuzztime-for-wp No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "boat-rental-system No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bunnycdn 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "business-reviews-wp 1.0.16 Unauthenticated.Local.File.Inclusion HIGH" "business-reviews-wp 1.0.16 Authenticated.(Subscriber+).Directory.Traversal.to.Local.File.Inclusion HIGH" "belingogeo 1.12.1 Unauthenticated.Arbitrary.File.Download HIGH" "bp-better-messages 2.10.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "bp-better-messages 2.7.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "bp-better-messages 2.7.5 Unauthenticated.Limited.Server-Side.Request.Forgery.in.nice_links MEDIUM" "bp-better-messages 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "b1-accounting 2.2.57 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "b1-accounting 2.2.58 .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.SQL.Injection HIGH" "bbpress2-shortcode-whitelist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "best-bootstrap-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "beyot-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "beyot-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "beyot-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "backwpup 5.6.3 BackWPup.Helper+.Privilege.Escalation.via.Arbitrary.Options.Update HIGH" "backwpup 5.5.1 Missing.Authorization.to.Sensitive.Information.Exposure LOW" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "bet-wc-2018-russia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockstrap-page-builder-blocks 0.1.37 Bootstrap.Blocks.<.0.1.37.-.Contributor+.Stored.XSS MEDIUM" "bulk-image-title-attribute No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "booking-activities 1.16.45 Unauthenticated.Privilege.Escalation CRITICAL" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "b-carousel-block 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bp-social-connect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "booter-bots-crawlers-manager 1.5.8 Missing.Authorization MEDIUM" "beautiful-and-responsive-cookie-consent 4.6.2 Reflected.Cross-Site.Scripting MEDIUM" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "branding No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "bp-activity-shortcode 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "beaf-before-and-after-gallery 4.6.11 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bounce-handler-mailpoet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-system 2.9.9.6.0 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system 2.9.9.5.8 Missing.Authorization MEDIUM" "booking-system 2.9.9.5.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system 2.9.9.5.8 Stored.XSS.via.CSRF HIGH" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "bns-twitter-follow-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bukza 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "biagiotti-membership 1.1 Authentication.Bypass.via.biagiotti_membership_check_facebook_user CRITICAL" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "background-animation-blocks No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "build-app-online No.known.fix Missing.Authorization.to.Arbitrary.Post.Author.Modification.via.'build-app-online-update-vendor-product'.AJAX.Action MEDIUM" "build-app-online No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "build-app-online No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "buckets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "bulk-youtube-post-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-page-stub-creator 1.2 Reflected.Cross-Site.Scripting HIGH" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bbpress 2.6.12 Cross-Site.Request.Forgery.to.Limited.Privilege.Escalation MEDIUM" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "bulk-featured-image No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bulk-featured-image No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bulk-featured-image No.known.fix Missing.Authorization MEDIUM" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "booking-system-trafft 1.0.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "booking-system-trafft 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "book-press No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "book-press No.known.fix Missing.Authorization MEDIUM" "book-press 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "best-wp-google-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'latitude'.Shortcode.Attribute MEDIUM" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "bellows-accordion-menu 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "breadcrumb-navxt 7.5.1 Sensitive.Information.Exposure MEDIUM" "bu-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bitfire 4.6 Unauthenticated.Information.Exposure MEDIUM" "bayarcash-wc 4.3.14 Missing.Authorization MEDIUM" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boxed-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "brizy-pro No.known.fix Missing.Authorization MEDIUM" "brizy-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "brizy-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bluff-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "breaking-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogger-301-redirect No.known.fix Unauthenticated.SQL.Injection.via.br HIGH" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bravis-user No.known.fix Authentication.Bypass.to.Account.Takeover HIGH" "bknewsticker No.known.fix Cross-Site.Request.Forgery MEDIUM" "bvd-easy-gallery-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "breeze-checkout No.known.fix Missing.Authorization MEDIUM" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "billingo No.known.fix Shop.Manager+.Privilege.Escalation HIGH" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "bizcalendar-web 1.1.0.54 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "bizcalendar-web 1.1.0.35 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "better-author-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulk-user-editor No.known.fix Missing.Authorization MEDIUM" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "block-editor-bootstrap-blocks 6.6.2 Reflected.Cross-Site.Scripting.via.tab MEDIUM" "block-slider No.known.fix Missing.Authorization MEDIUM" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bsk-gravityforms-blacklist 4.0 SQLi.via.CSRF MEDIUM" "bsk-gravityforms-blacklist 3.9 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "better-search 4.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "better-search 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "benaa-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "benaa-framework No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "benaa-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "buy-now-pay-later-addi No.known.fix Missing.Authorization MEDIUM" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.6.0 Missing.Authorization MEDIUM" "bit-assist 1.5.5 Unauthenticated.Path.Traversal MEDIUM" "bit-assist 1.5.3 Subscriber+.Arbitrary.File.Read.via.fileID.Parameter MEDIUM" "bit-assist 1.5.3 Authenticated.(Subscriber+).SQL.Injection.via.id.Parameter MEDIUM" "bit-assist 1.5.3 Admin+.Arbitrary.File.Read MEDIUM" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "bravepopup-pro 0.8.0 Authentication.Bypass CRITICAL" "bulletin-announcements 3.12 Reflected.Cross-Site.Scripting HIGH" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blaze-online-eparcel-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "broadly No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "biblesupersearch 6.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.selector_height.Parameter MEDIUM" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "bruteguard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "bp-disable-activation-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "blog2social 8.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Modification MEDIUM" "blog2social 8.7.3 Incorrect.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "blog2social 8.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Trashing MEDIUM" "blog2social 8.6.1 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery.via.post_url MEDIUM" "blog2social 8.6.1 Incorrect.Authorization.to.Video.File.Upload MEDIUM" "blog2social 8.4.5 Authenticated.(Subscriber+).SQL.Injection.via.'prgSortPostType'.Parameter MEDIUM" "blog2social 8.4.0 Contributor+.Stored.XSS MEDIUM" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blog-posts-and-category-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "bookr No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Appointment.Status.Modification MEDIUM" "book-a-place No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "bns-featured-category No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbpress-simple-advert-units No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "biltorvet-dealer-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "blighty-explorer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "bma-lite-appointment-booking-and-scheduling 1.4.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bubble-menu 4.0.3 Cross-Site.Request.Forgery MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "bd-courier-order-ratio-checker No.known.fix Missing.Authorization MEDIUM" "better-random-redirect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-booking-manager 4.2.3 Administrator+.Stored.XSS LOW" "buybox-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bitformpro 2.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro 2.8.0 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "bitformpro 2.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro 2.8.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "bg-book-publisher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bu-section-editing No.known.fix Reflected.XSS HIGH" "bu-section-editing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "block-editor-gallery-slider 1.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Post.Meta.Update MEDIUM" "booknetic 4.1.5 Staff.Creation.via.CSRF HIGH" "booknetic No.known.fix Cross-Site.Request.Forgery MEDIUM" "bp-activity-plus-reloaded No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-activity-plus-reloaded No.known.fix Missing.Authorization MEDIUM" "bp-activity-plus-reloaded 1.1.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "bidorbuystoreintegrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bidorbuystoreintegrator No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "brands-for-woocommerce 3.8.6.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "buying-buddy-idx-crm 2.3.1 Contributor+.Stored.XSS MEDIUM" "buying-buddy-idx-crm 2.0.0 PHP.Object.Injection.via.CSRF HIGH" "bwl-advanced-faq-manager 2.1.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "blue-wrench-videos-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "box-now-delivery No.known.fix Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.3 Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "bitcoin-lightning-publisher 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "billplz-for-contact-form-7 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "buooy-sticky-header No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bravo-search-and-replace No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "blog-manager-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "blocks-post-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookingor No.known.fix Subscriber+.Category.Deletion MEDIUM" "bookingor 2.0.2 Missing.Authorization MEDIUM" "bold-timeline-lite 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title'.Parameter.in.'bold_timeline_group'.Shortcode MEDIUM" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "betterlinks 2.1.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "bulkpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "binlayerpress No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bitcoin-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bible-embed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "browser-caching-with-htaccess No.known.fix Cross-Site.Request.Forgery MEDIUM" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bot-block-stop-spam-google-analytics-referrals No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bne-gallery-extended 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.gallery.Shortcode MEDIUM" "booking-package 1.6.73 Reflected.Cross-Site.Scripting.via.Locale.Parameter MEDIUM" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "buddypress-members-only 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "blocksy-companion 2.1.20 Author+.Arbitrary.File.Upload.via.SVG.Upload.Bypass HIGH" "blocksy-companion 2.1.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy-companion 2.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.blocksy_newsletter_subscribe.Shortcode MEDIUM" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bux-woocommerce No.known.fix Missing.Authorization MEDIUM" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "bring-fraktguiden-for-woocommerce 1.11.5 Missing.Authorization MEDIUM" "bulk-resize-media No.known.fix CSRF MEDIUM" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bizapp-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bpmnio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bridge-core 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bridge-core 3.3.1 Missing.Authorization MEDIUM" "bridge-core 3.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bridge-core 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bridge-core 3.1.0 Reflected.XSS HIGH" "bmo-expo No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "buddyboss-platform-pro 2.7.10 Authentication.Bypass.via.Apple.OAuth.provider CRITICAL" "backup-bolt 1.5.0 Authenticated.(Admin+).Arbitrary.File.Download LOW" "backup-bolt No.known.fix Cross-Site.Request.Forgery MEDIUM" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "blockwheels No.known.fix Contributor+.Stored.XSS MEDIUM" "beerxml-shortcode 0.8 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blox-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar 3.2.31 Missing.Authorization MEDIUM" "booking-calendar 3.2.18 Unauthenticated.Time-Based.SQLi MEDIUM" "booking-calendar 3.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "booking-calendar 3.2.20 Authenticated.(Contributor+).SQL.Injection MEDIUM" "booking-calendar 3.2.16 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "burst-statistics 2.0.8 Cross-Site.Request.Forgery MEDIUM" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "bebetter-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "b-banner-slider No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "blue-captcha 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "best-css-compiler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brizy 2.7.17 Contributor+.Sensitive.Information.Exposure MEDIUM" "brizy 2.7.13 Missing.Authorization MEDIUM" "brizy 2.6.21 Missing.Authorization.to.Unauthenticated.Limited.File.Upload MEDIUM" "brizy 2.7.8 Contributor+.Stored.XSS MEDIUM" "brizy 2.6.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "brizy 2.6.5 Authenticated.(Contributor+).Arbitrary.File.Upload.via.storeUploads CRITICAL" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "backup-database No.known.fix Admin+.Stored.XSS LOW" "bookit 2.5.1 Bookit.<.2,5,1..Unauthenticated.Settings.Update MEDIUM" "bookit 2.5.1 Missing.Authorization.to.Unauthenticated.Stripe.Connection HIGH" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "brighttalk-wp-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.5 Reflected.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "birth-chart-compatibility No.known.fix Unauthenticated.Full.Path.Exposure MEDIUM" "badr-naver-syndication No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "block-for-mailchimp 1.1.13 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "baqend No.known.fix Missing.Authorization MEDIUM" "blog-stats-by-w3counter No.known.fix Cross-Site.Request.Forgery MEDIUM" "basic-interactive-world-map No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "block-spam-by-math-reloaded No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "block-spam-by-math-reloaded No.known.fix Missing.Authorization MEDIUM" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "bookster 2.2.0 Authenticated.(Administrator+).SQL.Injection.via.'raw' MEDIUM" "bookster 1.2.0 Unauthenticated.Appointment.Status.Update MEDIUM" "bmi-adultkid-calculator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bmi-adultkid-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-post-filter-widgets-for-elementor 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-xprofile-image-field 3.1.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "backwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "backwp No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "backup-backup 2.0.0 Unauthenticated.Backup.Download MEDIUM" "backup-backup 1.4.6.1 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialize_replace' HIGH" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url MEDIUM" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "bluex-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "bookme-free-appointment-booking-system No.known.fix Authenticated.(Admin+).SQL.Injection.via.'filter[status]'.Parameter MEDIUM" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "boombox-theme-extensions 1.8.1 Subscriber+.Privilege.Escalation.via.Password.Reset/Account.Takeover.in.boombox_ajax_reset_password HIGH" "boombox-theme-extensions 1.8.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "bradmax-player 1.1.28 Contributor+.Stored.XSS MEDIUM" "bunnys-print-css No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "big-boom-directory 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breezing-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "banner-garden No.known.fix Reflected.XSS HIGH" "binary-mlm-plan No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "binary-mlm-plan 5.0 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "binary-mlm-plan 5.0 Unauthenticated.SQL.Injection HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.20 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.16 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 4.0.1 Unauthenticated.Local.File.Inclusion CRITICAL" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "build-private-store-for-woocommerce 1.1 Missing.Authorization MEDIUM" "build-private-store-for-woocommerce 1.1 Cross-Site.Request.Forgery MEDIUM" "bmlt-wordpress-satellite-plugin No.known.fix Cross-Site.Request.Forgery.to.Settings.Creation.and.Deletion MEDIUM" "bxslider-integration No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bee-layer-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bluet-keywords-tooltip-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bluet-keywords-tooltip-generator 5.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-notifications-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "broken-link-finder 2.5.1 Authenticated.(Author+).Blind.Server-Side.Request.Forgery MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "backup-and-move No.known.fix Missing.Authorization MEDIUM" "beaver-builder-lite-version 2.10.0.6 Authenticated.(Custom+).Missing.Authorization.to.Stored.Cross-Site.Scripting.via.Global.Settings MEDIUM" "beaver-builder-lite-version 2.9.4.2 Contributor+.Remote.Code.Execution HIGH" "beaver-builder-lite-version 2.9.4.2 Subscriber+.Arbitrary.Beaver.Builder.Post.Update MEDIUM" "beaver-builder-lite-version 2.9.4.1 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "beaver-builder-lite-version 2.9.4.1 Missing.Authorization.to.Authenticated.(Contributor+).Builder.Status.Tampering MEDIUM" "beaver-builder-lite-version 2.9.4.1 Missing.Authorization.to.Authenticated.(Contributor+).Global.Preset.Modification MEDIUM" "beaver-builder-lite-version 2.9.3.1 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.3 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Widget MEDIUM" "beaver-builder-lite-version 2.8.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3.7 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Group.Module MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "b-accordion No.known.fix Contributor+.Information.Exposure LOW" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "background-control No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "board-election No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 4.1.0 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "bdthemes-prime-slider-lite 4.1.0 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "bdthemes-prime-slider-lite 3.16.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.15.19 Addons.For.Elementor.(Revolution.of.a.slider,.Hero.Slider,.Ecommerce.Slider.<.3.15.19.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Blog.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "b-testimonial 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bang-tinh-lai-suat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "bootstrap-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "buddy-press-force-password-change No.known.fix Subscriber+.Account.Takeover.via.Password.Update MEDIUM" "buddyforms No.known.fix Missing.Authorization MEDIUM" "buddyforms No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "buddyforms 2.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'buddyforms_nav'.Shortcode MEDIUM" "buddyforms 2.8.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.13 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms 2.8.10 Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "bulk-image-alt-text-with-yoast 2.2.2 Bulk.Image.Alt.Text.(Alt.tag,.Alt.Attribute).with.Yoast.SEO.+.WooCommerce.<.2.2.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "bilingual-linker 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "browsing-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-wp-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bbp-move-topics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "beam-me-up-scotty No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beam-me-up-scotty 1.0.22 Reflected.Cross-Site.Scripting MEDIUM" "bulletproof-security 7.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "blockons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockons No.known.fix Missing.Authorization MEDIUM" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bmlt-tabbed-map 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bit-integrations 2.5.0 Open.Redirect HIGH" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "browser-theme-color 1.4 Settings.Update.via.CSRF MEDIUM" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "bg-hide-email-address No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "better-business-reviews 0.1.2 Missing.Authorization MEDIUM" "beeteam368-extensions No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "beeteam368-extensions 2.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "beeteam368-extensions 2.3.5 Subscriber+.Arbitrary.File.Deletion.via.Path.Traversal HIGH" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bsk-pdf-manager 3.7.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "booking 10.14.15 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Settings.Modification MEDIUM" "booking 10.14.14 Missing.Authorization.to.Unauthenticated.Booking.Details.Exposure MEDIUM" "booking 10.14.12 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "booking 10.14.11 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "booking 10.14.9 Unauthenticated.SQL.Injection.via.dates_to_check HIGH" "booking 10.14.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingcalendar.Shortcode MEDIUM" "booking 10.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.14.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpbc.Shortcode MEDIUM" "booking 10.10.1 Unauthenticated.Post-Confirmation.Booking.Manipulation MEDIUM" "booking 10.9.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'booking'.Shortcode MEDIUM" "booking 10.6.5 Admin+.Stored.XSS LOW" "booking 10.6.3 Admin+.Stored.XSS LOW" "booking 10.6.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "bee-quick-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-humanity No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "business No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beautiful-link-preview No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "basepress 2.17.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "basepress 2.16.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Database.Update MEDIUM" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "brandfolder 5.0.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "bwd-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "bwd-elementor-addons 4.3.19 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "bulk-term-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "bonjour-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'invitee_name' MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'bp_nouveau_ajax_media_save'.function MEDIUM" "buddyboss-platform 2.8.51 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'bbp_topic_title' MEDIUM" "buddyboss-platform 2.8.00 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'link_title' MEDIUM" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 2.7.60 Private.Comment.Exposure.via.IDOR MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "blog-designer-pro No.known.fix Missing.Authorization MEDIUM" "blog-designer-pro No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "blog-designer-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "browser-address-bar-color 3.4.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bugsnag 1.6.4 Cross-Site.Request.Forgery MEDIUM" "bloom 1.1.1 Privilege.Escalation HIGH" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backtotop No.known.fix Cross-Site.Request.Forgery MEDIUM" "boostify-header-footer-builder 1.3.7 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "browser-sniff No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack 8.0.0 Cross-Site.Request.Forgery MEDIUM" "bdthemes-element-pack 8.0.0 Missing.Authorization MEDIUM" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack 7.19.3 Contributor+.Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "blog-summary No.known.fix Contributor+.Stored.XSS MEDIUM" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "broken-link-checker 2.4.5 Subscriber+.Plugin.Status.Dashboard.View MEDIUM" "broken-link-checker 2.4.2 Admin+.SSRF MEDIUM" "broken-link-checker 2.4.1 Reflected.XSS HIGH" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "bp-direct-menus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 14.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "buddypress 14.4.0 Missing.Authorization MEDIUM" "buddypress 14.2.1 Authenticated.(Subscriber+).Directory.Traversal HIGH" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "bp-xprofile-custom-field-types 1.3.0 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "browse-as No.known.fix Subscriber+.Authentication.Bypass.via.Cookie HIGH" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "biagiotti-core 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-greeting-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bws-smtp 1.2.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "blaze-demo-importer 1.0.14 1.0.13.-.Missing.Authorization.to.Authenticated.(Subscriber+).Database.Reset.and.File.Deletion HIGH" "blaze-demo-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install MEDIUM" "better-wlm-api 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "better-wlm-api 1.1.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "bstone-demo-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5..Unauthenticated.Blind.Stored.XSS MEDIUM" "bp-profile-as-homepage No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bwl-kb-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breaking-news-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breaking-news-wp No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "bookalet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "bot-for-telegram-on-woocommerce 1.2.7 Missing.Authorization MEDIUM" "bot-for-telegram-on-woocommerce No.known.fix Subscriber+.Authentication.Bypass HIGH" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "buk-appointments 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 4.3.4 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "betterdocs 4.1.2 Missing.Authorization.to.Private.And.Password-Protected.Posts.Information.Disclosure MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "confirm-user-registration No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "catch-dark-mode 2.0.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "catch-dark-mode 2.1 Contributor+.Local.File.Inclusion HIGH" "contact-form-ready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "contact-page-with-google-map No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cbxpetition 2.0.0 Unauthenticated.SQLi HIGH" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "chaty 3.5.2 Unauthenticated.Information.Exposure MEDIUM" "chaty 3.3.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "clinked-client-portal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinked-client-portal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "csv-sumotto No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "crm-customer-relationship-management-by-vcita 2.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita 2.8.0 Susbcriber+.Widget.Toggle MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.1 Settings.Update.Via.CSRF HIGH" "consulting-elementor-widgets 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "consulting-elementor-widgets 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "coder-elementor No.known.fix Missing.Authorization MEDIUM" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "category-post-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "css-live No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "current-age 1.7 Cross-Site.Request.Forgery MEDIUM" "cookie-script-com 1.2.2 Missing.Authorization MEDIUM" "cwd-stealth-links No.known.fix Unauthenticated.SQL.Injection HIGH" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "calais-auto-tagger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clearbit No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "content-writer 3.6.9 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "countdown-with-background No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "calculator-builder 1.6.3 Unauthenticated.Local.File.Inclusion HIGH" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "covermanager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "centangle-team No.known.fix Cross-Site.Request.Forgery.To.Plugin's.Settings.Modification.And.Stored.Cross-Site.Scripting MEDIUM" "callphoner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "custom-database-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-database-applications-by-caspio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "custom-icons-for-elementor 0.3.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "category-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "community-yard-sale No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-images 1.9.6 Missing.Authorization MEDIUM" "content-glass-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.6.33 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Creation MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Updates/Deletions MEDIUM" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "caching-compatible-cookie-optin-and-javascript 0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conveythis-translate No.known.fix Missing.Authorization MEDIUM" "conveythis-translate 269.3 Missing.Authorization MEDIUM" "conveythis-translate 269.2 Admin+.PHP.Object.Injection MEDIUM" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "contentlock 1.0.4 Settings.Update.via.CSRF MEDIUM" "contentlock 1.0.4 Email.Adding.via.CSRF MEDIUM" "contentlock 1.0.4 Groups/Emails.Deletion.via.CSRF MEDIUM" "carta-online No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "cm-invitation-codes 2.5.7 Open.Redirect MEDIUM" "cm-invitation-codes 3.3.8 Missing.Authorization MEDIUM" "conditional-payments-for-woocommerce 3.3.1 Cross-Site.Request.Forgery MEDIUM" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "cackle No.known.fix Cross-Site.Request.Forgery MEDIUM" "cc-child-pages 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'child_pages'.Shortcode MEDIUM" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "click-pledge-wpjobboard 25.09000000-WP6.8.2-JB5.12.0 Unauthenticated.SQLi HIGH" "custom-checkout-fields-for-woocommerce 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-business-directory 1.5.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cm-business-directory 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-business-directory 1.4.2 Reflected.XSS HIGH" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "callbackkiller-service-widget No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Settings.Update MEDIUM" "custom-content-scrollbar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ct-real-estate-core 3.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cool-tag-cloud No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cool-tag-cloud No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-grid-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "course-redirects-for-learndash No.known.fix Cross-Site.Request.Forgery MEDIUM" "cookies-and-content-security-policy 2.35 Unauthenticated.Information.Exposure MEDIUM" "currency-converter-widget-pro 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "css-javascript-toolbox 12.0.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "css-javascript-toolbox 12.0.3 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "cg-scroll-to-top No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clickbank-niche-storefronts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "conditional-shipping-for-woocommerce 3.4.1 Cross-Site.Request.Forgery MEDIUM" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "common-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.1.30 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "cozy-addons 2.1.23 Missing.Authorization MEDIUM" "cozy-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "customcomment No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "customcomment No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "clariti 1.2.2 Missing.Authorization MEDIUM" "continue-shopping-from-cart-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-email 1.3.61 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "contact-form-to-email 1.3.59 Missing.Authorization MEDIUM" "contact-form-to-email 1.3.53 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "clicksend-lead-capture-form No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Message.Deletion MEDIUM" "cf7-redirect-thank-you-page 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "cliplink No.known.fix Cross-Site.Request.Forgery MEDIUM" "content-mask 1.8.5.3 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "content-mask No.known.fix Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "cm-pop-up-banners 1.8.5 Missing.Authorization MEDIUM" "cm-pop-up-banners 1.7.6 Reflected.XSS HIGH" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "cbxwpsimpleaccounting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-emails-for-woocommerce 3.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-no-cache 0.1.5 Unauthenticated.Arbitrary.Function.Call HIGH" "content-no-cache 0.1.3 Unauthenticated.Private.Content.Disclosure MEDIUM" "compact-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "compact-wp-audio-player 1.9.15 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "compact-wp-audio-player 1.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_embed_player.Shortcode MEDIUM" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "click-pledge-connect 25.07000000-WP6.8.1 Unauthenticated.SQL.Injection.to.Privilege.Escalation CRITICAL" "click-pledge-connect 2.24120000-WP6.7.1 Unauthenticated.SQL.Injection HIGH" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "calculate-prices-based-on-distance-for-woocommerce 1.3.6 Missing.Authorization MEDIUM" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "custom-shortcode-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "carousel-horizontal-posts-content-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-tweet No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-post-status No.known.fix Cross-Site.Request.Forgery MEDIUM" "codecolorer 0.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "codecolorer 0.10.1 CodeColorer.<.0,10,1..Admin+.Stored.Cross-Site.Scripting LOW" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cobwebo-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "custom-settings No.known.fix Admin+.Stored XSS LOW" "clickwhale 2.5.1 Authenticated.(Admin+).SQL.injection MEDIUM" "clickwhale 2.4.7 Missing.Authorization MEDIUM" "clickwhale 2.4.4 Cross-Site.Request.Forgery MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "currency-switcher-for-woocommerce 0.0.8 Cross-Site.Request.Forgery MEDIUM" "cleantalk-spam-protect 6.72 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.44 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.45 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "cf-image-resizing 1.5.7 Missing.Authentication.to.Unauthenticated.Remote.Code.Execution.via.rest_pre_dispatch.Hook CRITICAL" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "cf7-summary-and-print 1.2.6 Settings.Update.via.CSRF MEDIUM" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-type-templates-for-elementor 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.confetti-fall-animation.Shortcode MEDIUM" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cmp-coming-soon-maintenance 4.1.15 Admin+.Arbitrary.File.Upload MEDIUM" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "cp-multi-view-calendar No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cp-multi-view-calendar No.known.fix Missing.Authorization LOW" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "contact-form-7-with-chatwork No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'api_token'.and.'roomid'.Settings MEDIUM" "cf7-editor-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "cost-calculator No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.'customer_name' MEDIUM" "control-listings 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "custom-css-editor No.known.fix Missing.Authorization MEDIUM" "constant-contact-woocommerce 2.4.2 Missing.Authorization MEDIUM" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chained-quiz 1.3.6 Unauthenticated.Insecure.Direct.Object.Reference.via.Cookie MEDIUM" "chained-quiz 1.3.3 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "cyber-new-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connatix-video-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captivatesync-trade 3.3.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "captivatesync-trade 3.2.2 Unauthenticated.PHP.Object.Injection HIGH" "captivatesync-trade 2.0.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "couponer-elementor No.known.fix Missing.Authorization MEDIUM" "chillpay-payment-gateway 2.6.0 .Stored.XSS.via.CSRF HIGH" "coronavirus-covid-19-notice-message No.known.fix Admin+.Stored.XSS LOW" "charity-addon-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "charity-addon-for-elementor 1.3.3 Contributor+.Stored.XSS MEDIUM" "charity-addon-for-elementor 1.3.2 .Contributor+.Stored.XSS MEDIUM" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "custom-url-to-featured-image No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-salesforce 1.4.7 Missing.Authorization MEDIUM" "cf7-salesforce 1.4.5 Unauthenticated.Full.Path.Disclosure MEDIUM" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "categorized-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "cashbill-payment-method 3.3.0 Płatności.WooCommerce.<.3.3.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "campus-directory 1.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.noaccess_msg.Parameter MEDIUM" "campus-directory 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "cal-embedder-lite 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-script-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-getresponse-extension No.known.fix Unauthenticated.Information.Exposure MEDIUM" "cgm-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clp-custom-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crafthemes-demo-import No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload.in.process_uploaded_files HIGH" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "comment-approved-notifier-extended 5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "countdown-builder 2.9.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "countdown-builder 2.8.9 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contact-form-7-recaptcha No.known.fix Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "contact-form-7-recaptcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "clp-varnish-cache 1.0.3 Missing.Authorization MEDIUM" "cf7-zendesk 1.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-zendesk 1.1.4 Cross-Site.Request.Forgery MEDIUM" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cartboss 4.1.3 Missing.Authorization MEDIUM" "cost-calculator-builder 3.6.10 Missing.Authorization.to.Unauthenticated.Payment.Status.Bypass MEDIUM" "cost-calculator-builder 3.6.4 Unauthenticated.Arbitrary.File.Deletion HIGH" "cost-calculator-builder 3.5.33 Missing.Authorization MEDIUM" "cost-calculator-builder 3.5.33 Authenticated.(Subscriber+).Missing.Authorization.via.get_cc_orders/update_order_status.Functions HIGH" "cost-calculator-builder 3.5.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.68 Unauthenticated.SQL.Injection HIGH" "cost-calculator-builder 3.2.68 Authenticated.(Subscriber+).SQL.Injection.via.order_ids.Parameter MEDIUM" "cost-calculator-builder 3.2.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.43 Settings.update.via.CSRF MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "change-wp-url No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "check-pincode-for-woocommerce 1.2 Reflected.Cross-Site.Scripting MEDIUM" "car-demon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "country-flags-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "check-plagiarism No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "chameleon-jobs 2.5.5 Reflected.Cross-Site.Scripting HIGH" "custom-coming-soon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cloud No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "clickbank-storefront No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "cp-contact-form-with-paypal 1.3.57 Missing.Authorization.to.Unauthenticated.Arbitrary.Payment.Confirmation HIGH" "cp-contact-form-with-paypal 1.3.53 Cross-Site.Request.Forgery MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "connections No.known.fix Authenticated.(Admin+).Arbitrary.Directory.Deletion MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "conversion-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "codesnips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "complete-google-seo-scan No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "chatter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Missing.Authorization MEDIUM" "cpt-to-map-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cornerstone No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "cryptocurrency-widgets-for-elementor 1.6.5 Unauthenticated.Local.File.Inclusion HIGH" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cf7-conditional-fields 2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "color-palette No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hex.Parameter MEDIUM" "core-web-vitals-pagespeed-booster No.known.fix Missing.Authorization MEDIUM" "civi-framework 2.1.6.4 Cross-Site.Request.Forgery MEDIUM" "code-generator-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "candifly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cubewp-forms 1.1.6 Missing.Authorization MEDIUM" "cubewp-forms No.known.fix Missing.Authorization MEDIUM" "cubewp-forms 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "codepen-embed-block No.known.fix Admin+.Stored.XSS LOW" "codistoconnect No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "codistoconnect No.known.fix Powered.by.Codisto.<=.1.3.65.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-404-pro No.known.fix Authenticated.(Administrator+).SQL.Injection.via.'path'.Parameter MEDIUM" "custom-404-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "clubmember No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cooked 1.11.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.11.4 Missing.Authorization MEDIUM" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked..Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "catalog-mode-pricing-enquiry-forms-promotions 1.3 Missing.Authorization.to.Sensitive.Information.Disclosure MEDIUM" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "contribuinte-checkout 2.0.04 Stored.XSS.via.CSRF HIGH" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "cache-control-by-cacholong No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cache-control-by-cacholong No.known.fix Cross-Site.Request.Forgery MEDIUM" "capturly-optimize-your-website 2.0.2 Unauthenticated.Local.File.Inclusion CRITICAL" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Contributor+.Stored.XSS MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.livesite-pay.Shortcode MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Settings.Update.Via.CSRF MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "copypress-rest-api No.known.fix 1.2.-.Unauthenticated.Remote.Code.Execution CRITICAL" "create-posts-terms No.known.fix Cross-Site.Request.Forgery MEDIUM" "companion-auto-update 3.9.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.update_delay_days.parameter MEDIUM" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "correosoficial 1.3.0.3 Unauthenticated.Arbitrary.File.Download HIGH" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "contact-us-by-lord-linus No.known.fix Admin+.Stored.XSS.via.CSRF HIGH" "contact-us-by-lord-linus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chatplusjp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-page-extensions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-option-tree No.known.fix Authenticated.(Editor+).Information.Exposure LOW" "chamber-dashboard-business-directory No.known.fix Missing.Authorization.to.Unauthenticated.Business.Information.Export MEDIUM" "chamber-dashboard-business-directory No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.11 Missing.Authorization MEDIUM" "chamber-dashboard-business-directory 3.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "create-with-code 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clasify-classified-listing No.known.fix Reflected.XSS HIGH" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "custom-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-posts-order No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coblocks 3.1.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coblocks 3.1.14 Missing.Authorization MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "content-security-policy-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cm-header-footer-script-loader 1.2.5 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cm-header-footer-script-loader 1.2.2 Reflected.XSS HIGH" "custom-background-changer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "crelly-slider 1.4.7 Admin+.Stored.XSS LOW" "crelly-slider 1.4.6 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "cms-blocks No.known.fix Missing.Authorization MEDIUM" "contact-forms 1.9.9 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.9.5 Missing.Authorization.to.Unauthenticated.Form.Submission.Download MEDIUM" "contact-forms 1.9.3 Cross-Site.Request.Forgery.via.process_bulk_action.Function MEDIUM" "contact-forms 1.9.1 Admin+.Stored.XSS LOW" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "custom-layouts 1.5.0 Missing.Authorization MEDIUM" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "category-image No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.'tag-image'.Parameter MEDIUM" "code-snippets-cpt No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "cf7-multi-step 2.7.8 Unauthenticated.SQL.Injection HIGH" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "conversational-forms 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "contact-form-7-paypal-add-on 2.4.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.2 PayPal.&.Stripe.Add-on.<.2.3.2.-.Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "content-mirror No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clearfy 2.4.1 Cross-Site.Request.Forgery.to.Update.Notification.Tampering MEDIUM" "clearfy 2.3.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "clearfy 2.3.3 Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.'setup-wbcr_clearfy' MEDIUM" "clearfy 2.2.5 Missing.Authorization MEDIUM" "clearfy 2.3.3 Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "comfino-payment-gateway 4.1.2 Reflected.Cross-Site.Scripting HIGH" "ce21-suite No.known.fix 2.3.1.-.Unauthenticated.Privilege.Escalation.via.Plugin.Settings.Update CRITICAL" "ce21-suite No.known.fix Unauthenticated.Sensitive.Information.Exposure.to.Privilege.Escalation CRITICAL" "ce21-suite 2.2.1 Unauthenticated.Privilege.Escalation CRITICAL" "ce21-suite No.known.fix Missing.Authorization.to.Unauthenticated.Plugin.Settings.Change MEDIUM" "ce21-suite No.known.fix JWT.Token.Disclosure CRITICAL" "ce21-suite 2.2.1 Authentication.Bypass CRITICAL" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "cs-framework 7.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "cs-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "custom-field-manager No.known.fix Reflected.XSS.Vulnerability HIGH" "customer-area No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "customer-area No.known.fix Missing.Authorization MEDIUM" "customer-area 8.2.5 Bulk.Delete.via.CSRF MEDIUM" "customer-area 8.2.5 Event.Log.Deletion.via.CSRF MEDIUM" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "christian-science-bible-lesson-subjects 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "client-documentation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cf7-mollie No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "cf7-mollie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cardgate 3.2.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cardgate 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cf7-utm-tracking No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-forms-anti-spam 2.5.7 Authenticated.(Subscriber+).Missing.Authorization.to.Spam.Log.Export MEDIUM" "contact-forms-anti-spam 2.5.7 Cross-Site.Request.Forgery MEDIUM" "contact-forms-anti-spam 2.2.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Change MEDIUM" "contact-forms-anti-spam 2.1.3 Advanced.Spam.protection.<.2.1.3.-.Admin+.Stored.XSS LOW" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chaty-pro 3.3.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "connect-daily-web-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "connect-daily-web-calendar 1.5.5 Stored.XSS.via.CSRF HIGH" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "cms-commander-client No.known.fix Authenticated.(Custom+).SQL.Injection.via.'or_blogname'.Parameter HIGH" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "cecabank-woocommerce 0.3.5 Missing.Authorization MEDIUM" "cc-canadian-mortgage-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customer-reviews-woocommerce 5.98.0 Unauthenticated.Stored.Cross-Site.Scripting.via.media[].href.Parameter HIGH" "customer-reviews-woocommerce 5.94.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.displayName.Parameter MEDIUM" "customer-reviews-woocommerce 5.81.0 Unauthenticated.Stored.Cross-Site.Scripting.via.'author'.Parameter MEDIUM" "customer-reviews-woocommerce 5.62.0 Missing.Authorization.to.Authenticated.(Subscriber+).Import.Cancellation MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "custom-html-bodyhead No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "category-and-product-woocommerce-tabs No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "custom-twitter-feeds 2.3.0 Cross-Site.Request.Forgery.to.Cache.Reset.via.ctf_clear_cache_admin.Function MEDIUM" "custom-twitter-feeds 2.2.4 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.2.3 Admin+.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "case-addons 1.3.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "coronavirus-data-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contextual-related-posts 4.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "code-clone No.known.fix Authenticated.(Administrator+).SQL.Injection.via.snippetId.Parameter MEDIUM" "clearout-email-validator 3.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "cm-download-manager 3.0.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "customizer-login-page 2.1.2 Missing.Authorization MEDIUM" "cf7-sweet-alert-popup No.known.fix Cross-Site.Request.Forgery MEDIUM" "chatbot-ai-free-models 1.6.6 Unauthenticated.CSV.Injection MEDIUM" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "carousel-of-post-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "custom-related-posts 1.8.1 Unauthenticated.Information.Exposure MEDIUM" "custom-related-posts 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-related-posts 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Post.Search.and.Relation.Updates MEDIUM" "custom-api-for-wp 4.2.3 Subscriber+.Privilege.Escalation HIGH" "custom-api-for-wp 4.2.3 Unauthenticated.SQL.Injection HIGH" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "coinpayments-payment-gateway-for-woocommerce 1.0.18 Unauthenticated.PHP.Object.Injection CRITICAL" "cssjockey-add-ons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "church-admin 5.0.29 Authenticated.(Administrator+).Blind.Server-Side.Request.Forgery.via.'audio_url'.Parameter LOW" "church-admin 5.0.27 Missing.Authorization MEDIUM" "church-admin 5.0.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 5.0.10 Unauthenticated.Information.Disclosure MEDIUM" "church-admin 5.0.19 Unauthenticated.SQL.Injection HIGH" "church-admin 5.0.9 Missing.Authorization MEDIUM" "church-admin 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "chordpress No.known.fix Stored.XSS.via.CSRF HIGH" "cookie-warning No.known.fix Cross-Site.Request.Forgery MEDIUM" "cookie-warning No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "coub No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customize-my-account-for-woocommerce 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "customize-my-account-for-woocommerce 2.7.30 Reflected.Cross-Site.Scripting.via.tab.Parameter MEDIUM" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "campaign-monitor-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "cryokey No.known.fix Reflected.Cross-Site.Scripting.via.'ckemail'.Parameter MEDIUM" "cm-table-of-content 1.2.4 Stored.XSS.via.CSRF HIGH" "cm-table-of-content 1.2.3 Settings.Reset.via.CSRF MEDIUM" "captcha-eu 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "captcha-eu 1.0.62 Unauthenticated.Server-Side.Request.Forgery HIGH" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "connector-civicrm-mcrestface 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "connector-civicrm-mcrestface 1.0.11 Missing.Authorization MEDIUM" "catfolders 2.5.4 Missing.Authorization MEDIUM" "catfolders 2.5.3 Authenticated.(Author+).SQL.Injection.via.CSV.Import MEDIUM" "cool-yt-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "cds-simple-seo 2.0.32 Contributor+.Stored.XSS MEDIUM" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cazamba No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clockify-lite No.known.fix Missing.Authorization MEDIUM" "coordinadora No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "crudlab-scroll-to-top No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customize-wpadmin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cultbooking-booking-engine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-star-rating No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "custom-fields-account-registration-for-woocommerce 1.3 Authenticated.(Author+).Privilege.Escalation HIGH" "custom-fields-account-registration-for-woocommerce 1.2 Cross-Site.Request.Forgery MEDIUM" "convertpro No.known.fix Missing.Authorization MEDIUM" "cms-press No.known.fix Admin+.Stored.XSS LOW" "creta-testimonial-showcase 1.2.4 Editor+.Local.File.Inclusion HIGH" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contexto No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "cm-custom-reports 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Labels MEDIUM" "cm-custom-reports 1.2.8 Reflected.Cross-Site.Scripting.via.'date_from'.and.'date_to'.Parameters MEDIUM" "comments-secretary No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "custom-logo No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Logo.Path.Setting MEDIUM" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "clipart No.known.fix Reflected.XSS HIGH" "cpo-content-types 1.1.1 Admin+.Stored.XSS LOW" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cats-job-listings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-pdf-attachment No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "custom-post-type-date-archives No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "cubewp-framework 1.1.28 Unauthenticated.Post.Disclosure.in.class-cubewp-search-ajax-hooks.php MEDIUM" "cubewp-framework 1.1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cubewp_shortcode_taxonomy.Shortcode MEDIUM" "cubewp-framework 1.1.28 Unauthenticated.Information.Exposure MEDIUM" "cubewp-framework 1.1.28 Missing.Authorization MEDIUM" "cubewp-framework 1.1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cubewp-framework 1.1.25 Subscriber+.Privilege.Escalation HIGH" "cubewp-framework 1.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cubewp-framework 1.1.24 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "cubewp-framework No.known.fix Cross-Site.Request.Forgery MEDIUM" "cubewp-framework 1.1.16 Missing.Authorization MEDIUM" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cookiehint-wp No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "cookiehint-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ctuser No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "course-booking-system 6.1.6 Missing.Authorization.to.Unauthenticated.Booking.Data.Export MEDIUM" "course-booking-system 6.1.3 Reflected.Cross-Site.Scripting HIGH" "course-booking-system 6.1.1 Missing.Authorization MEDIUM" "course-booking-system 6.0.7 Unauthenticated.SQL.Injection HIGH" "clyp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "comparimager-elementor No.known.fix Missing.Authorization MEDIUM" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "catch-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crumber-elementor No.known.fix Missing.Authorization MEDIUM" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "checkout-for-paypal 1.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chart-expert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contests-from-rewards-fuel 2.0.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "collect-and-deliver-interface-for-woocommerce 5.5.6 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "csv-to-sorttable No.known.fix Contributor+.LFI MEDIUM" "csv-to-sorttable No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cresta-addons-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-google-sheets-connector 5.0.18 Missing.Authorization MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "chat2 4.1 Stored.XSS.via.CSRF HIGH" "common-tools-for-site No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "civic-cookie-control-8 1.54 Missing.Authorization MEDIUM" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.2 XSS MEDIUM" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "cf7-styler 1.7.3 Unauthenticated.Local.File.Inclusion HIGH" "cf7-styler No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.9 Reflected.XSS MEDIUM" "cf7-styler 1.6.9 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "cmsmasters-content-composer 1.4.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cmsmasters-content-composer 2.5.7 Unauthenticated.Local.File.Inclusion HIGH" "cmsmasters-content-composer 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "carousel No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "custom-banners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "custom-dashboard-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cue 2.4.5 Missing.Authorization MEDIUM" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "contact-form-by-supsystic No.known.fix Reflected.XSS HIGH" "contact-form-by-supsystic 1.7.30 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.saveAsCopy.AJAX.Action MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Admin+).Remote.Code.Execution HIGH" "contact-form-by-supsystic 1.7.28 CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "code-snippets 3.9.5 Cloud.Snippet.Download/Update.Actions.via.CSRF MEDIUM" "code-snippets 3.9.2 Contributor+.PHP.Code.Injection.via.extract().and.PHP.Filter.Chains HIGH" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "cryptocurrency-widgets-pack No.known.fix Missing.Authorization MEDIUM" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "consensu-io 1.0.4 Unauthenticated.Settings.Update MEDIUM" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cbxwpbookmark 2.0.5 Authenticated.(Subscriber+).SQL.Injection.via.'orderby'.Parameter MEDIUM" "cbxwpbookmark 2.0.2 Missing.Authorization MEDIUM" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "custom-css 2.4.2 Cross-Site.Request.Forgery.to.Remote.Code.Exectuiron HIGH" "custom-css 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "chessgame-shizzle 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "catch-duplicate-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "croma-music 3.6.1 Authenticated.(Subscriber+).Arbitrary.Options.Update.in.ironMusic_ajax HIGH" "custom-simple-rss 2.0.7 CSRF MEDIUM" "css3-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "curatorio 1.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "curatorio 1.9.2 Contributor+.Stored.XSS MEDIUM" "cs-element-bucket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpi-wp-migration No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "call-now-button 1.5.5 Authenticated.(Subscriber+).Missing.Authorization.to.Multiple.Functions MEDIUM" "call-now-button 1.5.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Settings.Update MEDIUM" "call-now-button 1.4.14 Cross-Site.Request.Forgery MEDIUM" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "conference-scheduler 2.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "carrrot No.known.fix Admin+.Stored.XSS LOW" "calendar-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "codescar-radio-widget No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "colour-smooth-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coreactivity 2.7.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "cnvrse No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "croprefine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "crypto No.known.fix Missing.Authentication.to.Unauthenticated.Limited.File.Deletion MEDIUM" "crypto No.known.fix .Unauthenticated.Information.Exposure.via.Global.Authentication.State MEDIUM" "crypto 2.16 Cross-Site.Request.Forgery.to.Authentication.Bypass HIGH" "crypto 2.19 Authentication.Bypass.via.log_in CRITICAL" "crypto 2.20 Authentication.Bypass.via.register CRITICAL" "category-ajax-filter 2.8.3 Unauthenticated.Local.File.Inclusion CRITICAL" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "chart-builder 3.6.4 Cross-Site.Request.Forgery MEDIUM" "chart-builder 3.6.0 Missing.Authentication.for.Administrative.Function MEDIUM" "chart-builder 3.5.4 Cross-Site.Request.Forgery MEDIUM" "chart-builder 3.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 2.9.6 Unauthenticated.Local.File.Inclusion.via.source CRITICAL" "chart-builder 2.7.7 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "crete-core No.known.fix Unauthenticated.SQL.Injection HIGH" "copy-move-posts No.known.fix Missing.Authorization MEDIUM" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "ctl-arcade-lite No.known.fix Cross-Site.Request.Forgery.to.Plugin.Activation.and.Deactivation MEDIUM" "community-events 1.5.9 Authenticated.(Administrator+).SQL.Injection.via.'ce_venue_name'.CSV.Field MEDIUM" "community-events 1.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'ce_venue_name'.Parameter MEDIUM" "community-events 1.5.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Event.Approval.via.'eventlist'.Parameter MEDIUM" "community-events 1.5.5 Unauthenticated.SQL.Injection HIGH" "community-events 1.5.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "community-events 1.5.2 Unauthenticated.SQL.Injection CRITICAL" "community-events 1.5.2 Unauthenticated.SQL.Injection CRITICAL" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "custom-facebook-feed 4.3.3 Missing.Authorization MEDIUM" "custom-facebook-feed 4.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'data-color'.Attribute MEDIUM" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cubeportfolio No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "compact-archives 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "codebard-help-desk No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "codebard-help-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codebard-help-desk 1.1.2 Cross-Site.Request.Forgery MEDIUM" "cmsmasters-elementor-addon 1.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "coil-web-monetization No.known.fix Cross-Site.Request.Forgery MEDIUM" "control-horas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-bmi-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cforms-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-skins-contact-form-7 No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Update.and.Skin.Creation MEDIUM" "calendar 1.3.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'event_desc' MEDIUM" "calendar 1.3.15 Contributor+.SQLi.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "cf7-repeatable-fields 2.0.2 Repeatable.Fields.<.2.0.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.field_group.Shortcode MEDIUM" "comments-on-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "cart66-lite 1.5.5 XSS MEDIUM" "cleverreach-wp 1.5.22 Unauthenticated.SQL.Injection.via.id HIGH" "cleverreach-wp 1.5.21 Unauthenticated.SQL.Injection.via.title HIGH" "contact-form-7-round-robin-lead-distribution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "credova-financial 2.5.1 Cross-Site.Request.Forgery MEDIUM" "credova-financial 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "cluevo-lms 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Cross-Site.Request.Forgery.to.Module.Deletion MEDIUM" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "css-for-elementor No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "css-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "chaport 1.1.7 Admin+.Stored.XSS LOW" "cm-video-lesson-manager 1.8.3 Reflected.XSS HIGH" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "chronoforms No.known.fix CSRF MEDIUM" "custom-product-stickers-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.3.6 Unauthenticated.Limited.File.Uploads.and.Conversation.Erasing MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Deletion MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Update MEDIUM" "chatbot-chatgpt 2.1.9 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Assistant.Modification MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Addition MEDIUM" "chatbot-chatgpt 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "checkbox 2.8.11 Missing.Authorization.to.Unauthenticated.Log.Clearing MEDIUM" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization.to.Authenticated.(Contributor+).PHP.Object.Injection HIGH" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization MEDIUM" "car-park-booking-system-for-wordpress No.known.fix Missing.Authorization MEDIUM" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "cubepoints No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-post-limits No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "captchelfie-captcha-by-selfie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "custom-post-order-category 2.0 Missing.Authorization MEDIUM" "custom-smilies-se No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-by-boomdevs No.known.fix Unauthenticated.Information.Exposure MEDIUM" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "custom-post-type-lockdown No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "cbxgooglemap 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxgooglemap 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "custom-field-template No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.7.7 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "custom-field-template 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "cosign-sso No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "coupon-referral-program 1.8.4 Unauthenticated.PHP.Object.Injection HIGH" "coupon-referral-program 1.8.5 Sensitive.Information.Disclosure MEDIUM" "compare-ninja-comparison-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "configure-conference-room No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-egg 8.0.0 Authenticated.(Editor+).PHP.Object.Injection MEDIUM" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "country-blocker-for-adsense No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "cron-logger No.known.fix Missing.Authorization MEDIUM" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "cibeles-ai 1.10.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "conditional-menus 1.2.1 Reflected.XSS HIGH" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "colibri-page-builder 1.0.358 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.342 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.335 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_newsletter.Shortcode MEDIUM" "colibri-page-builder 1.0.334 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.332 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.288 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "clearblue-ovulation-calculator No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "cits-support-svg-webp-media-upload No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cits-support-svg-webp-media-upload No.known.fix Cross-Site.Request.Forgery.to.Font.Assignment.Deletion MEDIUM" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "custom-post-types-image No.known.fix Cross-Site.Request.Forgery MEDIUM" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "chat-help 3.1.4 Unauthenticated.Sensitive.Information.Exposure HIGH" "chat-help 3.1.4 Missing.Authorization MEDIUM" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "code-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "cp-image-store 1.2.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Product.Import MEDIUM" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "contact-form-to-any-api 1.2.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form HIGH" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "cm-email-blacklist 1.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'black_email'.Parameter MEDIUM" "cm-email-blacklist 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "cm-email-blacklist 1.5.4 Reflected.XSS HIGH" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "current-template-name No.known.fix Authenticated.(Contributor+).Information.Exposure MEDIUM" "current-template-name No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "custom-order-numbers-for-woocommerce 1.11.1 Missing.Authorization MEDIUM" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "custom-admin-menu No.known.fix Reflected.XSS HIGH" "custom-admin-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.7.2 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.7.0 Unauthenticated.Payment.Bypass.via.rm_process_paypal_sdk_payment MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.7.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Settings.Modification MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.7.2 Subscriber+.Form.Creation MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.7.2 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.7.2 Privilege.Escalation.via.admin_order CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.7.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'RM_Forms'.Shortcode MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.6.3 Authenticated.(Administrator+).SQL.Injection HIGH" "custom-registration-form-builder-with-submission-manager 6.0.4.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.3.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.2.7 Unauthenticated.Privilege.Escalation.via.Password.Recovery CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.2.1 Stored.XSS LOW" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "category-d3-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coming-soon No.known.fix Missing.Authorization MEDIUM" "coming-soon 6.18.16 Subscriber+.Sensitive.Information.Exposure MEDIUM" "coming-soon 6.18.4 Editor+.Stored.XSS MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "category-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "canonical-attachments No.known.fix Unauthenticated.Stored.XSS HIGH" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "cm-ad-changer 2.0.6 Cross-Site.Request.Forgery MEDIUM" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "clickdesigns 2.0.0 Missing.Authorization.to.API.Key.Modification.or.Removal MEDIUM" "contact-form-7 6.0.6 Order.Replay.Vulnerability MEDIUM" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "cost-of-goods-for-woocommerce 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "csv-to-html 3.15 Reflected.Cross-Site.Scripting HIGH" "csv-to-html 3.27 Subscriber+.Arbitrary.File.Upload CRITICAL" "crm-memberships 2.7 Missing.Authorization.to.Privilege.Escalation.via.Unauthenticated.Password.Reset.in.'ntzcrm_changepassword'.AJAX.Endpoint CRITICAL" "crm-memberships No.known.fix Missing.Authorization.to.Unauthenticated.'ntzcrm_add_new_tag'.AJAX.Action MEDIUM" "crm-memberships 2.5 Admin+.Stored.XSS LOW" "ced-good-market-integration No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "cc-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-smilies No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "compress-then-upload 1.0.5 Admin+.Arbitrary.File.Upload MEDIUM" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "collectchat 2.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Field MEDIUM" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "css-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "canvasflow No.known.fix Reflected.XSS HIGH" "convert-docx2post No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "checklist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "clear-sucuri-cache No.known.fix Missing.Authorization MEDIUM" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "coschool No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "coschool No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "coschool No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "custom-field-for-wp-job-manager 1.5 Cross-Site.Request.Forgery MEDIUM" "custom-field-for-wp-job-manager 1.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "contest-code-checker 2.1.1 Unauthenticated.Information.Exposure MEDIUM" "contest-code-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "contact-manager 8.6.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'title' MEDIUM" "contact-manager 8.6.5 Unauthenticated.Arbitrary.Double.File.Extension.Upload HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Editor+).Local.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Contributor+).Limited.Local.PHP.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons 3.6 Contributor+.Stored.XSS MEDIUM" "cryptx 4.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-us-simple-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "crafty-social-buttons 1.5.8 XSS MEDIUM" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "category-posts 4.9.20 Admin+.Stored.XSS LOW" "category-posts 4.9.18 Admin+.Stored.XSS LOW" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "custom-login-url 1.0.3 Missing.Authorization MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "cnzz51la-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cubepm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "countdown-wpdevart-extended 1.8.3 Admin+.Stored.XSS LOW" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "cf7-material-design No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cj-change-howdy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cssigniter-shortcodes 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'element'.Shortcode.Attribute MEDIUM" "capitalize-my-title No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.82 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.75 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.77 Admin+.Stored.XSS.via.Custom.Styles LOW" "cp-polls 1.0.77 Admin+.Stored.Cross-Site.Scripting LOW" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "cww-companion 1.3.3 Cross-Site.Request.Forgery MEDIUM" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "ctl-behance-importer-lite No.known.fix Unauthenticated.SQL.Injection HIGH" "cost-calculator-builder-pro 3.2.16 Unauthenticated.SQL.Injection.via.data HIGH" "cost-calculator-builder-pro 3.2.2 .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "claspo 1.0.8 Missing.Authorization MEDIUM" "cloud-sso-single-sign-on 1.0.20 Unauthenticated.Identity.Provider.Deletion MEDIUM" "cloud-sso-single-sign-on 1.0.20 Missing.Authorization.to.Unauthenticated.Settings.Modification.via.set_organization_settings.Action HIGH" "cloud-sso-single-sign-on 1.0.19 Single.Sign.On.Login.<.1.0.19.-.Unauthenticated.Local.File.Inclusion HIGH" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "content-locker-for-elementor 1.0.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Upload HIGH" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cm-on-demand-search-and-replace 1.5.3 Cross-Site.Request.Forgery MEDIUM" "cm-on-demand-search-and-replace 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cm-on-demand-search-and-replace No.known.fix Missing.Authorization MEDIUM" "cm-on-demand-search-and-replace 1.4.3 Reflected.XSS HIGH" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "cleverreach-wc 3.4.7 Settings.Update.via.CSRF MEDIUM" "css-js-files 1.5.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "crazy-call-to-action-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "code-explorer No.known.fix Authenticated.(Administrator+).Arbitrary.File.Read.via.'file'.Parameter MEDIUM" "code-explorer No.known.fix Authenticated.(Admin+).External.File.Reading MEDIUM" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "captcha-bank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-hubspot 1.4.4 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "cf7-hubspot 1.4.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "cf7-calendly-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "citations-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'code'.Shortcode.Attribute MEDIUM" "customize-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "cf7save-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cmc-migrate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "creatorlms 1.1.13 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "creatorlms 1.1.13 Missing.Authorization MEDIUM" "contact-us-page-contact-people No.known.fix Contact.people.LITE.<=.3.7.4.-.Authenticated.(Contributor+).SQL.Injection MEDIUM" "contact-us-page-contact-people No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.style.Parameter MEDIUM" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "call-me-now No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "call-to-action-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cost-calculator-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatwee No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "chatwee No.known.fix Missing.Authorization MEDIUM" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "classic-editor-and-classic-widgets 1.4.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "customer-reviews-collector-for-woocommerce 4.7 Reflected.Cross-Site.Scripting MEDIUM" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "copy-the-code 4.0.4 Contributor+.Stored.XSS MEDIUM" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkout-upsell-and-order-bumps 2.2.5 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "checkout-upsell-and-order-bumps No.known.fix Missing.Authorization MEDIUM" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-time 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-time 1.2.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "czater No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-gui No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "crm2go No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-entries 1.4.8 Unauthenticated.PHP.Object.Injection.via.'download_csv' CRITICAL" "contact-form-entries 1.4.6 Missing.Authorization.to.Unauthenticated.Form.Data.Exfiltration.via.CSV.Export MEDIUM" "contact-form-entries 1.4.4 Unauthenticated.PHP.Object.Injection.to.Arbitrary.File.Deletion CRITICAL" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkout-field-visibility-for-woocommerce 1.4.0 Unauthenticated.Local.File.Inclusion CRITICAL" "cloudinary-image-management-and-manipulation-in-the-cloud-cdn No.known.fix Missing.Authorization MEDIUM" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "charitable 1.8.8.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "charitable 1.8.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin's.Privacy.Settings MEDIUM" "charitable 1.8.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.8.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.8.3.1 Reflected.Cross-Site.Scripting MEDIUM" "charitable 1.8.1.15 Insecure.Direct.Object.Reference.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.5.14 Unauthorised.Access HIGH" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "comments-capcha-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "complianz-gdpr 7.4.4 Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "contact-form-vcard-generator No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure.via.'wp-gvc-cf-download-id'.Parameter MEDIUM" "contact-form-vcard-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-vcard-generator No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cosmosfarm-share-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-timer-block No.known.fix Contributor+.Stored.XSS MEDIUM" "cf7-paystack-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "crossword-compiler-puzzles No.known.fix Subscriber+.Stored.XSS HIGH" "crossword-compiler-puzzles 5.3 Subscriber+.Arbitrary.File.Upload HIGH" "comments-with-hypercommentscom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-functions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "captcha 4.4.5 Backdoored MEDIUM" "cookiecode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "case-theme-user 1.0.4 Authentication.Bypass.via.Social.Login CRITICAL" "case-theme-user 1.0.4 Unauthenticated.Local.File.Inclusion HIGH" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "cryptocurrency-price-widget 1.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "cf7-submission-dom-tracking 2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "clevernode-related-content 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "cloudflare-cache-purge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "cookie-notice-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatra-live-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "card-elements-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Profile.Card.Widget MEDIUM" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "change-wp-admin-login 2.0.9 IP.Sooofing.to.Protection.Mechanism.Bypass MEDIUM" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "client-power-tools 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "countdown-for-the-events-calendar 1.4.16 Missing.Authorization MEDIUM" "countdown-for-the-events-calendar 1.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "custom-pc-builder-lite-for-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ck-and-syntaxhighlighter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "classic-widgets-with-block-based-widgets No.known.fix Missing.Authorization MEDIUM" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "contentoptin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cooked-pro 1.8.0 Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "custom-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crypto-payment-gateway-with-payeer-for-woocommerce No.known.fix Unauthenticated.Payment.Bypass HIGH" "convertforce-popup-builder 0.0.8 Stored.Cross-Site.Scripting.via.entrance_animation MEDIUM" "cf7-spreadsheets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cf7-spreadsheets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-spreadsheets No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "crm-erp-business-solution No.known.fix Missing.Authorization MEDIUM" "clasifico-listing No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-bot No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cwd-3d-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "chesstempoviewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-master No.known.fix Reflected.XSS HIGH" "canalplan-ac No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "computer-repair-shop 4.1133 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification.via.wc_rep_shop_settings_submission.AJAX.Action MEDIUM" "computer-repair-shop 4.1121 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.Signature.Upload.to.Orders MEDIUM" "computer-repair-shop 3.8214 Missing.Authorization MEDIUM" "computer-repair-shop 3.8120 Authenticated.(Customer+).Privilege.Esclation.via.Account.Takeover CRITICAL" "computer-repair-shop 3.8122 Missing.Authorization.to.Account.Takeover/Privilege.Escalation HIGH" "computer-repair-shop 3.8116 Unauthenticated.Arbitrary.File.Upload CRITICAL" "contact-form-7-mailchimp-extension 0.9.69 Authenticated.(Contributor+).Information.Exposure MEDIUM" "contact-form-7-mailchimp-extension 0.9.19 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension 0.9.19 Subscriber+.Server-Side.Request.Forgery MEDIUM" "cookiebot 4.6.5 Missing.Authorization MEDIUM" "cookiebot 4.5.9 Cross-Site.Request.Forgery MEDIUM" "cookiebot 4.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Survey.Submission MEDIUM" "cookiebot 3.6.1 CSRF.&.XSS LOW" "connect-contact-form-7-to-constant-contact-v3 1.5 Reflected.Cross-Site.Scripting MEDIUM" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-import-export-woocommerce 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "comments-import-export-woocommerce 2.3.9 Authenticated.(Author+).Arbitrary.File.Read.via.Directory.Traversal MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "car-rental-manager 1.2.0 Missing.Authorization MEDIUM" "custom-sidebars-by-proteusthemes No.known.fix Cross-Site.Request.Forgery MEDIUM" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cloud-search No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cf7-dynamics-crm 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-zoho 1.3.1 Unauthenticated.PHP.Object.Injection CRITICAL" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cookie-notice-consent 1.6.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cookie-notice-consent 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "crowdsignal-forms 1.8.0 Missing.Authorization MEDIUM" "classified-listing 5.3.5 Authenticated.(Subscriber+).Sensitive.Data.Exposure MEDIUM" "classified-listing 5.0.4 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Listing.Description MEDIUM" "classified-listing 5.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).Listing.Types.Tampering MEDIUM" "classified-listing 5.0.7 Missing.Authorization MEDIUM" "classified-listing 5.0.1 Authenticated.(Contributor+).Content.Injection MEDIUM" "classified-listing 4.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "classified-listing 4.0.5 Unauthenticated.Settings.Exposure MEDIUM" "classified-listing 3.1.16 Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update HIGH" "classified-listing 3.1.17 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "combo-wp-rewrite-slugs No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "consensus-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'src'.Shortcode.Attribute MEDIUM" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cas-maestro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "content-slider-block 3.1.6 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "child-themes-helper No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "canto-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'fx'.Shortcode.Attribute MEDIUM" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "csv-mass-importer No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "custom-word-cloud No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.angle.Parameter MEDIUM" "custom-widget-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "code-quality-control-tool 2.2 Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "countdowner-elementor No.known.fix Missing.Authorization MEDIUM" "currency-switcher-woocommerce 2.16.3 Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "codeablepress-simple-frontend-profile-picture-upload No.known.fix Missing.Authorization MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "coins-marketcap 5.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "call-now-coccoc-pht-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "criptopayer-elementor No.known.fix Missing.Authorization MEDIUM" "calendi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-bulkquick-edit No.known.fix Cross-Site.Request.Forgery MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.type.Parameter MEDIUM" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "custom-taxonomy-category-and-term-fields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chakra-test 1.0.2 Missing.Authorization MEDIUM" "cookie-consent-autoblock No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "clicksold-wordpress-plugin No.known.fix Admin+.XSS LOW" "constant-contact-api No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "cf7-telegram 0.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Subscription.Approve/Pause/Refuse MEDIUM" "chative-live-chat-and-chatbot 1.2 Channel/Org.ID.Update.via.CSRF MEDIUM" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "cpt-ajax-load-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "content-snippet-manager 1.1.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cleanup-light 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-audit-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-7-hide-success-message No.known.fix Missing.Authorization MEDIUM" "custom-top-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chartbeat No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "cart66-cloud No.known.fix Unauthenticated.Information.Exposure MEDIUM" "cart66-cloud No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "couponxxl-cpt 3.1 Unauthenticated.Privilege.Escalation CRITICAL" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "checkout-mestres-wp No.known.fix 8.7.5.-.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 8.6.1 Authenticated.(Admin+).Local.File.Inclusion HIGH" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "comment-emailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-blocks-builder 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "caldera-smtp-mailer No.known.fix Missing.Authorization MEDIUM" "campay-api 1.2.3 Unauthenticated.Payment.Bypass MEDIUM" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contentmx-content-publisher 1.0.7 Cross-Site.Request.Forgery MEDIUM" "contentmx-content-publisher 1.0.7 Missing.Authorization MEDIUM" "creative-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-team-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "causes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "century-toolkit No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "category-icon 1.0.3 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "category-icon No.known.fix Author+.XML.External.Entity.Injection MEDIUM" "category-icon 1.0.2 Author+.Arbitrary.File.Download MEDIUM" "category-icon 1.0.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "comparepress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "changyan No.known.fix Missing.Authorization MEDIUM" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "carter-elementor No.known.fix Missing.Authorization MEDIUM" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "cryptocloud-crypto-payment-gateway 2.3.2 Crypto.Payment.Gateway.<.2.3.2.-.Missing.Authorization MEDIUM" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "change-wp-page-permalinks No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Rewrite.Rules.Flush MEDIUM" "coon-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "custom-frames No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'class'.Shortcode.Parameter MEDIUM" "copy-menu No.known.fix Missing.Authorization MEDIUM" "cm-faq 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "category-featured-images No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-antispam 0.6.4 Cross-Site.Request.Forgery MEDIUM" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "chatbot 7.7.4 Missing.Authorization MEDIUM" "chatbot 7.4.0 Missing.Authorization MEDIUM" "chatbot 7.1.0 Admin+.Stored.XSS LOW" "chatbot 6.7.5 Missing.Authorization MEDIUM" "chatbot 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "chatbot 6.2.4 Admin+.Stored.XSS LOW" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "coschedule-by-todaymade 3.4.1 Missing.Authorization MEDIUM" "coschedule-by-todaymade 3.4.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "cision-block 4.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "content-manager-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-manager-light No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "conformer-elementor 1.0.8 Missing.Authorization MEDIUM" "christmas-panda 1.1.0 Cross-Site.Request.Forgery MEDIUM" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "curated-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coming-soon-countdown No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-lift 3.1.6 Reflected.XSS HIGH" "cf7-calendar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "cm-css-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tag'.Shortcode.Attribute MEDIUM" "cookie-scanner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "covid-19-alert No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "contact-form-plugin No.known.fix Missing.Authorization MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "cute-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'color'.Shortcode.Attribute MEDIUM" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "country-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "country-blocker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "camoo-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-url-shorter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-wp-rest-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-reply-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "contact-form-7-select-box-editor-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "crowdfunding-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "crowdfunding-for-woocommerce 3.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "color-your-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "create-temporary-login 1.0.8 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "court-reservation 1.10.9 Event.Deletion.via.CSRF MEDIUM" "court-reservation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-email-add-on No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "countdown-timer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'countdown_label' MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "cryout-serious-slider 1.3.0 Missing.Authorization MEDIUM" "cryout-serious-slider 1.2.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "c9-admin-dashboard No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "cities-shipping-zones-for-woocommerce 1.2.8 Authenticated.(Shop.Manager+).Local.File.Inclusion HIGH" "cyrlitera 1.3.1 Cross-Site.Request.Forgery MEDIUM" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "coaching-staffs 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clicface-trombi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.nom.Parameter MEDIUM" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "church-management No.known.fix Unauthenticated.SQL.Injection HIGH" "church-management No.known.fix Subscriber+.Privilege.Escalation HIGH" "church-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "church-management No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "collapsing-categories 3.0.9 Unauthenticated.SQL.Injection HIGH" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "c9-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "c9-blocks No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "checkout-files-upload-woocommerce 2.2.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "checkout-files-upload-woocommerce 2.2.1 Contributor+.Stored.XSS MEDIUM" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "crudlab-google-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "crush-pics No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "callback-request No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chalet-montagne-com-tools No.known.fix Reflected.XSS HIGH" "category-featured-images-extended No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "cookie-monster No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "campus-explorer-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cab-fare-calculator 1.1.7 Admin+.Stored.XSS LOW" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "copymatic No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "copyright-safeguard-footer-notice No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cal-com No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "card-flip-image-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "cf7-cc-avenue-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-fetcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ctabs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "coding-blocks No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "clink No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "carousel-slider 2.2.15 Contributor+.Stored.XSS MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "copyscape-premium 1.4.2 Cross-Site.Request.Forgery MEDIUM" "copyscape-premium 1.4.0 Stored.XSS.via.CSRF HIGH" "content-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codehaveli-bitly-url-shortener 1.5.0 Cross-Site.Request.Forgery MEDIUM" "contact-form-lite 1.1.29 Contributor+.Stored.XSS MEDIUM" "contact-form-lite 1.1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-login-page No.known.fix Reflected.XSS HIGH" "certifica-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.evento.Parameter MEDIUM" "cyan-backup 2.5.5 Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "cyan-backup 2.5.4 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.Remote.Storage.Settings LOW" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.General.Settings LOW" "cosmic-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.4.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Settings MEDIUM" "calculated-fields-form 5.4.4.2 Missing.Authorization MEDIUM" "calculated-fields-form 5.3.59 Cross-Site.Request.Forgery MEDIUM" "calculated-fields-form 5.2.62 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.62 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.64 Denial.of.Service MEDIUM" "calculated-fields-form 5.2.64 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.46 HTML.Injection MEDIUM" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-type No.known.fix Cross-Site.Request.Forgery.to.Custom.Post.Type.Deletion MEDIUM" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "create-custom-dashboard-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-custom-dashboard-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-manual-spam-blocker No.known.fix Stored.XSS.via.CSRF HIGH" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "cf7-constant-contact 1.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf7-constant-contact 1.1.6 CSRF MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "captionpix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chatroll-live-chat 2.6.0 Contributor+.Stored.XSS MEDIUM" "cj-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cool-fade-popup No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "cliptakes 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "classy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "cognito-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "cinza-grid 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Skin.Content.Field MEDIUM" "comment-info-detector No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-syndication-toolkit-reader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clicksend-contactform7 No.known.fix Missing.Authorization MEDIUM" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "custom-users-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "categorify No.known.fix Missing.Authorization MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customized-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.URL MEDIUM" "clients No.known.fix Missing.Authorization MEDIUM" "clients No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "chatlive No.known.fix Unauthenticated.SQL.Injection HIGH" "counters-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-generator 2.9.0 Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-7-dynamic-text-extension No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "contact-form-7-dynamic-text-extension 5.0.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-dynamic-text-extension 4.5.1 Information.Disclosure.via.Shortcode MEDIUM" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "currency-switcher 1.2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "cf7-submissions No.known.fix Missing.Authorization MEDIUM" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cbxpoll No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "circle-image-slider-with-lightbox 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-anti-spambot No.known.fix Missing.Authorization MEDIUM" "comment-validation-reloaded No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chat-viber 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "codeflavors-vimeo-video-post-lite 2.3.6 Cross-Site.Request.Forgery MEDIUM" "codeflavors-vimeo-video-post-lite 2.3.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "csv-me No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "cookie-consent-for-developers No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Multiple.Settings.Fields MEDIUM" "cab-grid 1.6 Admin+.Stored.XSS LOW" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "convertplug 3.5.31 ConvertPlus.<.3.5.31.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.4.5 Multiple.Issues HIGH" "curved-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "cargus 1.5.9 Unauthenticated.Information.Exposure MEDIUM" "counter-box 2.0.7 Authenticated.(Administrator+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "counter-box 2.0.6 Cross-Site.Request.Forgery MEDIUM" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "customizable-captcha-and-contact-us-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "calendapp No.known.fix Reflected.XSS HIGH" "crawlomatic-multipage-scraper-post-generator 2.6.9 Missing.Authorization MEDIUM" "crawlomatic-multipage-scraper-post-generator 2.6.9 Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "crawlomatic-multipage-scraper-post-generator 2.6.8.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "competition-form No.known.fix Reflected.XSS HIGH" "competition-form No.known.fix Competition.Deletion.via.CSRF MEDIUM" "custom-store-locator 1.4.8 Reflected.Cross-Site.SCripting MEDIUM" "custom-iframe 1.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbx-restaurant-booking No.known.fix Plugin.Reset.via.CSRF MEDIUM" "contest-gallery 28.1.2.2 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "contest-gallery 28.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 28.1.2 Missing.Authorization MEDIUM" "contest-gallery 28.0.3 Missing.Authorization MEDIUM" "contest-gallery 28.0.1 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 28.0.0 Unauthenticated.CSV.Injection MEDIUM" "contest-gallery 27.0.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 26.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contest-gallery 26.0.7 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 26.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 26.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "contest-gallery 26.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contest-gallery 25.1.2 Authenticated.(Author+).SQL.Injection MEDIUM" "contest-gallery 24.0.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 24.0.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "contest-gallery 24.0.4 Unauthenticated.SQL.Injection CRITICAL" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "canadian-nutrition-facts-label No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Nutrition.Label.Custom.Post.Type MEDIUM" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-comment-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cookie-notice 2.5.9 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.5.9 Author+.Stored.XSS MEDIUM" "cookie-notice 2.4.18 Admin+.Stored.XSS LOW" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "custom-widget-classes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-form-wp No.known.fix Admin+.Stored.XSS LOW" "custom-list-table-example No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cookie-notice-and-consent-banner 1.7.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "click-to-chat-for-whatsapp 4.23 Contributor+.Stored.XSS.via.data-no_number.Parameter MEDIUM" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "csv-wc-product-import-export No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "contact-form-7-star-rating-with-font-awersome No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "categorycustomfields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "custom-post-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "content-protector 4.2.26 Global.Protection.Bypass MEDIUM" "content-protector 4.2.24 Password.Protection.Bypass MEDIUM" "content-protector 4.2.26 Missing.Authorization MEDIUM" "content-protector 4.2.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "content-protector 4.2.20 Unauthenticated.Information.Exposure MEDIUM" "content-protector 4.2.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-protector 4.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cxc-sawa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cardealerpress 6.8.2505.01 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.saleclass.Parameter MEDIUM" "cardealerpress 6.7.2411.00 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 3.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'_cl_map_iframe'.Parameter MEDIUM" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "clikstats No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "companion-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "cf-geoplugin No.known.fix Unauthenticated.Information.Exposure MEDIUM" "cf-geoplugin 8.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin 8.7.0 Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "cloak-front-end-email 1.9.6 Missing.Authorization MEDIUM" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "course-migration-for-learndash No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cardealer 4.48 Missing.Authorization MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "crudlab-facebook-like-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cookielay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cookielay.Shortcode MEDIUM" "card-games No.known.fix CSRF.Bypass NONE" "cm-map-locations 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "cm-map-locations 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-list-widget No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "couponapi No.known.fix Authenticated.(Administrator+).SQL.Injection.via.'log_duration' MEDIUM" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "client-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "cm-answers 3.3.4 Cross-Site.Request.Forgery MEDIUM" "cm-answers 3.2.7 Missing.Authorization MEDIUM" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "custom-fonts 2.1.17 Missing.Authorization.to.Unauthenticated.Font.Deletion MEDIUM" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "charitydonation-thermometer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "canto No.known.fix Missing.Authorization.to.Unauthenticated.File.Upload MEDIUM" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.9 Unauthenticated.Blind.SSRF MEDIUM" "cookiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "code-engine 0.3.4 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "code-engine 0.3.3 Contributor+.Stored.XSS MEDIUM" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "codeconfig-accessibility No.known.fix Authenticated.(Subscriber+).Missing.Authorization.to.Modify.Accessibility.Settings MEDIUM" "codeconfig-accessibility 1.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Page.Creation MEDIUM" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "course-booking-platform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "checkbot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contentstudio 1.4.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "contentstudio 1.4.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contentstudio 1.4.0 Missing.Authorization MEDIUM" "contentstudio 1.3.7 Missing.Authorization MEDIUM" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "custom-post-type-ui 1.18.2 Admin+.Stored.XSS.via.'label'.Import.Parameter LOW" "custom-post-type-ui 1.18.1 Unauthenticated.Custom.Post.Type.Modification LOW" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "coupon-lite 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coupon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "commercial-real-estate-valuation-calculator 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link.Parameter MEDIUM" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "cricket-score 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-campaign-monitor-extension No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "chapa-payment-gateway-for-woocommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "content-views-query-and-display-post-page 4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Grid.and.List.Widgets MEDIUM" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "card-elements-for-wpbakery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "child-themes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "cookies-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-shortcode 4.2.6 Reflected.Cross-Site.Scripting MEDIUM" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "cf7-builder No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "checkout-gateway-iris 1.4 Missing.Authorization MEDIUM" "custom-login-and-signup-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-login-and-signup-widget No.known.fix Authenticated.(Administrator+).Remote.Code.Execution HIGH" "contact-form-cfdb7 1.3.2 Unauthenticated.Stored.XSS.via.tmpD.Parameter MEDIUM" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "coven-core No.known.fix Unauthenticated.SQL.Injection HIGH" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "case-study No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "cart-tracking-for-woocommerce 1.0.18 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cart-tracking-for-woocommerce 1.0.17 Authenticated.(Administrator+).SQL.Injection MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cliengo No.known.fix Missing.Authorization MEDIUM" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "create-flipbook-from-pdf No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "csv-importer-improved No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "critical-site-intel-stats No.known.fix Unauthenticated.SQL.Injection CRITICAL" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "counter-visitor-for-woocommerce 1.3.7 Unauthenticated.Arbitrary.File.Deletion.in.wcvisitor_get_block HIGH" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "co-marquage-service-public No.known.fix Cross-Site.Request.Forgery MEDIUM" "co-marquage-service-public 0.5.77 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "custom-query-shortcode 0.5.0 Authenticated.(Contributor+).Path.Traversal.via.lens.Parameter MEDIUM" "clover-online-orders 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.moo_receipt_link.Shortcode MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "content-control 2.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-control 2.6.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "directiq-wp No.known.fix Unauthenticated.SQL.Injection HIGH" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "dt-the7-core 2.7.12 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "dzs-zoomsounds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dzs-zoomsounds No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.and.Settings.Manipulation HIGH" "dzs-zoomsounds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.PHP.Object.Injection HIGH" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "demo-importer-plus 2.0.10 Authenticated.(Author+).Blind.XML.External.Entity.Injection.via.SVG.File.Upload HIGH" "demo-importer-plus 2.0.9 Missing.Authorization MEDIUM" "demo-importer-plus 2.0.9 Missing.Authorization.to.Authenticated.(Subscriber+).Site.Reset.and.Privilege.Escalation HIGH" "demo-importer-plus 2.0.7 Authenticated.(Author+).Arbitrary.File.Upload.via.WXR.Upload.Bypass HIGH" "demo-importer-plus 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "dmca-badge No.known.fix Missing.Authorization MEDIUM" "dont-break-the-code No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "db-backup No.known.fix Missing.Authorization MEDIUM" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "double-the-donation 3.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "double-the-donation 3.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "double-the-donation 3.0.0 Cross-Site.Request.Forgery MEDIUM" "daily-prayer-time-for-mosques 2024.09.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "debug-bar-extender No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dynamic-post-grid-elementor-addon 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dicom-support 0.10.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "designthemes-directory-addon No.known.fix Missing.Authorization MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "dts-simple-share No.known.fix Admin+.XSS LOW" "debug 1.11 CSRF MEDIUM" "download-media-library No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "delicious-recipes 1.9.2 Missing.Authorization MEDIUM" "delicious-recipes 1.9.1 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "delicious-recipes 1.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.8.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dream-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.'dreampluginsmain'.AJAX.Action MEDIUM" "dukapress No.known.fix Reflected.XSS HIGH" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "different-shipping-and-billing-address-for-woocommerce 1.6 Unauthenticated.PHP.Object.Injection CRITICAL" "different-shipping-and-billing-address-for-woocommerce 1.5 Unauthenticated.SQL.Injection HIGH" "different-shipping-and-billing-address-for-woocommerce 1.3 Unauthenticated.SQL.Injection HIGH" "dialogity-website-chat 1.0.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-content-cure No.known.fix Cross-Site.Request.Forgery MEDIUM" "donations-block 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "download-attachments 1.3.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dorzki-notifications-to-slack No.known.fix Missing.Authorization MEDIUM" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "domain-for-sale 3.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class_name.Parameter MEDIUM" "dp-alterminator-missing-alt-manager No.known.fix Missing.ALT.manager.<=.1.0.2.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "disable-elementor-editor-translation 1.0.3 Missing.Authorization MEDIUM" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "dynamic-product-categories-design 1.1.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "dh-local-seo No.known.fix Unauthenticated.SQL.Injection HIGH" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "dadata-ru No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "dzs-wootable No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dzs-wootable No.known.fix Missing.Authorization MEDIUM" "designthemes-lms 1.0.5 Unauthenticated.Privilege.Escalation CRITICAL" "dynamic-widget-content 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Content.Field MEDIUM" "documentpress-display-any-document-on-your-site No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "donate-visa No.known.fix Missing.Authorization MEDIUM" "droip 2.5.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "droip 2.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Many.Actions HIGH" "droip 2.5.2 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "droip 2.5.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "document-emberdder 2.0.5 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.Document.Library.Entry.Deletion MEDIUM" "document-emberdder 2.0.1 Missing.Authorization.to.Unauthenticated.Document.Manipulation HIGH" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "davenport No.known.fix Versatile.Blog.and.Magazine.WordPress.Theme.<=.1.3.-.Unauthenticated.Local.File.Inclusion CRITICAL" "dark-mode 1.7 Stored.XSS MEDIUM" "database-toolset No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Backup.Files MEDIUM" "database-toolset No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "database-toolset No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "digits 8.4.6.1 Auth.Bypass.via.OTP.Bruteforcing CRITICAL" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "dsgvo-youtube 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "demo-user-dzs-showcase-your-admin-safely No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "docket-cache 24.07.05 Missing.Authorization MEDIUM" "docket-cache 24.07.04 Unauthenticated.Local.File.Inclusion HIGH" "docket-cache 24.07.03 Unauthenticated.Local.File.Inclusion CRITICAL" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "devformatter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.CSS MEDIUM" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dynamictags 1.4.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "digiwidgets-image-editor No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "datalogics 2.6.60 Unauthenticated.Privilege.Escalation CRITICAL" "dynamically-display-posts No.known.fix Unauthenticated.SQL.Injection HIGH" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "dropdown-multisite-selector 0.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "directorypress 3.6.27 Missing.Authorization MEDIUM" "directorypress 3.6.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "directorypress 3.6.23 Cross-Site.Request.Forgery MEDIUM" "directorypress 3.6.20 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "directorypress 3.6.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "directorypress 3.6.11 Contributor+.SQL.Injection HIGH" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "drm-protected-video-streaming No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Reflected.XSS HIGH" "dynamic-ajax-product-filters-for-woocommerce 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "dynamic-ajax-product-filters-for-woocommerce 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.name.Parameter MEDIUM" "dynamic-user-directory 2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "don8 No.known.fix Admin+.Stored.XSS LOW" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "devvn-image-hotspot 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Custom.Field.Meta MEDIUM" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "dd-roles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.9.6 Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.9.3 Missing.Authorization.to.Unauthenticated.File.Deletion LOW" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.9.3 Unauthenticated.Limited.Arbitrary.File.Upload MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.9.1 Directory.Traversal MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.9.0 Unauthenticated.Arbitrary.File.Upload.via.Insufficient.Blacklist.Checks HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.9 Unauthenticated.PHP.Object.Injection.via.PHAR.to.Arbitrary.File.Deletion HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.8 Unauthenticated.Arbitrary.File.Deletion HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.6 Limited.Arbitrary.File.Deletion MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "do-that-task No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "ds-cf7-math-captcha 3.0.1 Reflected.XSS HIGH" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "donation No.known.fix Admin+.SQLi MEDIUM" "data-visualizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "dentalcare-cpt No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "dhvc-form 2.4.8 Unauthenticated.Privilege.Escalation CRITICAL" "dt-reservation-plugin No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "dt-reservation-plugin 1.7 Reflected.Cross-Site.Scripting MEDIUM" "digital-license-manager 1.7.4 Reflected.Cross-Site.Scripting.via.remove_query_arg.Function MEDIUM" "drop-shadow-boxes 1.7.15 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "dofollow-case-by-case 3.6.0 Cross-Site.Request.Forgery MEDIUM" "dofollow-case-by-case 3.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dofollow-case-by-case 3.6.0 Cross-Site.Request.Forgery MEDIUM" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "database-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dsgvo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "dx-auto-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debt-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dadevarzan-common 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "datamentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-title-validate 1.4 Subscriber+.SQL.Injection HIGH" "designthemes-portfolio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dinatur No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "device-detector 4.2.1 Reflected.Cross-Site.Scripting.via.id MEDIUM" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "definitive-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "designer No.known.fix Contributor+.Stored.XSS MEDIUM" "designer 1.5.0 Contributor+.Local.File.Inclusion HIGH" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drivr-google-drive-file-picker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "docus 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "developer-loggers-for-simple-history 0.5.1 Authenticated.(Admin+).Local.File.Inclusion MEDIUM" "damedia-giglist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'list_title'.Shortcode.Attribute MEDIUM" "dzs-restaurantmenu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "darna-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dominokit No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "directorist-booking No.known.fix Unauthenticated.SQL.Injection HIGH" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "datasets-manager-by-arttia-creative No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "disable-auto-updates No.known.fix Cross-Site.Request.Forgery.to.Auto-update.Disable MEDIUM" "display-metadata No.known.fix Contributor+.Stored.XSS MEDIUM" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "dima-take-action No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dr-widgets-blocks 1.1.4 Missing.Authorization MEDIUM" "dr-widgets-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-original-image No.known.fix Cross-Site.Request.Forgery MEDIUM" "debranding No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "debranding No.known.fix Privilege.Escalation HIGH" "delucks-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delucks-seo 2.6.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "delucks-seo 2.6.0 Missing.Authorization MEDIUM" "delucks-seo 2.6.0 Contributor+.Stored.XSS MEDIUM" "delucks-seo No.known.fix Subscriber+.Arbitrary.File.Read MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dp-addthis No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dp-intro-tours 6.5.3 Reflected.Cross-Site.Scripting MEDIUM" "dynamicconditions 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "defend-wp-firewall 1.1.1 Missing.Authorization MEDIUM" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "drop-in-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digipass No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "dokme No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "doneren-met-mollie 2.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Stored.XSS.via.CSRF HIGH" "delay-redirects No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "db-access No.known.fix Subscriber+.SQLi HIGH" "depicter 4.7.0 Missing.Authorization.to.Unauthenticated.Display.Rule.Updates MEDIUM" "depicter 4.0.5 Missing.Authorization MEDIUM" "depicter 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Safe.File.Type.Upload MEDIUM" "depicter 4.0.5 Cross-Site.Request.Forgery MEDIUM" "depicter 3.6.2 Unauthenticated.SQLi.via.'s'.Parameter HIGH" "depicter 3.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Missing.Authorization MEDIUM" "depicter 3.5.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "dpt-oauth-client No.known.fix CSRF MEDIUM" "doofinder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duogeek-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "directorypress-frontend 2.8.0 Cross-Site.Request.Forgery.to.Listing.Status.Update MEDIUM" "devs-crm No.known.fix Unauthenticated.Information.Expsoure MEDIUM" "devs-crm No.known.fix Missing.Authorization.to.Unauthenticated.Lead.Tag.Update MEDIUM" "document-pro-elementor No.known.fix Unauthenticated.Information.Exposure MEDIUM" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "docxpresso No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "dr-affiliate No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "deny-all-firewall 1.1.7 CSRF HIGH" "dashboard-welcome-for-beaver-builder No.known.fix Missing.Authorization MEDIUM" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "display-pages-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daisycon 5.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daisycon 4.9.0 Contributor+.SQL.Injection MEDIUM" "dynamic-url-seo 1.2 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-url-seo 1.2 Cross-Site.Request.Forgery MEDIUM" "dynamic-url-seo 1.2 Reflected.XSS HIGH" "debatemaster No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Color.Options.via.'debate'.Shortcode MEDIUM" "dk-pricr-responsive-pricing-table 5.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'table_currency' MEDIUM" "dk-pricr-responsive-pricing-table 5.1.13 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "dsgvo-all-in-one-for-wp 4.7 Cross-Site.Request.Forgery.to.Account.Deletion MEDIUM" "dsgvo-all-in-one-for-wp 4.6 Contributor+.Stored.XSS MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "digital-marketing-agency-templates-for-elementor No.known.fix Cross-Site.Request.Forgery.to.Import MEDIUM" "docodoco-store-locator No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "dl-leadback No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dap-to-autoresponders-daar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "disabler 4.0.0 CSRF MEDIUM" "ds-site-message 1.14.5 Stored.XSS.via.CSRF HIGH" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drop-caps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "devoluciones-packback No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "display-future-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "divelogs-widget 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "domain-sharding No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dsgnwrks-twitter-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "di-themes-demo-site-importer No.known.fix Cross-Site.Request.Forgery MEDIUM" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa No.known.fix Cross-Site.Request.Forgery MEDIUM" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "drag-and-drop-file-uploads-wc-pro 5.0.7 WooCommerce.<.5.0.7.and.5.0.-.5.0.5.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "duplicate-pp 3.5.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "dhivehi-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digital-events-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.column.Parameter MEDIUM" "dezdy-mcommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "distance-rate-shipping-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "dropdown-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "developer-tools No.known.fix Developer.Tools.<=.1,1,3..Unauthenticated.Arbitrary.File.Upload CRITICAL" "divi-booster 5.0.2 Unauthenticated.PHP.Object.Injection HIGH" "dforms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "design-import-export 2.3 Authenticated.(Administrator+).SQL.Injection.via.XML.File.Import MEDIUM" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "discount-and-dynamic-pricing 2.3.0 Cross-Site.Request.Forgery MEDIUM" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dejureorg-vernetzungsfunktion 1.98.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "database-to-excel No.known.fix Cross-Site.Request.Forgery MEDIUM" "dtc-documents No.known.fix Cross-Site.Request.Forgery MEDIUM" "devrix-dark-site 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "dashing-memberships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "dn-sitemap-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "did-prestashop-display No.known.fix Cross-Site.Request.Forgery MEDIUM" "database-backup 2.37 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "database-backup 2.36 Authenticated.(Administrator+).Sensitive.Information.Exposure HIGH" "database-backup 2.33 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "download-counter-button No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-notepad No.known.fix Cross-Site.Request.Forgery MEDIUM" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "dreamstime-stock-photos 4.2 Reflected.Cross-Site.Scripting MEDIUM" "download-after-email No.known.fix Missing.Authorization MEDIUM" "download-after-email 2.1.7 2.1.6.-.Unauthorized.Repeated.Form.Submissions MEDIUM" "ditty-news-ticker 3.1.59 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.58 Unauthenticated.SSRF HIGH" "ditty-news-ticker 3.1.52 Author+.Stored.XSS LOW" "ditty-news-ticker 3.1.47 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "domain-theme No.known.fix Cross-Site.Request.Forgery MEDIUM" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "dashboard-widget-sidebar No.known.fix Missing.Authorization MEDIUM" "debounce-io-email-validator 5.8.2 Stored.XSS.via.CSRF HIGH" "debounce-io-email-validator 5.71 Unauthenticated.Local.File.Inclusion CRITICAL" "debounce-io-email-validator 5.8.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator 5.6.6 Reflected.Cross-Site.Scripting MEDIUM" "duplicate-wp-page-post No.known.fix Authenticated.(Contributor+).SQL.Injection.via.meta_key.Parameter MEDIUM" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "display-remote-posts-block 1.1.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "designthemes-core-features No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "designthemes-core-features No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "designthemes-core-features 4.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.via.dt_process_imported_file HIGH" "dynamic-widgets 1.6.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "duplicate-theme No.known.fix CSRF MEDIUM" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "do-spaces-sync No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "daily-proverb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "darkmysite No.known.fix Cross-Site.Request.Forgery MEDIUM" "display-terms-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "designo No.known.fix Cross-Site.Request.Forgery MEDIUM" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dologin 3.7 IP.Spoofing MEDIUM" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "df-draggable No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "display-during-conditional-shortcode 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.message.Parameter MEDIUM" "dashboard-notepads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "distance-based-shipping-calculator 2.0.22 Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.24 Subscriber+.SQL.Injection HIGH" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "duoshuo No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "duoshuo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "display-product-variations-dropdown-on-shop-page No.known.fix Missing.Authorization MEDIUM" "donation-thermometer 2.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "disable-contect-editor-for-specific-template No.known.fix Cross-Site.Request.Forgery.to.Template.Configuration.Update MEDIUM" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "designthemes-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "draft-notify No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "duplicate-post 4.6 Contributor+.Arbitrary.Post.Duplication.and.Overwrite LOW" "duplicate-post 3.2.4 Admin+.Stored.XSS LOW" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "developer No.known.fix Cross-Site.Request.Forgery MEDIUM" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dbview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "directory-pro No.known.fix Missing.Authorization MEDIUM" "directory-pro No.known.fix Missing.Authorization MEDIUM" "directory-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "directory-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "doaj-export No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dsdownloadlist No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "dyapress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "download-panel No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Settings.Modification MEDIUM" "digitimber-cpanel-integration 1.4.8 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "drive-folder-embeder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tablecssclass.Parameter MEDIUM" "dn-cookie-notice No.known.fix Cross-Site.Request.Forgery MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "duplicate-title-checker No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "directorist No.known.fix Missing.Authorization MEDIUM" "directorist No.known.fix Unauthenticated.Open.Redirect MEDIUM" "directorist 8.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export.and.Slug.Update MEDIUM" "directorist 8.4.9 Authenticated.(Subscriber+).Arbitrary.File.Move HIGH" "directorist 8.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Publishing MEDIUM" "directorist 8.2 Privilege.Escalation.and.Account.Takeover HIGH" "directorist 8.1 Unauthenticated.User.Information.Exposure MEDIUM" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "dragon-calendar-free-version No.known.fix Cross-Site.Request.Forgery MEDIUM" "donate-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "donate-me No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "divi-builder 4.27.2 Contributor+.Stored.XSS MEDIUM" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "docspress 2.5.3 Missing.Authorization MEDIUM" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "debug-log-manager 2.3.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "designthemes-lms-addon No.known.fix Missing.Authorization MEDIUM" "disqus-popular-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ddirections No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "display-post-meta No.known.fix Display.Post.Meta.<=.2,4,4.-Reflected.Cross-Site.Scripting MEDIUM" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-comments-by-status No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "download-plugins-dashboard 1.9.7 Cross-Site.Request.Forgery.to.Bulk.Plugin/Theme.Archival MEDIUM" "download-plugins-dashboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "dealia-request-a-quote No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gutenberg.Block.Attributes MEDIUM" "dealia-request-a-quote 1.0.8 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Configuration.Reset MEDIUM" "delete-post-revision No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dokan-pro 4.2.0 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "dokan-pro 4.0.6 Authenticated.(Vendor+).Privilege.Escalation HIGH" "dokan-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "display-medium-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_medium_posts.Shortcode MEDIUM" "digiseller 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "docpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "doccheck-login 1.1.6 Unauthorized.Post.Access MEDIUM" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "dobsondev-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dam-spam 1.0.9 Cross-Site.Request.Forgery.to.Arbitrary.Pending.Comment.Deletion MEDIUM" "download-manager 3.3.50 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Enumeration.via.'user'.Parameter MEDIUM" "download-manager 3.3.47 Reflected.Cross-Site.Scripting.via.'redirect_to'.Parameter MEDIUM" "download-manager 3.3.41 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "download-manager 3.3.33 Missing.Authorization.to.Authenticated.(Subscriber+).Media.Attachment.Password.Disclosure MEDIUM" "download-manager 3.3.31 Unauthenticated.Cron.Trigger.due.to.Hardcoded.Cron.Key MEDIUM" "download-manager 3.3.33 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "download-manager 3.3.25 Cross-Site.Request.Forgery MEDIUM" "download-manager 3.3.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "download-manager 3.3.24 Reflected.Cross-Site.Scripting.via.'user_ids'.Parameter MEDIUM" "download-manager 3.3.19 Authenticated.(Author+).Stored.Cross-site.Scripting.via.wpdm_user_dashboard.Shortcode MEDIUM" "download-manager 3.3.13 Author+.Arbitrary.File.Deletion HIGH" "download-manager 3.3.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "download-manager 3.3.09 Authenticated.(Author+).Path.Traversal.to.Limited.File.Overwrite MEDIUM" "download-manager 3.3.07 Unauthenticated.Data.Exposure MEDIUM" "download-manager 3.3.04 Missing.Authorization MEDIUM" "download-manager 3.3.04 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "download-manager 3.3.04 Unauthenticated.Download.of.Password-Protected.Files MEDIUM" "download-manager 3.3.03 Admin+.Stored.XSS LOW" "download-manager 3.3.00 Contributor+.Stored.XSS LOW" "download-manager 3.2.99 Admin+.Stored.XSS LOW" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.51 Open.Redirect MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) HIGH" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "download-html-tinymce-button No.known.fix Reflected.XSS HIGH" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "dokan-lite 4.2.5 Insecure.Direct.Object.Reference.to.PayPal.Account.Takeover.and.Sensitive.Information.Disclosure HIGH" "dokan-lite 4.1.4 Shop.Manager+.Privilege.Escalation HIGH" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "dzs-ajaxer-lite-dynamic-page-load No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "dx-auto-save-images No.known.fix CSRF MEDIUM" "document-data-automation 1.6.2 Cross-Site.Request.Forgery MEDIUM" "dzs-enable-debug No.known.fix Cross-Site.Request.Forgery MEDIUM" "debrandify 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "dino-game 1.2.0 Contributor+.Stored.XSS MEDIUM" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "drozd-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-monitor 5.0.23 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "download-monitor 5.0.14 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "download-monitor 5.0.13 Missing.Authorization.to.API.Key.Manipulation MEDIUM" "download-monitor 5.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Shop.Enable MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "document-engine 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digital-lottery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "debug-tool No.known.fix Missing.Authorization MEDIUM" "debug-tool No.known.fix Unauthenticated.Arbitrary.File.Creation CRITICAL" "debug-tool No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "dd-post-carousel 1.4.12 Contributor+.Stored.XSS MEDIUM" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "devexhub-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dashi 3.1.9 Missing.Authorization MEDIUM" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "data-tables-generator-by-supsystic 1.10.46 Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "data-tables-generator-by-supsystic 1.10.37 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "doppler-form 2.6.0 Subscriber+.Limited.Plugin.Installation MEDIUM" "doppler-form 2.4.7 Missing.Authorization MEDIUM" "doppler-form 2.6.0 Stored.XSS.via.CSRF HIGH" "doppler-form 2.6.0 Contributor+.Stored.XSS MEDIUM" "dynamic-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "disable-right-click-powered-by-pixterme No.known.fix Supply.Chain.Compromise HIGH" "drag-and-drop-custom-sidebar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "disc-golf-manager No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon No.known.fix Drag&Drop.File.Uploader.Addon.<=.2.4.1.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "daily-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "dashboard-builder No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "demo-awesome No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Activation MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dynamic-text-field-for-contact-form-7 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "data-dash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "data-dash No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "dk-pdf 2.3.1 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "dk-pdf 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "document-library-lite 1.2.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "document-library-lite 1.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "document-library-lite 1.1.7 Sensitive.Information.Exposure MEDIUM" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "duplicate-post-and-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-post-and-page No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "dropdown-category-list No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.7 Unauthenticated.Arbitrary.File.Upload.via.upload.Function CRITICAL" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.5 Unauthenticated.Arbitrary.File.Move CRITICAL" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dynamic-post No.known.fix Subscriber+.Settings.Update MEDIUM" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "document No.known.fix Missing.Authorization MEDIUM" "doccure 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "depay-payments-for-woocommerce 2.12.18 Missing.Authorization.to.Information.Exposure MEDIUM" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "dzs-videogallery 12.40 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "dzs-videogallery 12.40 Reflected.Cross-Site.Scripting MEDIUM" "dzs-videogallery 12.40 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "dzs-videogallery 12.40 Unauthenticated.PHP.Object.Injection CRITICAL" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "drag-and-drop-file-upload-for-elementor-forms 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "drag-and-drop-file-upload-for-elementor-forms 1.5.0 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "download-plugin 2.2.9 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "download-plugin 2.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).User.Metadata.and.Comment.Download MEDIUM" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "dental-optimizer-patient-generator-app No.known.fix Reflected.XSS HIGH" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "dot-htmlphpxml-etc-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dot-htmlphpxml-etc-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-widgets 2.7 Backdoored MEDIUM" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "dr-flex 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dynamic-to-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dx-sales-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28..Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dropshipping-xox No.known.fix Admin+.Stored.XSS LOW" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "decorator-woocommerce-email-customizer 2.1.2 Missing.Authorization MEDIUM" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "direct-payments-wp No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "direct-payments-wp No.known.fix Missing.Authorization MEDIUM" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dollie 6.2.1 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "display-admin-page-on-frontend 1.22.8 Contributor+.Stored.XSS MEDIUM" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-counter 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.name.Parameter MEDIUM" "download-counter No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "designthemes-booking-manager No.known.fix Missing.Authorization MEDIUM" "display-template-name No.known.fix Cross-Site.Request.Forgery MEDIUM" "dooodl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "debtcom-business-in-a-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "donation-forms-by-givecloud 1.0.10 Contributor+.Stored.XSS MEDIUM" "directorist-social-login No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "dn-footer-contacts No.known.fix Cross-Site.Request.Forgery MEDIUM" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "da-reactions 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delele-all No.known.fix Missing.Authorization MEDIUM" "dethemekit-for-elementor No.known.fix Missing.Authorization MEDIUM" "dethemekit-for-elementor No.known.fix Missing.Authorization MEDIUM" "dethemekit-for-elementor 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "dethemekit-for-elementor 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "dc-woocommerce-multi-vendor 4.2.24 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Unauthenticated.Information.Exposure MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.23 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Deletion MEDIUM" "dc-woocommerce-multi-vendor 4.2.20 Missing.Authorization.to.Unauthenticated.Table.Rates.Deletion MEDIUM" "dc-woocommerce-multi-vendor 4.2.15 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "dc-woocommerce-multi-vendor 4.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Cross-Site.Request.Forgery.to.Vendor.Updates MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Missing.Authorization.to.Forged.Vendor.Profile.Deletion.Email.Sending MEDIUM" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "date-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "developer-toolbar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devnex-addons-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "devnex-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "daggerhart-openid-connect-generic 3.10.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "demo-import-kit No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "designthemes-portfolio-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "database-sync No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "dn-shipping-by-weight 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "dn-shipping-by-weight 1.2 Settings.Update.via.CSRF MEDIUM" "disable-admin-notices 1.4.3 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "disable-admin-notices 1.4.1 Cross-Site.Request.Forgery MEDIUM" "displayproduct No.known.fix Unauthenticated.SQL.Injection HIGH" "dpepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "db-tables-importexport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dvk-social-sharing 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "debug-log-viewer 2.0.4 Missing.Authorization MEDIUM" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "dominion-domain-checker-wpbakery-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "doubledome-resource-link-library 1.6 Cross-Site.Request.Forgery.to.Multiple.Administrative.Actions MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "doliconnect 9.6.2 Cross-Site.Request.Forgery MEDIUM" "doliconnect 9.4.2 Reflected.Cross-Site.Scripting MEDIUM" "doubly 1.0.47 Authenticated.(Subscriber+).PHP.Object.Injection.via.ZIP.File.Import HIGH" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "easy-plugin-stats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-table-of-contents 2.0.79 Contributor+.Stored.XSS MEDIUM" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-school-registration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-form-under-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-property-listings-xml-csv-import 2.2.2 Cross-Site.Request.Forgery MEDIUM" "easy-contact No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "epic-bootstrap-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.icol.Parameter MEDIUM" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "embedded-cdn 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-newsletter No.known.fix SQL.Injection CRITICAL" "easycommerce 1.8.3 1.8.2.-.Unauthenticated.Privilege.Escalation CRITICAL" "ehive-objects-image-grid 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-database-based-actions No.known.fix Authenticated.(Subscriber+).Authentication.Bypass HIGH" "ebecas No.known.fix Admin+.Stored.XSS LOW" "easy-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exertio-framework No.known.fix Subscriber+.SQL.Injection HIGH" "exertio-framework 1.3.2 Unauthenticated.Arbitrary.User.Password.Update HIGH" "email-customizer-for-woocommerce-with-drag-drop-builder No.known.fix WooCommerce.Email.Customizer.<=.3.0.34.-.Authenticated.(Subscriber+).Missing.Authorization.to.SQL.Injection MEDIUM" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easysnippet No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "enable-accessibility No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-accessibility 1.4.1 CSRF MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "express-pay 1.1.9 Unauthenticated.SQL.Injection.via.type_id HIGH" "elementskit-lite 3.7.9 Missing.Authorization MEDIUM" "elementskit-lite 3.5.3 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.5.3 Contributor+.Stored.XSS.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.4.8 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.4.1 Unauthenticated.Information.Exposure MEDIUM" "elementskit-lite 3.4.1 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "embed-documents-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "easy-shortcode-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-lottie-player 1.2.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "evergreen-post-tweeter No.known.fix Cross-Site.Request.Forgery MEDIUM" "easyevent No.known.fix Admin+.Stored.XSS LOW" "elite-notification 2.0.0 Subscriber+.Stored.XSS MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-pdf-restaurant-menu-upload 2.0.3 Cross-Site.Request.Forgery.to.Menu.Upload MEDIUM" "easy-pdf-restaurant-menu-upload 2.0.2 Authenticated.(Contributot+).Stored.Cross-Site.Scripting.via.'nsc_eprm_menu_link'.Shortcode MEDIUM" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "exhibit-to-wp-gallery No.known.fix Reflected.XSS HIGH" "ebook-store 5.8014 Cross-Site.Request.Forgery MEDIUM" "ebook-store 5.8015 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "ebook-store 5.8013 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ebook-store 5.8013 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Order.Details MEDIUM" "ebook-store 5.8009 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ebook-store 5.8010 Contributor+.Stored.XSS MEDIUM" "ebook-store 5.8002 Reflected.Cross-Site.Scripting MEDIUM" "ebook-store 5.8002 Reflected.Cross-Site.Scripting.via.'step' MEDIUM" "ebook-store 5.8002 Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "ebook-store 5.78 Admin+.Stored.XSS LOW" "elex-woocommerce-google-product-feed-plugin-basic 1.4.4 Authenticated.(Admin+).SQL.Inejction MEDIUM" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "explara-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "easy-media-download 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "element-camp No.known.fix Authenticated.(Author+).SQL.Injection.via.'meta_query[compare]'.Parameter MEDIUM" "element-camp 2.3.6 Missing.Authorization MEDIUM" "enhanced-blocks No.known.fix Missing.Authorization MEDIUM" "evenium No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emailpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-carousel-slider-for-elementor No.known.fix Missing.Authorization MEDIUM" "easy-property-listings 3.5.21 Missing.Authorization MEDIUM" "easy-property-listings No.known.fix Missing.Authorization MEDIUM" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.5.4 Admin+.Stored.XSS LOW" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "evangtermine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elex-request-a-quote No.known.fix Missing.Authorization MEDIUM" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-tiktok-feed 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ergonet-varnish-cache No.known.fix Missing.Authorization MEDIUM" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-liveblogs 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "external-login No.known.fix Unauthenticated.SQL.Injection.via.log HIGH" "external-login No.known.fix Authenticated.(Subscriber+).Sensitive.Data.Exposure.via.Test.Connection MEDIUM" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "export-customers-data 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "elegant-visitor-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "elastik-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-amazon-product-information No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "easy-image-gallery 1.5.3 Contributor+.Stored.XSS MEDIUM" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-code-placement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eveeno 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "email-address-obfuscation 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "exact-links No.known.fix Unauthenticated.SQL.Injection CRITICAL" "exact-links No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Link.Manipulation MEDIUM" "exact-links No.known.fix Missing.Authorization MEDIUM" "exact-links No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "exact-links No.known.fix Unauthenticated.SQL.Injection HIGH" "exact-links No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "eri-file-library 1.1.1 Missing.Authorization.to.Unauthenticated.Protected.File.Download MEDIUM" "events-manager 7.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events_list_grouped'.Shortcode MEDIUM" "events-manager 7.2.2.3 Cross-Site.Request.Forgery.to.Location.Deletion MEDIUM" "events-manager 7.2.2.3 Unauthenticated.Information.Exposure MEDIUM" "events-manager 7.0.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Plugin.Shortcodes MEDIUM" "events-manager 7.0.4 Unauthenticated.SQL.Injection.via.'orderby'.Parameter HIGH" "events-manager 7.0.4 Reflected.Cross-Site.Scripting.via.'calendar_header'.Parameter MEDIUM" "events-manager 6.6.4.2 Missing.Authorization MEDIUM" "events-manager 6.6.4 Unauthenticated.SQL.Injection.via.Event.Status.Parameter HIGH" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "embed-chessboard No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "ebook-download 1.2 Directory.Traversal HIGH" "easy-svg-upload No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "easy-elementor-addons 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "easy-elementor-addons 2.2.8 Missing.Authorization MEDIUM" "easy-elementor-addons 2.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.27 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.24 Authenticated.(Administrator+).SQL.Injection MEDIUM" "email-subscribe 1.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.print_email_subscribe_form.Shortcode MEDIUM" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "ebook-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Unauthenticated.SQL.Injection HIGH" "emc2-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-pricing-table-wp No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "endomondowp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "elemenda No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "esign-genie-for-wp No.known.fix Authenticated.(Admin+).Information.Exposure LOW" "euro-fxref-currency-converter 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.currency.Shortcode MEDIUM" "easy-tynt No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envolve-plugin 1.1.0 Unauthenticated.Arbitrary.File.Upload.via.language_file.and.fonts_file CRITICAL" "envolve-plugin 1.1.0 Unauthenticated.Language.File.Deletion MEDIUM" "essential-blocks 5.7.3 Missing.Authorization.To.Authenticated.(Author+).Information.Disclosure MEDIUM" "essential-blocks 5.7.2 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "essential-blocks 5.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Slider.and.Post.Carousel.Widgets MEDIUM" "essential-blocks 5.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 5.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.8.4 Missing.Authorization MEDIUM" "essential-blocks 5.1.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "everest-forms-frontend-listing No.known.fix Frontend.Listing.<=.1.0.5.-.Unauthenticated.PHP.Object.Injection HIGH" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-accordion-block 1.2.5 Missing.Authorization MEDIUM" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "emi-calculator No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "elex-product-feed 3.1.3 Admin+.SQL.Injection MEDIUM" "editorial-calendar 3.8.9 Missing.Authorization MEDIUM" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "employee-spotlight 5.1.4 Missing.Authorization.to.Authenticated.(Subscriber+).Tracking.Opt-In/Opt-Out.Modification MEDIUM" "employee-spotlight 5.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "employee-spotlight 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "employee-spotlight 5.1.2 Unauthenticated.PHP.Object.Injection HIGH" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "event-monster 1.4.4 Information.Exposure.Via.Visitors.List.Export MEDIUM" "event-monster 1.4.4 Unauthenticated.Information.Exposure MEDIUM" "event-monster 1.4.0 Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster 2.0.0 Admin+.Stored.XSS LOW" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "entry-views No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-custom-admin-bar No.known.fix Reflected.Cross-Site.Scripting.via.msg.Parameter MEDIUM" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "exclusive-addons-for-elementor 2.7.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown MEDIUM" "exclusive-addons-for-elementor 2.7.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.7.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.and.Image.Comparison.Widgets MEDIUM" "exclusive-addons-for-elementor 2.7.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "exclusive-addons-for-elementor 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "events-for-geodirectory 2.3.15 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "effect-maker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "effect-maker No.known.fix Missing.Authorization MEDIUM" "esselinknu-settings No.known.fix Cross-Site.Request.Forgery MEDIUM" "earnware-connect 1.0.75 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-post 5.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.events_cal.Shortcode MEDIUM" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post 5.9.11 Post.Metadata.Update.via.CSRF MEDIUM" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "emails-catch-all 3.5.4 Authenticated.(Subscriber+).Information.Exposure.to.Password.Reset.and.Privilege.Escalation HIGH" "easy-broken-link-checker No.known.fix Admin+.Stored.XSS LOW" "easy-broken-link-checker No.known.fix Bulk.Actions.via.CSRF MEDIUM" "easy-broken-link-checker No.known.fix Reflected.XSS HIGH" "easy-broken-link-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-php-settings 1.0.5 Authenticated.(Administrator+).PHP.Code.Injection.via.'wp_memory_limit'.Setting HIGH" "easy-stripe 1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "event-organiser No.known.fix Missing.Authorization MEDIUM" "esri-map-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.esri-map-view.Shortcode MEDIUM" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-voice-mail 1.2.6 Unauthenticated.Stored.Cross-Site.Scripting.via.'message' MEDIUM" "easy-replace-image 3.5.3 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Attachment.Replacement MEDIUM" "easy-replace-image 3.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "electrician No.known.fix Electrical.Service.WordPress.<=.5.6.-.Unauthenticated.Server-Side.Request.Forgery MEDIUM" "easy-eu-cookie-law No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "easy-bet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enquiry-quotation-for-woocommerce 2.2.33.34 Authenticated.(Author+).PHP.Object.Injection.in.enquiry_detail.php HIGH" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "easy-menu-manager-wpzest No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "epicwin-subscribers No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "easy-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "event-countdown-timer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "emails-verification-for-woocommerce 2.9.5 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "emails-verification-for-woocommerce 2.9.6 Authentication.Bypass.via.Shortcode HIGH" "emails-verification-for-woocommerce 2.9.0 Unauthenticated.SQL.Injection HIGH" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "embedder No.known.fix 1.3.5.-.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "estatik-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik-mortgage-calculator 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "easy-facebook-likebox-premium No.known.fix Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "education-addon No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.naedu_elementor_template.Shortcode MEDIUM" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "extendons-eo-wooimport-export 2.0.7 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "esb-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-query No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "extra-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-markdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emerce-core No.known.fix Unauthenticated.SQL.Injection HIGH" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "eelv-redirection 1.5.1 Cross-Site.Request.Forgery.to.Arbitrary.Site.Redirect MEDIUM" "events-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "envato-affiliater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.5 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.3 Authenticated.(Subscriber+).Sensitive.Information.Disclosure MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "enteraddons 2.3.3 Cross-Site.Request.Forgery MEDIUM" "enteraddons 2.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.Image.Comparison.Widgets MEDIUM" "enteraddons 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.2.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons 2.2.0 Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "easy-popups 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "e-xact-hosted-payment No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "elfsight-telegram-chat-cc No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-theme-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-theme-options No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Settings.Import MEDIUM" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "empik-for-woocommerce 1.4.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "email-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "easy-sticky-sidebar No.known.fix Missing.Authorization MEDIUM" "easy-sticky-sidebar 1.7.1 Missing.Authorization.to.Unauthenticated.Sticky.Status.Update MEDIUM" "easy-sticky-sidebar 1.7.1 Cross-Site.Request.Forgery MEDIUM" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "endless-posts-navigation 2.2.8 Cross-Site.Request.Forgery MEDIUM" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "embedpress 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'provider_name' MEDIUM" "embedpress 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "evergreen-content-poster 1.4.6 Cross-Site.Request.Forgery MEDIUM" "evergreen-content-poster 1.4.6 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "easy-elements-hider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic 1.5.0 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic 1.5.0 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic 1.5.0 Shop.manager+.SQL.Injection MEDIUM" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "easy-post-submission No.known.fix Missing.Authorization MEDIUM" "easy-post-submission 2.0.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "editor-custom-color-palette No.known.fix Missing.Authorization LOW" "editor-custom-color-palette 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "email-on-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.2.7.0 Missing.Authorization MEDIUM" "eventprime-event-calendar-management 4.2.8.4 Unauthenticated.Information.Exposure MEDIUM" "eventprime-event-calendar-management 4.2.8.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Event.Modification.via.'event_id'.Parameter MEDIUM" "eventprime-event-calendar-management 4.2.8.5 Missing.Authorization.to.Unauthenticated.Image.Upload.via.'ep_upload_file_media'.AJAX.Endpoint MEDIUM" "eventprime-event-calendar-management 4.2.8.1 Missing.Authorization MEDIUM" "eventprime-event-calendar-management 4.2.8.0 Events.Calendar,.Bookings.and.Tickets.<.4.2.8.0.-.Unauthenticated.Sensitive.Information.Exposure.via.REST.API MEDIUM" "eventprime-event-calendar-management 4.2.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Booking.Note.Creation MEDIUM" "eventprime-event-calendar-management 4.2.5.0 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "eventprime-event-calendar-management 4.2.5.0 Missing.Authorization MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Attendees.Export MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Ticket.Category.and.Ticket.Type.Name HIGH" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Transaction.Log MEDIUM" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.4.6 Open.Redirect MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.5.0 .Subscriber+.Arbitrary.booking.settings.update MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "easy-form-builder 3.9.4 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Form.Response.Data.Exposure MEDIUM" "easy-form-builder 4.0.0 Missing.Authorization MEDIUM" "easy-form-builder 3.8.21 Missing.Authorization MEDIUM" "easy-form-builder 3.8.16 Unauthenticated.SQL.Injection HIGH" "easy-form-builder 3.8.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "epermissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-video-for-everybody No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-customizer-for-woocommerce 2.6.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Email.Template.Content MEDIUM" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "eltdf-membership 1.3 Authentication.Bypass.via.Social.Login CRITICAL" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "ebay-feeds-for-wordpress 3.4.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ebay-feeds-for-wordpress 3.4.9 Authenticated.(Contributor+).Server.Side.Request.Forgery MEDIUM" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "eucookielaw 2.7.3 Unauthenticated.Arbitrary.File.Read MEDIUM" "easy-invoice 2.1.5 Authenticated.(Administrator+).Local.File.Inclusion MEDIUM" "easy-invoice 2.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "event-notifier 1.2.1 XSS MEDIUM" "e-shops-cart2 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "e-shops-cart2 No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ecpay-ecommerce-for-woocommerce 1.1.2502030 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-media-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-social-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-suscripcion No.known.fix Unauthenticated.SQL.Injection HIGH" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exchange-rates 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exchange-rates 1.2.3 Missing.Authorization MEDIUM" "extensions-leaflet-map 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-leaflet-map 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "embedder-for-google-reviews 1.7.4 Missing.Authorization MEDIUM" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "erima-zarinpal-donate No.known.fix Cross-Site.Request.Forgery MEDIUM" "external-image-replace No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "external-image-replace No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "enhanced-tooltipglossary 4.3.12 Reflected.XSS HIGH" "enhanced-tooltipglossary 4.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.4 Admin+.Stored.XSS LOW" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "embed-google-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ec-stars-rating No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "e-boekhoudennl-connector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elementary-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easyindex No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-blocks-pro No.known.fix Missing.Authorization HIGH" "enable-shortcodes-inside-widgetscomments-and-experts No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "enable-svg-webp-ico-upload 1.1.4 Authenticated.(Author+).Arbitrary.File.Upload.via.ICO.Upload.Bypass HIGH" "enable-svg-webp-ico-upload 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Uploads MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Arbitrary.File.Upload HIGH" "enable-svg-webp-ico-upload 1.0.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "easy-automatic-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "essential-wp-real-estate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-wp-real-estate No.known.fix Reflected.XSS HIGH" "essential-wp-real-estate No.known.fix Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "easy-paypal-events-tickets 1.3 Cross-Site.Request.Forgery MEDIUM" "easy-paypal-events-tickets 1.2.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "et-core-plugin 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "et-core-plugin 5.6 Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "explara-membership No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elastic-theme-editor No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "echbay-admin-security 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "email-subscription-with-secure-captcha 1.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "email-subscription-with-secure-captcha 1.3.1 Cross-Site.Request.Forgery.to.Arbitrary.Subscriber.Deletion MEDIUM" "email-subscription-with-secure-captcha 1.3.1 Authenticated.(Admin+).SQL.Injection.via.uid MEDIUM" "evernote-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exitintentpopup 1.0.3 Unauthenticated.Server-Side.Request.Forgery HIGH" "everest-forms-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "everest-forms-pro 1.9.8 Unauthenticated.PHP.Object.Injection.via.PHAR.Deserialization.in.Form.Signature MEDIUM" "everest-forms-pro 1.9.5 Unauthenticated.Arbitrary.File.Deletion.via.Path.Traversal HIGH" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "export-wp-page-to-static-html 5.0.0 Unauthenticated.Cookie.Exposure.via.Log.File CRITICAL" "export-wp-page-to-static-html 4.2.0 Missing.Authorization MEDIUM" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "easy-language-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "elizaibot-chatbots No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-github-gist-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'id'.Shortcode.Attribute MEDIUM" "embed-rentle 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emailkit 1.6.4 Authenticated.(Administrator+).Path.Traversal.via.'emailkit-editor-template'.REST.API.Parameter MEDIUM" "emailkit 1.6.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Title.Modification MEDIUM" "emailkit 1.6.2 Authenticated.(Author+).Arbitrary.File.Read.via.Path.Traversal MEDIUM" "emailkit 1.6.1 Missing.Authorization.to.Authenticated.(Author+).Arbitrary.Content.Deletion MEDIUM" "embed-and-integrate-etsy-shop No.known.fix Missing.Authorization MEDIUM" "easy-tweet-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "estonian-shipping-methods-for-woocommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "etsy-importer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "epaybg-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "easy-author-image No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Picture.URL MEDIUM" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "edoc-easy-tables No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-testimonial-rotator 1.0.3 Authenticated.(Admin+).SQL.injection MEDIUM" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "extensions-for-cf7 3.4.1 Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "extensions-for-cf7 3.2.9 Unauthenticated.Arbitrary.File.Deletion.Triggered.via.Admin.Form.Submission.Deletion HIGH" "extensions-for-cf7 3.2.1 Authenticated.(Admin+).Sever-Side.Request.Forgery LOW" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "external-rss-reader No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "external-rss-reader No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "external-rss-reader No.known.fix Cross-Site.Request.Forgery.to.RSS.Feed.Deletion MEDIUM" "event-registration-calendar-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emailshroud No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "eewee-admincustom No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "eewee-admincustom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-pdf-wpforms 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easyme-connect No.known.fix Cross-Site.Request.Forgery MEDIUM" "elementor-pro 3.29.1 Contributor+.Stored.XSS MEDIUM" "elementor-pro 3.29.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.25.11 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "events-calendar-for-google 3.0.0 Contributor+.Local.File.Inclusion HIGH" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-twitter-feeds No.known.fix Authenticated.(Contributor+).Post.Exposure MEDIUM" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "employee-staff-directory 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'form_title'.Shortcode.Attribute MEDIUM" "elements-plus 2.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "eexamhall No.known.fix CSRF MEDIUM" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "external-media No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "electric-studio-download-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Settings.Parameters MEDIUM" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "elisqlreports 5.25.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SQLREPORT.Shortcode MEDIUM" "elisqlreports 5.25.10 Cross-Site.Request.Forgery MEDIUM" "elisqlreports 5.25.10 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "elisqlreports 5.25.10 5.25.08.-.Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "elisqlreports 5.25.08 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extender-all-in-one-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ehive-search 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "error-log-viewer-wp No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "error-log-viewer-wp 1.0.4 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "envo-extra 1.9.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.9.10 Missing.Authorization MEDIUM" "envo-extra 1.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "expand-maker 3.5.6 Missing.Authorization MEDIUM" "expand-maker 3.4.8 Local.File.Inclusion.via.CSRF HIGH" "expand-maker 3.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.'Read.More'.Post.Deletion MEDIUM" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "elex-reachship-multi-carrier-conditional-shipping 4.3.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "elementinvader-addons-for-elementor 1.4.2 Missing.Authorization MEDIUM" "elementinvader-addons-for-elementor 1.4.1 Elementinvader.Addons.for.Elementor.<.1,4,1..Unauthenticated.Arbitrary.Email.Sending MEDIUM" "elementinvader-addons-for-elementor 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization MEDIUM" "elementinvader-addons-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization.to.Arbitrary.Options.Read MEDIUM" "elementinvader-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementinvader-addons-for-elementor 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor 3.33.4 Contributor+.Stored.DOM-Based.XSS.via.Text.Path MEDIUM" "elementor 3.33.1 Missing.Authorization MEDIUM" "elementor 3.30.3 Admin+.Arbitrary.File.Read.via.Image.Import MEDIUM" "elementor 3.30.3 Contributor+.Stored.XSS.via.Text.Path.Widget MEDIUM" "elementor 3.29.1 Contributor+.Stored.XSS MEDIUM" "elementor 3.29.1 Contributor+.Stored.XSS MEDIUM" "elementor 3.25.11 Contributor+.Stored.XSS MEDIUM" "elementor 3.27.5 Contributor+.Stored.XSS MEDIUM" "elementor 3.25.10 Contributor+.Stored.XSS.via.Typography.Settings MEDIUM" "elementor 3.25.8 Contributor+.Stored.XSS MEDIUM" "elementor 3.24.6 Contributor+.Information.Exposure.via.get_image_alt LOW" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "emma-emarketing-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "error-notification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.height.and.width.Parameters MEDIUM" "easy-post-to-post-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "envato-elements 2.0.15 Author+.Server-Side.Request.Forgery MEDIUM" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "eventin-pro 4.0.25 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "eventin-pro 4.0.25 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-social-share-buttons3 10.7.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "editor-wysiwyg-background-color No.known.fix Missing.Authorization MEDIUM" "easy-charts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ekiline-block-collection 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "export-import-menus 1.9.2 Missing.Authorization.to.Unauthenticated.Menu.Export MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-paypal-donation 1.5.3 Unauthenticated.Open.Redirect MEDIUM" "easy-paypal-donation 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.4.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "elex-helpdesk-customer-support-ticket-system 3.3.6 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.6 Missing.Authorization MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "elex-helpdesk-customer-support-ticket-system 3.3.3 Authenticated.(Contributor+).Privilege.Escalation.via.eh_crm_edit_agent.AJAX.Action MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "elex-helpdesk-customer-support-ticket-system 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Ticket.Restore MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Trash.Empty MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Trash.Restore MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.1 Missing.Authorization.to.Authenitcated.(Subscriber+).to.Scheduled.Trigger.Deletion MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference.via.'eh_crm_ticket_single_view_client' MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Role.Removal MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.3.0 Subscriber+.Arbitrary.File.Upload HIGH" "elex-helpdesk-customer-support-ticket-system 3.2.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "elo-rating-shortcode 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "export-all-post-meta No.known.fix Missing.Authorization MEDIUM" "eventlist 2.0.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "eventlist 2.0.2 Unauthenticated.Local.File.Inclusion HIGH" "export-media-urls 2.3 Reflected.Cross-Site.Scripting MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "edukart-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-site-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "easync-booking 1.3.22 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "easync-booking 1.3.21 Missing.Authorization MEDIUM" "easync-booking 1.3.15 Subscriber+.PayPal.Settings.Update MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eelv-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eelv-newsletter No.known.fix Cross-Site.Request.Forgery MEDIUM" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "event-tickets-with-ticket-scanner 2.8.6 Unauthenticated.Remote.Code.Execution CRITICAL" "event-tickets-with-ticket-scanner 2.5.4 Arbitrary.Tickets.Deletion.via.CSRF MEDIUM" "event-tickets-with-ticket-scanner 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.12 Authenticated.(Author+).Remote.Code.Execution HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "email-obfuscate-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ean-for-woocommerce 5.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ean-for-woocommerce 5.4.0 Missing.Authorization MEDIUM" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "ecommerce-product-catalog 3.4.4 Authenticated.(Orders.manager+).PHP.Object.Injection MEDIUM" "ecommerce-product-catalog 3.3.44 Cross-Site.Request.Forgery.to.Password.Reset HIGH" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ezyonlinebookings-online-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.12.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.'justified_gallery_theme'.Parameter.via.REST.API MEDIUM" "envira-gallery-lite 1.12.1 Missing.Authorization.to.Authenticated.(Author+).Multiple.Gallery.Actions MEDIUM" "envira-gallery-lite 1.12.0 Missing.Authorization.to.Authenticated.(Contributor+).Gallery.Conversion MEDIUM" "envira-gallery-lite 1.8.16 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "event-feed-for-eventbrite 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-hotel No.known.fix Missing.Authorization MEDIUM" "easy-hotel No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.6.3 Unvalidated.Redirect MEDIUM" "easy-digital-downloads 3.5.3 Insufficient.Verification.to.Order.Manipulation MEDIUM" "easy-digital-downloads 3.5.1 Cross-Site.Request.Forgery.to.Plugin.Deactivation.via.edd_sendwp_disconnect.and.edd_sendwp_remote_install.Functions MEDIUM" "easy-digital-downloads 3.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.edd_receipt.Shortcode MEDIUM" "easy-digital-downloads 3.3.7 Unauthenticated.Private.Post.Title.Disclosure MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Title MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "easy-digital-downloads 3.3.5 3.3.4.-.Improper.Authorization.to.Paywall.Bypass LOW" "easy-digital-downloads 3.3.4 Authenticated.(Admin+).PHAR.Deserialization HIGH" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "enable-media-replace 4.1.8 Author+.Arbitrary.Attachment.Change.via.Background.Replace LOW" "enable-media-replace 4.1.7 Contributor+.Stored.XSS MEDIUM" "enable-media-replace 4.1.6 Reflected.XSS HIGH" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "easy-upload-files-during-checkout 3.0.1 Missing.Authorization MEDIUM" "easy-upload-files-during-checkout 2.9.9 Unauthenticated.Arbitrary.JavaScript.File.Upload CRITICAL" "easy-filtering No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-real-estate 2.3.0 Privilege.Escalation CRITICAL" "easy-real-estate 2.3.0 Unauthenticated.Privilege.Escalation CRITICAL" "easy-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "events-calendar No.known.fix Admin+.Stored.XSS LOW" "expresstechsoftwares-memberpress-discord-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "expresstechsoftwares-memberpress-discord-add-on 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "eagle-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "eagle-booking No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "eagle-booking No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "eventon-lite 2.4.8 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "eventon-lite 2.4.5 Missing.Authorization MEDIUM" "eventon-lite 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "eventon-lite 2.4.1 Unauthenticated.Local.File.Inclusion CRITICAL" "eventon-lite 2.4.2 Contributor+.Local.File.Inclusion HIGH" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "easy-booked 2.4.6 Cross-Site.Request.Forgery MEDIUM" "extra-post-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "events-manager-pro-extended No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "easy-waveform-player 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-videos No.known.fix Admin+.Stored.XSS LOW" "embed-any-document 2.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-any-document 2.7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-any-document 2.7.6 Contributor+.Blind.SSRF MEDIUM" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-download-media-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "everest-backup No.known.fix Cross-Site.Request.Forgery MEDIUM" "everest-backup 2.3.9 Missing.Authorization.to.Unauthenticated.Backup.Failure MEDIUM" "everest-backup 2.3.6 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "everest-backup 2.3.9 Missing.Authorization MEDIUM" "everest-backup 2.3.4 Cross-Site.Request.Forgery MEDIUM" "everest-backup 2.2.14 Unauthenticated.Backup.Download HIGH" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "embed-twine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "easy-code-manager 10.51 Cross-Site.Request.Forgery MEDIUM" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "exit-notifier 1.10.6 Reflected.Cross-Site.Scripting MEDIUM" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "epoll-wp-voting 3.5 Subscriber+.Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "experto-cta-widget 1.2.1 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "emu2-email-users-2 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Typewriter.and.Countdown.Widgets MEDIUM" "events-addon-for-elementor 2.2.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "events-addon-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 2.2.1 Contributor+.Stored.XSS MEDIUM" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-template-customizer-for-woo 1.2.18 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "email-template-customizer-for-woo 1.2.9.2 Shop.manager+.Stored.XSS LOW" "elfsight-contact-form No.known.fix Unauthenticated.Information.Exposure MEDIUM" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "eduadmin-booking 5.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "event-tickets 5.26.6 Unauthenticated.Ticket.Payment.Bypass HIGH" "event-tickets 5.26.4 Missing.Authorization MEDIUM" "event-tickets 5.20.1 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.19.1.2 Missing.Authorization.to.Ticket.Deletion MEDIUM" "event-tickets 5.18.1.1 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "ez-form-calculator-premium No.known.fix WordPress.plugin.<=.2.14.1.2.-.Reflected.Cross-Site.Scripting MEDIUM" "ec-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eupago-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-fancybox 2.3.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-fancybox 2.3.16 Contributor+.Stored.XSS MEDIUM" "easy-fancybox 2.3.15 Contributor+.Stored.XSS MEDIUM" "easy-fancybox 2.3.4 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-fancybox 2.3.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ect-product-carousel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "exam-matrix No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "elastic-email-sender 1.2.21 Missing.Authorization MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "extendons-registration-fields No.known.fix Custom.Signup.Fields.<=.3.2.3.-.Reflected.Cross-Site.Scripting MEDIUM" "extendons-registration-fields No.known.fix Custom.Signup.Fields.<=.3.2.3.-.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "events-listing-widget 1.3.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Event.URL.Field MEDIUM" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-faqs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "exclusive-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extended-widget-options 5.2.2 Extended.<.5.2.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "enable-wp-debug-toggle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-widgets 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "essential-widgets 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "easyfonts 1.1.3 Cross-Site.Request.Forgery MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "elfsight-testimonials-slider No.known.fix Missing.Authorization MEDIUM" "elfsight-testimonials-slider No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "elfsight-testimonials-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "easy-page-transition No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-csv-importer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "external-featured-image-from-bing No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "easy-taxonomy-images No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "email-subscribers 5.9.17 Authenticated.(Administrator+).SQL.Injection.via.'workflow_ids'.Parameter MEDIUM" "email-subscribers 5.9.11 Unauthenticated.Action.Scheduler.Task.Execution MEDIUM" "email-subscribers 5.9.11 Unauthenticated.Mailing.Queue.Trigger MEDIUM" "email-subscribers 5.9.11 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "email-subscribers 5.7.50 Admin+.Stored.XSS.in.Template LOW" "email-subscribers 5.7.52 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.44 Admin+.SQL.Injection MEDIUM" "email-subscribers 5.7.35 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "email-subscribers 5.7.35 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "email-keep No.known.fix Email.Deletion.via.CSRF MEDIUM" "email-keep No.known.fix Reflected.XSS HIGH" "embed-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-form 2.7.9 Missing.Authorization MEDIUM" "easy-form 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "electric-enquiries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'button'.Shortcode.Attribute MEDIUM" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-notify-lite 1.1.39 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Settings.Reset MEDIUM" "easy-notify-lite 1.1.37 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-notify-lite 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fontFamily.Attribute MEDIUM" "easy-pricing-tables 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "enhanced-bibliplug No.known.fix Authenticated.(Contirbutor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "event-calendars No.known.fix Unauthenticated.Arbitrary.Calendar.Deletion MEDIUM" "event-espresso-decaf 5.0.53.decaf Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "event-espresso-decaf 5.0.31.decaf Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "easy-child-theme-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "edd-google-sheet-connector-pro 1.4 Access.Code.Update.via.CSRF MEDIUM" "etsy-shop 3.0.7 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-woocommerce-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ecab-taxi-booking-manager 1.3.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "ecab-taxi-booking-manager 1.2.2 Missing.Authorization MEDIUM" "ecab-taxi-booking-manager 1.1.9 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "essential-real-estate No.known.fix Missing.Authorization MEDIUM" "essential-real-estate No.known.fix Authenticated.(ERE.Customer+).Insecure.Direct.Object.Reference MEDIUM" "essential-real-estate No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "essential-real-estate 5.2.1 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-real-estate 5.1.9 Cross-Site.Request.Forgery MEDIUM" "essential-real-estate 5.1.7 Missing.Authorization.to.Authenticated.(Contributor+).Information.Exposure MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "ect-homepage-products No.known.fix Reflected.XSS HIGH" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.8 Missing.Authorization MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "e-mailit No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "emarksheet 5.4.4 Reflected.Cross-Site.Scripting HIGH" "eprolo-dropshipping 2.4.0 Missing.Authorization.to.Authenticated.(Subscriber+).Tracking.Data.Modification MEDIUM" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "enhanced-paypal-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-post-duplicator No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "easy-post-duplicator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "easy-modal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "eds-responsive-menu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eds-responsive-menu No.known.fix Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "eds-responsive-menu No.known.fix Missing.Authorization MEDIUM" "easy-jump-links-menus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "einvoiceapp-malaysia No.known.fix Unauthenticated.Information.Exposure MEDIUM" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "enigma-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader 1.2.5 Missing.Authorization MEDIUM" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.SQL.Injection HIGH" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "excel-like-price-change-for-woocommerce-and-wp-e-commerce-light No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ekc-tournament-manager 2.2.2 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ekc-tournament-manager 2.2.2 Admin+.Arbitrary.File.Download LOW" "ekc-tournament-manager 2.2.2 Create.Tournaments/Teams.via.CSRF MEDIUM" "ekc-tournament-manager 2.2.2 Delete.Tournaments.via.CSRF MEDIUM" "ethereumico 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ethereum-ico.Shortcode MEDIUM" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-rss No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "easy-post-types No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "extensions-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor No.known.fix Reflected.Cross-Site.Scripting HIGH" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "error-log-viewer 1.1.7 Authenticated.(Administrator+).Arbitrary.File.Read MEDIUM" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "elink-embed-content No.known.fix Contributor+.Arbitrary.Redirect MEDIUM" "ep4-more-embeds No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "e2pdf 1.28.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ele-blog No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ele-blog No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Submission MEDIUM" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-code-snippets No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "easy-code-snippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elastic-email-subscribe-form No.known.fix Missing.Authorization MEDIUM" "elegance-menu 1.9.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "err-our-team No.known.fix Authenticated.(Contributor+).Arbitrary.Function.Call MEDIUM" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-social-sharebar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "esv-bible-shortcode-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ezplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eg-series No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "extra-privacy-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eazydocs 2.7.2 Missing.Authorization MEDIUM" "eazydocs 2.8.1 Contributor+.Local.File.Inclusion HIGH" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "export-users No.known.fix CSV.Injection MEDIUM" "eu-vat-for-woocommerce 2.12.14 Missing.Authorization MEDIUM" "eu-vat-for-woocommerce 2.12.14 Reflected.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 3.0.0 Reflected.Cross-Site.Scripting HIGH" "embed-power-bi-reports 1.2.1 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "embed-power-bi-reports 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "easy-youtube-gallery 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "eventbee-ticketing-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.6.3 Cross-Site.Request.Forgery MEDIUM" "element-ready-lite 6.4.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "element-ready-lite 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "element-ready-lite 6.4.3 .Open.Redirect MEDIUM" "element-ready-lite 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elevio No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "empty-tags-remover 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "elementskit 3.7.9 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "easy-timer 4.2.2 Authenticated.(Editor+).Remote.Code.Execution.via.Shortcode HIGH" "erocket 1.2.5 Admin+.Stored.XSS LOW" "email-tracker 5.3.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "edd-download-info No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "echoza No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "embed-google-data-studio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ect-add-to-cart-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.2.14 Missing.Authorization MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.2.4 Missing.Authorization MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "everest-forms 3.2.3 Unauthenticated.PHP.Object.Injection HIGH" "everest-forms 3.1.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "everest-forms 3.1.2 Unauthenticated.PHP.Object.Injection HIGH" "everest-forms 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 3.0.9.5 Unauthenticated.Arbitrary.File.Upload,.Read,.and.Deletion CRITICAL" "everest-forms 3.0.8.1 Admin+.Stored.XSS LOW" "everest-forms 3.0.4.2 Admin+.Stored.XSS LOW" "everest-forms 3.0.3.1 Admin+.Stored.XSS LOW" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "easy-mls-listings-import 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eventbee-rsvp-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "export-all-urls 5.1 Unauthenticated.Sensitive.Data.Exposure MEDIUM" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "easy-wp-tiles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ect-social-share No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "extensive-vc-addon No.known.fix Unauthenticated.Local.File.Inclusion.via.'shortcode_name'.Parameter HIGH" "extensive-vc-addon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "export-categories No.known.fix Missing.Authorization MEDIUM" "essential-addons-for-elementor-lite 6.5.10 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.5.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 6.5.4 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.5.4 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.3.0 Missing.Authorization LOW" "essential-addons-for-elementor-lite 6.2.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Calendar'.And.'Business.Reviews'.Widgets MEDIUM" "essential-addons-for-elementor-lite 6.0.5 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.1.13 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "essential-addons-for-elementor-lite 6.1.13 Contributor+.Stored.XSS.via.Event.Calendar.Widget MEDIUM" "essential-addons-for-elementor-lite 6.1.10 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.1.10 Contributor+.Information.Disclosure LOW" "essential-addons-for-elementor-lite 6.0.15 Reflected.Cross-Site.Scripting HIGH" "essential-addons-for-elementor-lite 6.0.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Author+).Sensitive.Information.Exposure.to.Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "easy-social-share-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "events-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-swagger-ui No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-replace No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "eazy-under-construction 2.0 Reflected.Cross-Site.Scripting MEDIUM" "encyclopedia-lexicon-glossary-wiki-dictionary 1.7.61 Reflected.Cross-Site.Scripting MEDIUM" "email-subscribers-premium 5.9.14 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "email-subscribers-premium 5.9.6 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "eroom-zoom-meetings-webinar 1.5.7 Unauthenticated.Information.Exposure HIGH" "eroom-zoom-meetings-webinar 1.5.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "eventify No.known.fix Admin+.Stored.XSS LOW" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "everviz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elite-video-player 10.0.7 Reflected.Cross-Site.Scripting MEDIUM" "elite-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elite-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "exclusive-content-password-protect No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "embed-bokun 0.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "en-masse-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "extra-options-favicons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.6.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "enhanced-youtube-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emergency-password-reset 9.4 Cross-Site.Request.Forgery MEDIUM" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "etruel-del-post-copies 6.0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "etruel-del-post-copies 6.0 Missing.Authorization MEDIUM" "easy-quotes 1.2.5 Missing.Authorization MEDIUM" "easy-quotes 1.2.3 Unauthenticated.SQL.Injection HIGH" "ecwid-shopping-cart 7.0.8 Subscriber+.Privilege.Escalation HIGH" "ecwid-shopping-cart 7.0.6 Missing.Authorization MEDIUM" "ecwid-shopping-cart 7.0.7 Missing.Authorization MEDIUM" "ecwid-shopping-cart 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecwid-shopping-cart 6.12.28 Cross-Site.Request.Forgery.to.Send.Deactivation.Message MEDIUM" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "ethiopian-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "event-rocket No.known.fix Missing.Authorization MEDIUM" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "easy-popup-lightbox-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SMTP.Header.Injection MEDIUM" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "eg-attachments No.known.fix Reflected.XSS HIGH" "explore-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ele-conditions No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "easy-demo-importer 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "erp 1.16.8 Missing.Authorization MEDIUM" "erp 1.16.7 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "erp 1.14.0 Missing.Authorization MEDIUM" "erp 1.13.4 Admin+.Stored.XSS LOW" "erp 1.13.4 Unauthorized.Access.to.Terminated.Employee.Information MEDIUM" "erp 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "electio-core No.known.fix Unauthenticated.SQL.Injection HIGH" "em-beer-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "eight-day-week-print-workflow 1.2.6 Authenticated.(Custom+).Information.Exposure MEDIUM" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "easy-login-woocommerce 2.9.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-login-woocommerce 2.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.xoo_el_action.Shortcode MEDIUM" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "estatik No.known.fix Contributor+.Stored.XSS MEDIUM" "estatik No.known.fix Contributor+.Local.File.Inclusion HIGH" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "easy-chart-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-flashcards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "edunext-openedx-integrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-capture-lead-generation No.known.fix Missing.Authorization MEDIUM" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "emoji-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-map-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "email-to-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "employee-directory No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "employee-directory 4.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.noaccess_msg.Parameter MEDIUM" "employee-directory 4.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emplibot 1.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "exclusive-divi No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "educare 1.6.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "eventer 3.11.2.2 .Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "eventer No.known.fix Missing.Authorization MEDIUM" "eventer No.known.fix Unauthenticated.SQL.Injection HIGH" "eventer 3.9.9.3 Subscriber+.SQLi HIGH" "eventer 3.9.9 Reflected.Cross-Site.Scripting MEDIUM" "eventer 3.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "eventer 3.9.9.5.1 Missing.Authorization.to.Unauthenticated.Event.Ticket.Download MEDIUM" "eventer 3.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Bookings.Export MEDIUM" "eventer 3.9.9 Unauthenticated.SQL.Injection.via.eventer_get_attendees HIGH" "eventer 3.9.8 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "etemplates No.known.fix Unauthenticated.SQL.Injection CRITICAL" "edwiser-bridge 4.3.3 Missing.Authorization MEDIUM" "edwiser-bridge 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easypromos 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-youtube-subscribe No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Title.and.Channel.ID MEDIUM" "enable-latex No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-custom-css No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "e-namad-shamed-logo-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-ispring No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "eventon 4.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.7.-.Cross-Site.Request.Forgery.via.admin_test_email MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.4 Arbitrary.File.Upload.via.CSRF HIGH" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 API.Key.Update.via.CSRF MEDIUM" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "edublink-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "easy-svg 4.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce 4.2 Shop.manager+.Stored.XSS MEDIUM" "epic-review 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "extended-random-number-generator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "email-notification-on-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.12.14.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-reminders 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "easyappointments 1.4.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "eyewear-prescription-form No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.WooCommerce.Category.Deletion MEDIUM" "eyewear-prescription-form No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.WooCommerce.Product.Creation MEDIUM" "eyewear-prescription-form 4.0.19 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "et-mailing No.known.fix Subscriber+.Arbitrary.Option.Update HIGH" "essay-wizard-wpcres No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-optimizer No.known.fix Missing.Authorization MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "email-attachment-by-order-status-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exit-popup-free No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "ecava-diot-scada No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "epeken-all-kurir No.known.fix Shop.manager+.Stored.XSS MEDIUM" "epeken-all-kurir 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "epeken-all-kurir No.known.fix .Stored.XSS.via.CSRF HIGH" "eventON No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eventON No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventON No.known.fix Missing.Authorization MEDIUM" "eventON No.known.fix Missing.Authorization MEDIUM" "eventON 4.9.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.9.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "fastcgi-cache-purge-and-preload-nginx 2.1.3 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusedesk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'emailtext'.Shortcode.Attribute MEDIUM" "fusedesk 6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.successredirect.Parameter MEDIUM" "fusedesk 6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fleet 2.6.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "fonto No.known.fix Authenticated.(Author+).Arbitrary.File.Download MEDIUM" "fonto 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "flx-dashboard-groups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "facebook-like-send-button 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "firsth3tagadsense No.known.fix Missing.Authorization MEDIUM" "file-manager-advanced-shortcode 2.6.0 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.Shortcode HIGH" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "f70-lead-document-download No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Media.File.Download MEDIUM" "fs-poster 7.1.8 Missing.Authorization MEDIUM" "fs-poster 6.5.9 Reflected.Cross-Site.Scripting MEDIUM" "fs-poster 6.5.9 Subscriber+.SQL.Injection HIGH" "fs-poster 6.5.9 Cross-Site.Request.Forgery MEDIUM" "fancy-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-velocity-minify 3.5.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "featured-image 2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "flippingbook 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "faq-and-answers 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facturante 1.13 Unauthenticated.SQL.Injection HIGH" "flytedesk-digital No.known.fix Cross-Site.Request.Forgery MEDIUM" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "fluent-boards 1.91.2 Missing.Authorization MEDIUM" "fluent-boards 1.48 Unauthenticated.PHP.Object.Injection CRITICAL" "formularios-de-contacto-salesup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fitness-trainer No.known.fix Missing.Authorization MEDIUM" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "footer-flyout-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "forms-bridge 4.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'id'.Shortcode.Attribute MEDIUM" "faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "frontend-post-submission-manager-lite 1.2.8 Unauthenticated.Open.Redirect.via.'requested_page'.Parameter MEDIUM" "frontend-post-submission-manager-lite 1.2.7 Incorrect.Authorization.to.Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "frontend-post-submission-manager-lite 1.2.6 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Modification MEDIUM" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "formfacade No.known.fix Cross-Site.Request.Forgery MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting HIGH" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "fwdmsp 8.0 Unauthenticated.Arbitrary.File.Read/Download HIGH" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "foxtool 2.5.3 Cross-Site.Request.Forgery.to.Google.OAuth.Connection MEDIUM" "flatsome 3.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flexible-wishlist 1.2.27 Cross-Site.Request.Forgery.to.Wishlist.Creation/Modification MEDIUM" "flexible-wishlist 1.2.26 Unauthenticated.Stored.Cross-Site.Scripting.via.wishlist_name.Parameter HIGH" "flaming-password-reset No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flatty-flat-admin-theme No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flying-twitter-birds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "forms-for-campaign-monitor No.known.fix Missing.Authorization MEDIUM" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "fitvids-for-wordpress No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fws-ajax-contact-form 1.4.2 Contributor+.Stored.XSS MEDIUM" "facebook-conversion-pixel 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "fonts-manager-custom-fonts No.known.fix Unauthenticated.SQL.Injection.via.fmcfIdSelectedFnt.parameter HIGH" "fonts-manager-custom-fonts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flow-flow-social-streams No.known.fix 4.7.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.flow_flow_social_auth.AJAX.action MEDIUM" "flash-show-and-hide-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flashnews-fading-effect-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "front-end-post-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-refund-and-return-order-for-woocommerce 1.0.43 Incorrect.Authorization.to.Authenticated.(Contributor+).Refund.Status.Update MEDIUM" "flexible-refund-and-return-order-for-woocommerce 1.0.39 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Order.Refund MEDIUM" "flashfader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "file-upload-types 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "fancy-user-listing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.header_size.tag MEDIUM" "futurio-extra 2.0.14 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "futurio-extra 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "flickr-slideshow-wrapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fluent-security 2.1.0 Auth.Security.Plugin.<.2.1.0.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'fluent_auth_reset_password'.Shortcode MEDIUM" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "forms-3rdparty-post-again No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fl3r-accessibility-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fl3raccessibilitysuite.Shortcode MEDIUM" "free-quotation No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "fusewp 1.1.23.1 Missing.Authorization.to.Authenticated.(Subscriber+).Sync.Rule.Creation MEDIUM" "fusewp 1.1.23.1 Cross-Site.Request.Forgery.to.Sync.Rule.Creation MEDIUM" "foogallery-premium 2.4.27 Authenticated.(Contributor+).Directory.Traversal HIGH" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "foobox-image-lightbox 2.7.35 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.34 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "fancy-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fami-woocommerce-compare No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "filedownload No.known.fix Multiple.Issues CRITICAL" "funnel-builder 3.13.1.6 Unauthenticated.SQL.Injection HIGH" "funnel-builder 3.13.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "funnel-builder 3.13.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wfop_phone.Shortcode MEDIUM" "funnel-builder 3.12.0.1 Reflected.XSS HIGH" "funnel-builder 3.12.0 Unauthenticated.Local.File.Inclusion HIGH" "funnel-builder 3.11.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.to.Privilege.Escalation.via.Woofunnel.Library HIGH" "funnel-builder 3.11.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "funnel-builder 3.9.1 Unauthenticated.Local.File.Inclusion CRITICAL" "funnel-builder 3.10.2 Admin+.SQL.Injection MEDIUM" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "fv-all-in-one-seo-pack 1.9.7 Missing.Authorization MEDIUM" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-login-and-registration-blocks 1.2.0 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "frontend-login-and-registration-blocks 1.0.9 Subscriber+.Privilege.Escalation.via.Password.Reset HIGH" "felan-framework No.known.fix Unauthenticated.SQL.Injection HIGH" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "fast-ebay-listings 2.12.16 Open.Redirect MEDIUM" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "file-select-control-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-from-url 5.3.2 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.'fifu_input_url' MEDIUM" "featured-image-from-url 5.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.Custom.Fields MEDIUM" "featured-image-from-url 5.2.8 Missing.Authorization.to.Password.Protected.Post.Disclosure MEDIUM" "featured-image-from-url 5.2.8 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "featured-image-from-url 5.2.8 Authenticated.(Admin+).SQL.Injection MEDIUM" "featured-image-from-url 5.2.8 Authenticated.(Admin+).SQL.Injection MEDIUM" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "follow-my-blog-post 2.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "follow-my-blog-post 2.4.0 Unauthenticated.Information.Exposure MEDIUM" "featured-posts-scroll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "folders 3.1.6 Missing.Authorization.to.Authenticated.(Author+).Media.Replacement MEDIUM" "folders 3.1.6 Incorrect.Authorization.to.Authenticated.(Contributor+).Folder.Content.Manipulation MEDIUM" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "forge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "fable-extra 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "fable-extra 1.0.7 Unauthenticated.SQL.Injection HIGH" "fable-extra 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filester 1.9 Arbitrary.File.Deletion.via.Traversal MEDIUM" "filester 1.8.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "filester 1.8.9 Administrator+.Arbitrary.File.Upload MEDIUM" "filester 1.8.7 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "filester 1.8.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "filester 1.8.6 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "find-your-reps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ferma-ru-net-checkout No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "food-store No.known.fix Reflected.Cross-Site.Scripting HIGH" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "forumwp 2.1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "forumwp 2.1.5 Missing.Authorization MEDIUM" "forumwp 2.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "forumwp 2.1.3 Reflected.Cross-Site.Scripting.via.url.Parameter HIGH" "forumwp 2.1.3 Reflected.Cross-Site.Scripting HIGH" "forumwp 2.1.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "feed-comments-number No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "frontpage-category-filter No.known.fix Cross-Site.Request.Forgery MEDIUM" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-action-buttons 1.0.1 Missing.Authorization MEDIUM" "fish-and-ships 1.6 Reflected.Cross-Site.Scripting MEDIUM" "falling-things 1.09 Authenticated.(Editor+).SQL.Injection MEDIUM" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fm-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "findall-listing 1.1 Unauthenticated.Privilege.Escalation CRITICAL" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "formidable 6.29 Unauthenticated.Payment.Amount.Manipulation.via.'item_meta'.Parameter MEDIUM" "formidable 6.29 Unauthenticated.Payment.Integrity.Bypass.via.PaymentIntent.Reuse HIGH" "formidable 6.16.2 Reflected.Cross-Site.Scripting.via.Custom.HTML.Form.Parameter MEDIUM" "formidable 6.14.1 Admin+.Stored.XSS LOW" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "fix-rss-feed No.known.fix Cross-Site.Request.Forgery MEDIUM" "flexible-cookies 1.1.9 Cross-Site.Request.Forgery MEDIUM" "findall-membership 1.1 Authentication.Bypass.via.Social.Login CRITICAL" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "flat-shipping-rate-by-city-for-woocommerce No.known.fix Authenticated.(Shop.Manager+).SQL.Injection.via.'cities'.Parameter MEDIUM" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "fluentformpro 6.1.18 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "fluentformpro 6.1.18 Unauthenticated.Stored.Cross-Site.Scripting.via.Draft.Form.Submission HIGH" "fluentformpro 6.1.18 Missing.Authorization.to.Unauthenticated.Payment.Status.modification HIGH" "fluentformpro 6.1.13 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.'saveDataSource' MEDIUM" "football-leagues-by-anwppro 0.16.18 Authenticated.(Administrator+).CSV.Injection MEDIUM" "football-leagues-by-anwppro 0.16.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "fontawesomeio-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "fat-coming-soon No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fancytabs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "f4-improvements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.flexi-form-tag.Shortcode MEDIUM" "flexi No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "fg-drupal-to-wp 3.90.1 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "fast-tube No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-tube No.known.fix Reflected.XSS HIGH" "flex-guten 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.thumbnailHoverEffect.Parameter MEDIUM" "float-block No.known.fix Admin+.Stored.XSS.via.Widget LOW" "form-vibes 1.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "fd-elementor-button-plus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "flex-store-user No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-manager-advanced 5.4.0 Arbitrary.File.Deletion.via.Traversal MEDIUM" "file-manager-advanced 5.3.2 Missing.Authorization.to.Notice.Dismissal NONE" "file-manager-advanced 5.3.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "file-manager-advanced 5.2.14 5.2.13.-.Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.11 Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Limited.File.Upload MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.fma_locale MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "five9 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fastspring No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "foogallery 3.1.13 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 3.1.13 Missing.Authorization MEDIUM" "foogallery 3.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Gallery.Metadata.Exposure MEDIUM" "foogallery 2.4.32 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.30 Insecure.Direct.Object.Reference.to.Authenticated.(Custom+).Arbitrary.Post/Page.Updates MEDIUM" "foogallery 2.4.30 Authenticated.(Custom+).Stored.Cross-Site.Scripting.via.Album.Title.Size MEDIUM" "foogallery 2.4.30 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin..FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "flexmls-idx 3.15.10 Reflected.Cross-Site.Scripting MEDIUM" "flexmls-idx 3.15.8 Unauthenticated.Open.Redirect LOW" "flexmls-idx 3.14.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexmls-idx 3.14.28 Unauthenticated.PHP.Object.Injection CRITICAL" "flexmls-idx 3.14.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.API.parameters MEDIUM" "flexmls-idx 3.14.23 Reflected.Cross-Site.Scripting MEDIUM" "footnotes-made-easy 3.0.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fancybox-for-wordpress 3.3.6 Unauthenticated.Stored.XSS HIGH" "fancybox-for-wordpress 3.3.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "flexible-invoices 6.0.14 Cross-Site.Request.Forgery MEDIUM" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "flexible-shipping-ups 3.0.0 Missing.Authorization.to.Plugin.API.key.reset MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "forms-by-made-it No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "forms-by-made-it 2.8.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "flip-boxes 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "fare-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "favorites No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "favorites 2.3.5 Admin+.Stored.XSS LOW" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "faq-schema-block-to-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fooevents 1.20.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "filtr8-magazine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "flash-album-gallery 2.72 "s".Cross-Site.Scripting HIGH" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "first-comment-redirect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fade-slider 2.6 Reflected.Cross-Site.Scripting HIGH" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "fluent-community 2.1.0 Missing.Authorization MEDIUM" "fluent-community 1.3.1 Unauthenticated.PHP.Object.Injection CRITICAL" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "fediverse-embeds 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "file-uploader-for-woocommerce 1.0.4 Unauthenticated.Arbitrary.File.Upload.via.add-image-data CRITICAL" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "feeds-for-youtube 2.6.1 Missing.Authorization MEDIUM" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "fpw-category-thumbnails No.known.fix Missing.Authorization MEDIUM" "form-data-collector 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "fluent-crm 2.9.85 Marketing.Automation.For.WordPress.<.2.9.85.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'fluentcrm_content'.Shortcode MEDIUM" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "featured-image-plus 1.6.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "featured-image-plus 1.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Featured.Image.Update MEDIUM" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-downloads-edd No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.48.7212 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection MEDIUM" "flagged-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "front-editor 5.0.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "front-editor 5.0.1 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "front-editor 5.0.0 Open.Redirect MEDIUM" "front-editor 4.9.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "front-editor No.known.fix Admin+.Stored.XSS LOW" "front-editor 4.4.8 Admin+.Stored.XSS LOW" "front-editor 4.4.5 Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontend-post-submission No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foundation-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexi-product-slider-grid No.known.fix Authenticated.(Contributor+).Local.File.Inclusion.via.'theme'.Shortcode.Attribute HIGH" "foodbakery-sticky-cart No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "featured-product-by-category-name No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fs-license-manager 7.0.7 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "file-manager 6.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Uploads MEDIUM" "file-manager 6.5.8 Authenticated.(Subscriber+).Limited.JavaScript.File.Upload MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "featured-image-pro 5.15 Reflected.XSS HIGH" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "faltu-testimonial-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "flexible-faq No.known.fix Cross-Site.Request.Forgery MEDIUM" "fix-multiple-redirects No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "firebox 3.1.1-free Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "fomo-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "find-content-ids No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-video-and-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "fotomoto No.known.fix Reflected.XSS HIGH" "flat-ui-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.flatbtn.Shortcode MEDIUM" "feed-instagram-lite 1.0.0.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "feedbucket 1.0.7 Cross-Site.Request.Forgery MEDIUM" "f12-profiler 1.4.0 Settings.Update.via.CSRF MEDIUM" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-contact 2.8 Admin+.Stored.XSS LOW" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "filebird 6.5.2 Missing.Authorization.to.Authenticated.(Author+).Global.Folders.Tampering MEDIUM" "filebird 6.5.0 Author+.Settings.Reset MEDIUM" "filebird 6.4.9 Authenticated.(Author+).SQL.Injection MEDIUM" "filebird 6.4.6 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "filebird 6.3.4 Missing.Authorization MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "fx-currency-converter 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "fluentform 6.1.15 Subscriber+.Stored.XSS HIGH" "fluentform 6.1.12 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "fluentform 6.1.8 Subscriber+.Arbitrary.Form.Creation.via.AI.Builder MEDIUM" "fluentform 6.1.8 Unauthenticated.Payment.Status.Tampering.via.IDOR MEDIUM" "fluentform 6.1.1 6.1.0.-.Subscriber+.PHP.Object.Injection.To.Arbitrary.File.Read MEDIUM" "fluentform 6.0.3 Contributor+.Stored.XSS MEDIUM" "fluentform 6.0.0 IP-Spoofing MEDIUM" "fluentform 5.2.7 Unauthenticated.Stored.XSS.via.Form.Subject HIGH" "fluentform 5.2.1 Admin+.Stored.XSS LOW" "fluentform 5.1.20 Form.Manager+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "flaming-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "flaming-forms No.known.fix Reflected.XSS HIGH" "fleetwire-fleet-management 1.0.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fleetwire_list.Shortcode MEDIUM" "forum-server No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "forum-server No.known.fix Cross-Site.Request.Forgery MEDIUM" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "fabrica-reusable-block-instances 1.0.9 Reflected.Cross-Site.Scripting HIGH" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-user-switching No.known.fix Cross-Site.Request.Forgery MEDIUM" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "file-provider No.known.fix Item.Deletion.via.CSRF MEDIUM" "file-provider No.known.fix Unauthenticated.SQLi HIGH" "fox-lms 1.0.5.2 1.0.5.1.-.Unauthenticated.Privilege.Escalation.via.'createOrder' CRITICAL" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "flower-delivery-by-florist-one 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "finance-calculator-with-application-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "flashcounter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flexo-posts-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formatted-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "float-menu 6.1.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "formassembly-web-forms 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fx-calculators 1.3.8 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "fx-calculators 1.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fifthsegment-whitelist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-generator No.known.fix Missing.Authorization MEDIUM" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "folder-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluxtore 1.6.3 Missing.Authorization MEDIUM" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "fluent-smtp 2.2.81 Cross-Site.Request.Forgery MEDIUM" "fluent-smtp 2.2.83 Unauthenticated.PHP.Object.Injection HIGH" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fw-integration-for-emailoctopus 1.0.8.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fw-integration-for-emailoctopus 1.0.8.2 Contributor+.Stored.XSS MEDIUM" "facebook-photo-fetcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "footnotes-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "free-stock-photos-foter No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "flexible-blogtitle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fancy-product-designer 6.5.0 Unauthenticated.Information.Disclosure.and.PHAR.Deserialization.via.'url'.Parameter MEDIUM" "fancy-product-designer 6.5.0 Unauthenticated.Full.Path.Disclosure.via.'pdf'.Parameter MEDIUM" "fancy-product-designer 6.5.0 Unauthenticated.Server-Side.Request.Forgery.via.Race.Condition MEDIUM" "fancy-product-designer 6.5.0 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "fancy-product-designer 6.4.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fancy-product-designer 6.4.4 Unauthenticated.SQL.Injection HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fontsampler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "filestack-upload 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "friendly-functions-for-welcart 1.2.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "friendly-functions-for-welcart 1.2.5 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "fami-sales-popup No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "fastly 1.2.29 Cross-Site.Request.Forgery MEDIUM" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "fast-flow-dashboard 1.2.18 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fp-rss-category-excluder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fruitcake-horsemanager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "fusion-core 5.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-core 5.15.0 Missing.Authorization MEDIUM" "fat-event-lite No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "farazsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "fapi-member No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "flexidx-home-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "freetobook-responsive-widget 1.1.1 Cross-Site.Request.Forgery MEDIUM" "fileorganizer 1.1.5 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "fileorganizer 1.1.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "feedblitz-email-subscription No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fw-anker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "finale-woocommerce-sales-countdown-timer-discount No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.20.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "ftp-sync No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "facebook-pagelike-widget 6.4.2 Admin+.Stored.XSS LOW" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "flex-qr-code-generator No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "flex-qr-code-generator 1.2.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "flex-qr-code-generator 1.2.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "frictionless No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "font-awesome-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "flags-widget No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "flickr-shortcode-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Cross-Site.Request.Forgery MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "flickr-photostream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "filter-plus 1.1.7 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Modification MEDIUM" "flexoslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foogallery-captions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-wp-booster-by-ads-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "filebird-pro 6.5.2 Missing.Authorization MEDIUM" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "filled-in 1.9.3 Stored.XSS.via.CSRF HIGH" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "formaloo-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.34 Missing.Authorization MEDIUM" "front-end-only-users No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-only-users No.known.fix Unauthenticated.Information.Exposure MEDIUM" "front-end-only-users 3.2.33 Unauthenticated.Arbitrary.File.Upload CRITICAL" "front-end-only-users 3.2.33 Authenticated.(Admin+).SQL.injection MEDIUM" "front-end-only-users 3.2.33 Reflected.XSS HIGH" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.forgot-password.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "fluent-cart 1.3.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-cart 1.3.2 Authenticated.(Administrator+).SQL.Injection.via.'groupKey'.Parameter MEDIUM" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "flexo-social-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "funkitools No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "form-maker 1.15.36 Unauthenticated.Stored.Cross-Site.Scripting.via.Hidden.Field HIGH" "form-maker 1.15.36 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.file HIGH" "form-maker 1.15.34 Admin+.Stored.XSS LOW" "form-maker 1.15.32 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.33 .Admin+.Stored.XSS LOW" "form-maker 1.15.33 Admin+.Stored.XSS.via.Theme.Title LOW" "form-maker 1.15.31 Admin+.Stored.XSS LOW" "form-maker 1.15.28 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "form-maker 1.15.31 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "form-maker 1.15.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS HIGH" "form-maker 1.15.19 Reflected.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "f4-media-taxonomies 1.1.5 Missing.Authorization MEDIUM" "flashcard No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read.via.Path.Traversal MEDIUM" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formality 1.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "formality 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "formality 1.5.8 Unauthenticated.Local.File.Inclusion CRITICAL" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "flipdish-ordering-system No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "flattr No.known.fix Admin+.Stored.XSS LOW" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "formafzar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexible-coupons 1.10.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "floating-social-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "featured-post-creative 1.5.6 Missing.Authorization MEDIUM" "featured-page-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "friendstore-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fraudlabs-pro-for-woocommerce 2.22.12 Missing.Authorization MEDIUM" "fraudlabs-pro-for-woocommerce 2.22.9 Stored.XSS.via.CSRF HIGH" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "facilita-form-tracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "feather-login-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF MEDIUM" "feather-login-page 1.1.2 Missing.Authorization.to.Non-Arbitrary.User.Deletion HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "flo-forms No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload HIGH" "flo-forms No.known.fix Missing.Authorization MEDIUM" "flo-forms 1.0.43 Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "fundpress 2.0.7 Unauthenticated.PHP.Object.Injection HIGH" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "fraudlabs-pro-sms-verification 1.10.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "form-to-chat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fastdup 2.7.2 Contributor+.Backup.Creation.and.Download HIGH" "fastdup 2.7.1 Authenticated.(Contributor+).Path.Traversal.via.'dir_path'.REST.Parameter MEDIUM" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "fantastic-elasticsearch No.known.fix Reflected.XSS HIGH" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "favicon-my-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "featured-posts-grid No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "fintelligence-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fintelligence-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "full-screen-page-background-image-slideshow No.known.fix Admin+.Stored.XSS LOW" "flexo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fv-descriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feed-changer 0.3 Admin+.Stored.XSS LOW" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "final-user No.known.fix Missing.Authorization MEDIUM" "final-user No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "funnelcockpit 1.4.4 Reflected.Cross-Site.Scripting.via.'error'.Parameter MEDIUM" "funnelcockpit 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "funnelcockpit 1.4.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "floating-window-music-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "file-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-json No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-auto-publish 2.4.8 Reflected.Cross-Site.Scripting.via.PostMessage MEDIUM" "floatbox-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.66 Unauthenticated.PHP.Object.Injection HIGH" "falang 1.3.62 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "fs-real-estate-plugin No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "freshchat No.known.fix Cross-Site.Request.Forgery MEDIUM" "fiverr-official-search-box No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "find-unused-images No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "frontend-dashboard 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "frontend-dashboard 2.2.8 2.2.7.-.Subscriber+.Privilege.Escalation.via.fed_admin_setting_form_function.Function HIGH" "frontend-dashboard 2.2.8 2.2.7.-.Subscriber+.Account.Takeover/Privilege.Escalation.via.ajax_request.Function HIGH" "frontend-dashboard 2.2.7 2.2.6.-.Unauthenticated.Privilege.Escalation.via.fed_wp_ajax_fed_login_form_post.Function CRITICAL" "frontend-dashboard 2.2.6 Unauthenticated.SQL.Injection HIGH" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "firedrum-email-marketing 1.65 Reflected.Cross-Site.Scripting HIGH" "fancy-roller-scroller 1.4.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flask-micro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title'.Shortcode.Attribute MEDIUM" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "f4-tree 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frndzk-expandable-bottom-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.text.Parameter MEDIUM" "fwduvp No.known.fix Missing.Authorization MEDIUM" "fwduvp No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "fwduvp 10.1 Unauthenticated.Arbitrary.File.Download HIGH" "fat-rat-collect 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "free-download-manager No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "fwd-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "feedzy-rss-feeds 5.1.2 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "feedzy-rss-feeds 5.1.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "football-pool 2.13.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-away No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "file-away No.known.fix Missing.Authorization.to.Unauthenticated.File.Upload.via.upload.Function CRITICAL" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "final-tiles-grid-gallery-lite 3.6.11 Missing.Authorization MEDIUM" "final-tiles-grid-gallery-lite 3.6.10 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Gallery.Management MEDIUM" "final-tiles-grid-gallery-lite 3.6.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.'Custom.Scripts'.Setting MEDIUM" "final-tiles-grid-gallery-lite 3.6.8 Missing.Authorization.to.Authenticated.(Contributor+).Gallery.Management MEDIUM" "final-tiles-grid-gallery-lite 3.6.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "fb2wp-integration-tools 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "faq-builder-ays 1.7.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "fat-services-booking No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-services-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fat-services-booking No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fat-services-booking No.known.fix Unauthenticated.SQL.Injection HIGH" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "full-site-builder-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "flipping-cards 1.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusion-builder 3.15.0 Missing.Authorization MEDIUM" "fusion-builder 3.15.0 Missing.Authorization MEDIUM" "fusion-builder 3.13.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 3.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fusion-builder 3.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 3.11.14 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "fusion-builder 3.11.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "fusion-builder 3.11.13 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "fence-url No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Post.Meta MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forminator 1.50.3 Admin+.Stored.XSS LOW" "forminator 1.49.2 Forminator.User+.CSV.Export MEDIUM" "forminator 1.45.1 Admin+.SQLi MEDIUM" "forminator 1.44.3 Unauthenticated.Arbitrary.File.Deletion.Triggered.via.Administrator.Form.Submission.Deletion HIGH" "forminator 1.44.3 Unauthenticated.PHP.Object.Injection.(PHAR).Triggered.via.Administrator.Form.Submission.Deletion HIGH" "forminator 1.44.2 Contributor+.Stored.DOM-Based.XSS.via.id.and.data-size.Parameters MEDIUM" "forminator 1.42.1 Contributor+.Stored.XSS.via.'limit' MEDIUM" "forminator 1.42.1 Order.Replay.Vulnerability MEDIUM" "forminator 1.39.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "forminator 1.38.3 Reflected.XSS.via.Title.Parameter HIGH" "forminator 1.38.3 Admin+.Stored.XSS LOW" "forminator 1.36.1 Unauthenticated.Arbitrary.Quiz.Submissions.Update MEDIUM" "forminator 1.36.0 Missing.Authorization.to.Authenticated.(Contributor+).Form.Update.and.Creation HIGH" "forminator 1.36.0 Draft.Custom.Form.Creation.via.CSRF MEDIUM" "forminator 1.36.0 Draft.Quiz.Creation.via.CSRF MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "flynax-bridge 2.2.1 Unauthenticated.Arbitrary.User.Deletion MEDIUM" "flynax-bridge 2.2.1 Unauthenticated.Limited.Privilege.Escalation HIGH" "flynax-bridge 2.2.1 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "flynax-bridge 2.2.1 Unauthenticated.Privilege.Escalation.via.Password.Update CRITICAL" "flexo-countdown No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fanbridge-signup No.known.fix Cross-Site.Request.Forgery MEDIUM" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "flexytalk-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "filr-protection No.known.fix Authenticated.(Contributor+).Arbitrary.File.Uploads HIGH" "filr-protection 1.2.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.HTML.Upload MEDIUM" "filr-protection 1.2.11 Authenticated.(Contributor+).Arbitrary.File.Deletion HIGH" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "frontend-user-notes 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.Note.Modification MEDIUM" "firework-videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontis-blocks 1.1.7 Unauthenticated.Server-Side.Request.Forgery.via.'url'.Parameter HIGH" "frontis-blocks 1.1.6 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "fluent-support 1.10.5 Missing.Authorization MEDIUM" "fluent-support 1.9.2 Cross-Site.Request.Forgery MEDIUM" "fluent-support 1.8.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "fluent-support 1.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fluent-support 1.8.1 Insufficient.Authorization.on.Email.Verification MEDIUM" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "formstack No.known.fix Missing.Authorization MEDIUM" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "full-customer 3.1.26 3.1.25.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "full-customer 3.1.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "full-customer 3.1.23 Reflected.Cross-Site.Scripting MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "freshmail-newsletter 1.6 Unauthenticated.SQL.Injection HIGH" "fw-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "fw-gallery No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fw-gallery No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "funnelforms-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "funnelforms-free No.known.fix Missing.Authorization MEDIUM" "funnelforms-free No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "formgent No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "formgent 1.0.4 Unauthenticated.Arbitrary.File.Deletion HIGH" "fw-food-menu No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "fw-food-menu No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "full-screen-menu-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "folderly 0.3.1 Incorrect.Authorization.to.Authenticated.(Author+).Term.Deletion MEDIUM" "feedburner-optin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "force-update-translations 0.6.0 Cross-Site.Request.Forgery MEDIUM" "formlift 7.5.21 Reflected.Cross-Site.Scripting MEDIUM" "formlift 7.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "formcraft3 3.9.12 Premium.WordPress.Form.Builder.<.3.9.12.-.Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "formcraft3 3.9.12 Missing.Authorization.to.Plugin.Data.Export.in.formcraft-main.php MEDIUM" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "fresh-framework No.known.fix Missing.Authorization MEDIUM" "fresh-framework No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "float-gateway 1.1.10 Improper.Authorization.to.Unauthenticated.Order.Status.Manipulation MEDIUM" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "foliopress-wysiwyg No.known.fix .Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "friends 3.5.2 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "friends 3.2.2 Missing.Authorization MEDIUM" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "fusion-extension-gallery 1.7.7 Gallery.<.1.7.7.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "fb-status-updater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "file-manager-plugin-for-wordpress No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "flowbox No.known.fix Missing.Authorization MEDIUM" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "free-wp-mail-smtp No.known.fix Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.79.274 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.79.264 Missing.Authorization MEDIUM" "fulltext-search 1.79.262 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.79.262 Missing.Authorization MEDIUM" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "fusion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "free-product-table-for-woocommerce No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "free-product-table-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "flickr-set-slideshows No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "flickr-set-slideshows No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "frizzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fv-antispam 2.8 Reflected.Cross-Site.Scripting MEDIUM" "feedback-modal-for-website No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Feedback.Data.Exfiltration.via.'export_data'.Parameter MEDIUM" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "featured-image-via-url No.known.fix Authenticated.(Contributor+).Arbitrary.FIle.Upload HIGH" "fortis-for-woocommerce 1.3.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Order.Status.Update.to.Paid.via.'wc-api'.Endpoint MEDIUM" "fluent-booking 1.10.0 Authenticated.(Subscriber+).Missing.Authorization.to.Calendar.Import.and.Management MEDIUM" "fluent-booking 1.10.0 Missing.Authorization MEDIUM" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "faf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "floating-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fan-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "fancy-elementor-flipbox 2.5.2 Contributor+.Stored.XSs.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-secret-meta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "find-and-replace-content No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "falcon 2.8.4 Missing.Authorization MEDIUM" "filepicker-media-uploader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "features No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Option.Reset MEDIUM" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "fb-reviews-widget 2.6 Unauthenticated.Stored.Cross-Site.Scripting.via.Social.Media.Reviews HIGH" "fb-reviews-widget 2.4 Missing.Authorization MEDIUM" "find-me-on No.known.fix Subscriber+.SQL.Injection HIGH" "form-generator-powered-by-jotform No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-block 1.5.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "fyrebox-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "fyrebox-shortcode No.known.fix Stored.XSS.via.CSRF HIGH" "full-circle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.18 Unauthenticated.SQL.Injection.via.'sort'.Parameter HIGH" "geo-mashup 1.13.17 Unauthenticated.Local.File.Inclusion HIGH" "geo-mashup 1.13.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.geo_mashup_visible_posts_list.Shortcode MEDIUM" "geo-mashup 1.13.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gs-woo-variation-swatches 3.0.5 Missing.Authorization MEDIUM" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gtbabel 6.6.9 Unauthenticated.Admin.Account.Takeover HIGH" "gtpayment-donation No.known.fix Stored.XSS.via.CSRF HIGH" "gdpr-tools No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gf-infusionsoft 1.2.7 Open.Redirect MEDIUM" "gf-infusionsoft 1.2.4 Unauthenticated.PHP.Object.Injection HIGH" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "greek-multi-tool 2.3.2 Missing.Authorization MEDIUM" "greek-multi-tool 2.3.2 Unauthenticated.Stored.XSS HIGH" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "gmap-venturit No.known.fix Venturit.<=.1.1.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'h'.Parameter MEDIUM" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-shop-discount-for-woocommerce 2.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-typography No.known.fix Missing.Authorization MEDIUM" "gn-publisher 1.5.6 Reflected.XSS HIGH" "gravatarlocalcache No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 3.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Chart.Widgets MEDIUM" "graphina-elementor-charts-and-graphs 3.1.4 Elementor.Charts.and.Graphs.<.3.1.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 3.1.2 Unauthenticated.Local.File.Inclusion HIGH" "graphina-elementor-charts-and-graphs 3.0.5 Missing.Authorization MEDIUM" "graphina-elementor-charts-and-graphs 3.0.5 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "goodbarber 1.0.27 Open.Redirect MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "gdpr-personal-data-reports No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getshop-ecommerce No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "globalquran No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "gallery-videos 2.4.3 Authenticated.(Administrator+).SQL.Injection HIGH" "gallery-videos 2.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "geodirectory 2.8.150 Cross-Site.Request.Forgery MEDIUM" "geodirectory 2.8.140 Missing.Authorization.to.Authenticated.(Author+).Arbitrary.Image.Attachment MEDIUM" "geodirectory 2.8.120 Contributor+.Stored.XSS MEDIUM" "geodirectory 2.8.98 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Display_name.Parameter MEDIUM" "geodirectory 2.8.98 Unauthenticated.SQL.Injection HIGH" "geodirectory 2.3.85 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 4.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.'gwolle_gb_content'.Parameter MEDIUM" "gwolle-gb 4.7.2 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "gum-elementor-addon 1.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "gpt3-ai-content-generator 1.9.15 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_prompts HIGH" "gpt3-ai-content-generator 1.8.97 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_ai_forms HIGH" "gpt3-ai-content-generator 1.8.97 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "gpt3-ai-content-generator 1.8.90 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "ga-for-wp No.known.fix Missing.Authorization MEDIUM" "ga-for-wp No.known.fix Missing.Authorization MEDIUM" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "getastra No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "getastra No.known.fix Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 12.8.4 Missing.Authorization.to.Unauthenticated.Private.Reusable.Block.Disclosure.via.'gspb_el_reusable_load' MEDIUM" "greenshift-animation-and-page-builder-blocks 12.8.4 Unauthenticated.Sensitive.Information.Exposure.via.Settings.Backup MEDIUM" "greenshift-animation-and-page-builder-blocks 12.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 12.6.1 Animation.and.Page.Builder.Blocks.<.12.6.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure.of.AI.API.Keys.and.Stored.Cross-Site.Scripting.via.custom_css MEDIUM" "greenshift-animation-and-page-builder-blocks 12.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Chart.Data.Attributes MEDIUM" "greenshift-animation-and-page-builder-blocks 12.1.2 Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 11.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 11.4.6 11.4.5.-.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 10.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Server-Side.Request.Forgery.and.Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.9.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "greenshift-animation-and-page-builder-blocks 9.8 Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gatormail-smart-forms 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goal-tracker-for-patreon No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed 1.2.5 Unauthenticated.Settings.Update MEDIUM" "generateblocks 2.2.0 Authenticated.(Contributor+).Information.Exposure.via.Metadata MEDIUM" "generateblocks 2.1.2 Contributor+.Arbitrary.Options.Disclosure MEDIUM" "generateblocks 2.0.0 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.'get_image_description' MEDIUM" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "google-news No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-visualization-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gotmls 4.23.83 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "gdpr-cookie-notice No.known.fix Missing.Authorization MEDIUM" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "gls-shipping-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "greenhouse-job-board No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "github-gist-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "guten-free-options No.known.fix Reflected.XSS HIGH" "guten-free-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "giveaways-contests-by-promosimple No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goldstar No.known.fix Missing.Authorization MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "google-news-editors-picks-news-feeds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "grandconference No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "graphicsly No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gallery-plugin 4.7.4 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "goodlayers-blocks 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gotham-block-extra-light 1.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "gotham-block-extra-light 1.6.0 Authenticated.(Contributor+).Arbitrary.File.Read.via.'ghostban'.Shortcode MEDIUM" "giveasap No.known.fix Cross-Site.Request.Forgery MEDIUM" "giveasap 2.48.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "gf-custom-style No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gmw-premium-settings 3.1 Admin+.Arbitrary.File.Upload MEDIUM" "good-old-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "get-a-quote-for-woocommerce No.known.fix Unauthenticated.Quote.PDF.and.CSV.Download MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gutenify No.known.fix Visual.Site.Builder.Blocks.&.Site.Templates.<=.1.5.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Count.Up.block MEDIUM" "gutenify 1.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "gutenify 1.5.5 Unauthenticated.Local.File.Inclusion HIGH" "gutenify 1.5.8 Contributor+.Stored.XSS MEDIUM" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ganohrs-toggle-shortcode 0.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "getresponse 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getresponse 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "gf-excel-import 1.18.1 Reflected.Cross-Site.Scripting HIGH" "google-plus-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 3.3.1 Missing.Authorization MEDIUM" "gs-testimonial 3.3.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "gmap-targeting 1.1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "gmap-targeting 1.1.7 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "google-font-fix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "gmo-social-connection No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-org-chart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenkit-blocks-addon 2.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenkit-blocks-addon 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenkit-blocks-addon 2.1.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "googledrive-folder-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gc-social-wall No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "get-bookings-wp No.known.fix Missing.Authorization MEDIUM" "get-bookings-wp No.known.fix Appointments.&.Bookings.Plugin.Basic.Version.<=.1.1.27.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "gallery-lightbox-slider 1.0.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-lightbox-slider 1.0.0.41 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "gourl-bitcoin-payment-gateway-paid-downloads-membership No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "gravity-forms-toolbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gmaps-for-visual-composer-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "google-maps-easy 1.11.19 Author+.XML.Entity.Injection MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "grandconference-custom-post 2.6.4 Missing.Authorization MEDIUM" "grandconference-custom-post 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "gravitywp-merge-tags 1.4.5 Merge.Tags.<.1.4.5.-.Unauthenticated.Local.File.Inclusion CRITICAL" "gmap-point-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "gmapsmania No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "g-meta-keywords No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenium No.known.fix Contributor+.Stored.XSS MEDIUM" "google-distance-calculator 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.1 Missing.Authorization.via.get_field_options_ajax MEDIUM" "geo-my-wp 4.5 Admin+.Arbitrary.File.Upload MEDIUM" "geo-my-wp 4.5.0.4 Reflected.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "gtm-kit 2.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "gold-addons-for-elementor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).License.Activation/Deactivation MEDIUM" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "guten-post-layout 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "grand-media No.known.fix Cross-Site.Request.Forgery MEDIUM" "grand-media 1.24.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "grey-owl-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gravityformswebhooks 1.7.0 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "gym-management No.known.fix Wordpress.Gym.Management.System.<=.67.7.0.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "gym-management No.known.fix Wordpress.Gym.Management.System.<=.67.7.0.-.Authenticated.(Subscriber+).Local.File.Inclusion.to.Privilege.Escalation.via.Password.Update HIGH" "gym-management No.known.fix Missing.Authorization.to.Admin.Account.Creation HIGH" "gym-management 67.8.0 Wordpress.Gym.Management.System.<.67.8.0.-.Unauthenticated.SQL.Injection HIGH" "gym-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "gym-management No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "gym-management 67.8.0 Unauthenticated.SQL.Injection HIGH" "gym-management 67.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gym-management 67.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "global-translator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "global-translator No.known.fix Cross-Site.Request.Forgery MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "gutenverse-news 3.1.0 Missing.Authorization MEDIUM" "gutenverse-news 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.elementId.Parameter MEDIUM" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "go-social No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gtm-server-side 2.1.20 Reflected.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "genki-announcement No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "get-cash No.known.fix Missing.Authorization MEDIUM" "get-cash No.known.fix Contributor+.Stored.XSS MEDIUM" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-coach 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "give 4.13.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "give 4.13.2 Cross-Site.Request.Forgery MEDIUM" "give 4.13.1 Unauthenticated.Stored.XSS.via.'name' HIGH" "give 4.10.1 Missing.Authorization.to.Unauthenticated.Forms-Campaign.Association MEDIUM" "give 4.10.1 Unauthenticated.Forms.and.Campaigns.Disclosure MEDIUM" "give 4.6.1 Missing.Authorization.to.Donation.Update MEDIUM" "give 4.6.1 Unauthenticated.Donor.Data.Exposure MEDIUM" "give 4.6.0 Authenticated.(GiveWP.worker+).Stored.Cross-Site.Scripting MEDIUM" "give 4.3.1 Missing.Authorization.To.Authenticated.(Contributor+).Campaign.Data.View.And.Modification MEDIUM" "give 3.22.2 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "give 3.22.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Earning.Reports.Disclosure.via.give_reports_earnings.Function MEDIUM" "give 3.20.0 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.19.4 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.3 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.0 Reflected.XSS HIGH" "give 3.16.4 Unauthenticated.PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "give 3.16.2 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.16.2 Authenticated.(GiveWP.Manager+).SQL.Injection.via.order.Parameter MEDIUM" "give 3.16.0 Cross-Site.Request.Forgery MEDIUM" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "glossy No.known.fix Reflected.XSS HIGH" "gmaper-elementor No.known.fix Missing.Authorization MEDIUM" "g-ffl-cockpit 1.8.0 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "g-ffl-cockpit 1.8.0 Unauthenticated.Product.Deletion MEDIUM" "getgenie 4.3.3 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Stored.Cross-Site.Scripting.via.REST.API MEDIUM" "getgenie 4.3.3 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.Post.Overwrite/Deletion LOW" "getgenie 4.3.1 Missing.Authorization.to.Authenticated.(Author+).Arbitrary.Post.Deletion MEDIUM" "getgenie 4.3.1 Missing.Authorization MEDIUM" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "get-post-content-shortcode No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.post_content.Shortcode MEDIUM" "give-donation-modules-for-divi 2.0.1 Sensitive.Information.Dislcosure MEDIUM" "glomex-oembed 0.9.2 Contributor+.Stored.XSS MEDIUM" "gallery-styles 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "gd-bbpress-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gulri-slider 3.5.9 Reflected.Cross-Site.Scripting MEDIUM" "gna-search-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-targetly-geo-content 6.1 Contributor+.Stored.XSS MEDIUM" "groovy-menu-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "glance-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "gpxpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "greek-namedays-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-listings-and-ads 2.8.7 Information.Disclosure.via.Publicly.Accessible.PHP.Info.File MEDIUM" "gdy-modular-content 0.9.93 Reflected.Cross-Site.Scripting MEDIUM" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geowidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "guild-armory-roster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-for-ultimate-member No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "gallery-for-ultimate-member 1.1.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gallery-for-ultimate-member 1.1.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gallery-for-ultimate-member 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "guest-author-name 4.40 Contributor+.Stored.XSS MEDIUM" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "ghl-wizard 2.1.2 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "ghl-wizard 1.4.0 1.3.0.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation HIGH" "ghl-wizard No.known.fix Contributor+.Stored.XSS MEDIUM" "gallery-images-ape No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gdlr-hotel No.known.fix Unauthenticated.SQL.Injection HIGH" "gdlr-hotel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gdlr-hotel No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "getwid-megamenu 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gnupress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "get-a-quote-button-for-woocommerce 1.5 Unauthenticated.Arbitrary.Shortcode.Execution.via.fire_contact_form HIGH" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-seo-author-snippets No.known.fix Cross-Site.Request.Forgery MEDIUM" "google-seo-author-snippets No.known.fix Missing.Authorization MEDIUM" "geoflickr 1.4 Reflected.Cross-Site.Scripting MEDIUM" "grid-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grid-plus No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.via.grid_plus_load_by_category HIGH" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "generate-post-thumbnails No.known.fix Cross-Site.Request.Forgery MEDIUM" "genoo 6.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "gboy-custom-google-map No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "grid-view-gallery No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "googleanalytics No.known.fix Unauthenticated.Google.Analytics.Data.Exposure MEDIUM" "googleanalytics 3.2.4 Cross-Site.Request.Forgery MEDIUM" "googleanalytics 3.2.2 Missing.Authorization.to.Unauthenticated.Feature.Deactivation MEDIUM" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "global-gallery 9.2.4 Missing.Authorization MEDIUM" "global-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-gallery 9.1.6 WordPress.Responsive.Gallery.<.9.1.6.-.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-map-professional No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-map-professional No.known.fix Reflected.XSS HIGH" "getcontentfromurl No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery.via.'url'.Shortcode.Attribute HIGH" "googl-url-shorter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "guitar-tuner No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-google-address-autocomplete 1.3.5 CSRF MEDIUM" "gst-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "gt3-photo-video-gallery 2.7.7.27 Reflected.Cross-Site.Scripting MEDIUM" "gt3-photo-video-gallery 2.7.7.26 Contributor+.Stored.XSS MEDIUM" "gt3-photo-video-gallery 2.7.7.25 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.25.-.Reflected.Cross-Site.Scripting MEDIUM" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "gt-tabs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gf-dynamics-crm 1.1.5 Open.Redirect MEDIUM" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "getsocial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gp-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gravity-signature-forms-add-on 1.8.7 Missing.Authorization MEDIUM" "go-to-top No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "g5plus-auteur No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "g5plus-auteur No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "g5plus-auteur No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "gs-dribbble-portfolio 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-hunt No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "graph-lite No.known.fix Missing.Authorization MEDIUM" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "game-review-block 4.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "gdlr-hostel No.known.fix Unauthenticated.SQL.Injection HIGH" "gdlr-hostel No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gdlr-hostel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grid-accordion-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.6.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "google-calendar-events 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "graphist-elementor No.known.fix Missing.Authorization MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 5.0.06 XSS MEDIUM" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "google-drive-upload-and-download-link No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "google-map-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "gd-bbpress-attachments 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "grider-elementor No.known.fix Missing.Authorization MEDIUM" "gerryworks-post-by-mail No.known.fix Contributor+.Privilege.Escalation HIGH" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "goanimate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "google-plus-share-and-plusone-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks 3.1.4 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "gantry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gnucommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "google-analytics-dashboard-for-wp 9.0.3 9.0.2.-.Insecure.Direct.Object.Reference.to.Arbitrary.Plugin.Installation HIGH" "google-analytics-dashboard-for-wp 9.0.3 9.0.2.-.Improper.Privilege.Management.to.Role.Privilege.Escalation.via.Settings.Update HIGH" "google-analytics-dashboard-for-wp 8.2.0 Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "gutena-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "green-wp-telegram-bot-by-teplitsa No.known.fix Telegram.Bot.for.WP.<=.1.3.-.Telegram.Bot.Token.Disclosure HIGH" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "gzseo 2.0.12 Authenticated.(Contributor+).Authorization.Bypass.to.Stored.Cross-Site.Scripting MEDIUM" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "gd-rating-system 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.extra_class.Parameter MEDIUM" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "gdpr-compliant-recaptcha-for-all-forms 4.1.2 Cross-Site.Request.Forgery MEDIUM" "goqmieruca No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-payments-woocommerce 1.13.3 Reflected.XSS HIGH" "global-meta-keyword-and-description No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "google-sitemap-generator 4.1.23 Missing.Authorization MEDIUM" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "gg-bought-together No.known.fix Unauthenticated.SQL.Injection HIGH" "google-maps-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "groups 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'groups_group_info'.Shortcode MEDIUM" "groups 3.8.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference.to.Arbitrary.Group.Join MEDIUM" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-docs-rsvp-guestlist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "globe-gateway-e4 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "goqsmile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-portfolio No.known.fix Missing.Authorization MEDIUM" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gloria-assistant-by-webtronic-labs No.known.fix Cross-Site.Request.Forgery MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gf-salesmate-add-on 2.0.4 Unauthenticated.SQL.Injection HIGH" "gf-salesmate-add-on 2.0.4 Missing.Authorization MEDIUM" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "gutentor 3.5.3 Missing.Authorization MEDIUM" "gutentor No.known.fix Missing.Authorization MEDIUM" "gutentor 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "gutentor 3.5.0 Contributor+.Stored.XSS MEDIUM" "gutentor 3.4.7 Admin+.SQL.Injection MEDIUM" "gutentor 3.4.4 Contributor+.Stored.XSS MEDIUM" "gutentor 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "google-1 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "gs-pinterest-portfolio 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "green-money-payment-gateway 3.0.10 3.0.9.-.Unauthenticated.Information.Exposure MEDIUM" "google-maps-gpx-viewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gb-forms-db 1.0.3 Unauthenticated.Remote.Code.Execution CRITICAL" "gutenbee 2.18.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gravitec-net-web-push-notifications 2.9.18 Missing.Authorization MEDIUM" "google-plus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gn-xml-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gf-salesforce-crmperks 1.5.2 Unauthenticated.PHP.Object.Injection HIGH" "gf-salesforce-crmperks 1.4.8 Open.Redirect MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "glasses-for-woocommerce No.known.fix Reflected.Cross-Site.Scipting MEDIUM" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Access.Code.Update.via.CSRF MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "getwid 2.1.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "getwid 2.0.12 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "getwid 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "gocache-cdn No.known.fix Missing.Authorization MEDIUM" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "giga-messenger-bots No.known.fix Reflected.XSS HIGH" "gf-hubspot 1.2.6 Open.Redirect MEDIUM" "gf-hubspot 1.2.7 Unauthenticated.PHP.Object.Injection HIGH" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "gotcha-gesture-based-captcha No.known.fix Reflected.Cross-Site.Scripting.via.menu.Parameter MEDIUM" "gdpr-consent-manager 1.0.1 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-cse No.known.fix Admin+.Stored.XSS LOW" "genesis-style-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geoip-detect 5.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graceful-email-obfuscation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-custom-links 2.2.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gou-wc-account-tabs 1.0.1.9 Missing.Authorization MEDIUM" "greencon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gd-mail-queue 4.4 Reflected.Cross-Site.Scripting MEDIUM" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "goracash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gf-zendesk 1.1.3 Open.Redirect MEDIUM" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "gyan-elements 2.2.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gift-certificate-creator No.known.fix Reflected.Cross-Site.Scripting.via.receip_address.Parameter MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "gdpr-cookie-consent 4.1.3 Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "gdpr-cookie-consent 4.0.4 Missing.Authorization MEDIUM" "gdpr-cookie-consent 4.0.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gdpr-cookie-consent 4.0.8 Missing.Authorization MEDIUM" "gdpr-cookie-consent 4.0.4 Missing.Authorization MEDIUM" "gdpr-cookie-consent 3.8.1 Cross-Site.Request.Forgery MEDIUM" "gdpr-cookie-consent 3.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Whitelist.Script MEDIUM" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gs-envato-portfolio No.known.fix Missing.Authorization MEDIUM" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "grid 2.3.2 Cross-Site.Request.Forgery MEDIUM" "gspeech 3.18.0 Authenticated.(Admin+).SQL.injection MEDIUM" "gs-projects 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gestion-tarifs No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gallery-photo-gallery 6.4.9 Cross-Site.Request.Forgery.to.Bulk.Actions MEDIUM" "gallery-photo-gallery 6.3.9 Contributor+.Stored.XSS MEDIUM" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "gift-voucher 4.5.0 Missing.Authorization.to.Unauthenticated.Price,.Date,.and.Note.Updates MEDIUM" "gift-voucher 4.4.5 Author+.Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "git-sync No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "ga-germanized 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "googlemapper-2 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-sphinx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "group-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery 2.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gutena-forms 1.6.1 Authenticated.(Contributor+).Limited.Options.Update.in.save_gutena_forms_schema() MEDIUM" "gutena-forms 1.6.1 Contributor+.Arbitrary.Limited.Options.Update MEDIUM" "game-users-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.themeNameId.Parameter HIGH" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "gutenberg 21.9.0 21.8.-.Contributor+.Stored.XSS MEDIUM" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenbergs.wordpress/url.package MEDIUM" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "geolocator No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "geocache-stat-bar-widget No.known.fix Admin+.Stored.XSS LOW" "gpp-slideshow No.known.fix Missing.Authorization MEDIUM" "google-captcha 1.79 CAPTCHA.Bypass MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-transliteration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "gravityforms 2.9.29 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Form.Title MEDIUM" "gravityforms 2.9.23.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gravityforms 2.9.22 Unauthenticated.Arbitrary.File.Upload.via.Legacy.Chunked.Upload HIGH" "gravityforms 2.9.21 2.9.20.-.Unauthenticated.Arbitrary.File.Upload.via.'copy_post_image' HIGH" "gravityforms 2.9.13 Malware.Compromise CRITICAL" "gravityforms 2.9.2 2.9.1.3.-.Unauthenticated.Stored.Cross-Site.Scripting.via.'style_settings'.parameter MEDIUM" "gravityforms 2.9.2 Unauthenticated.Stored.Cross-Site.Scripting.via.'alt'.parameter HIGH" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "gallery-with-thumbnail-slider No.known.fix Contributor+.DOM-Based.Stored.XSS.via.lightGallery.Library MEDIUM" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "guest-support 1.3.0 Unauthenticated.User.Email.Disclosure.in.guest_support_handler.AJAX.Endpoint MEDIUM" "guest-support 1.2.3 Missing.Authorization.to.Unauthenticated.Ticket.Deletion MEDIUM" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "geodigs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gf-constant-contact 1.1.3 Unauthenticated.PHP.Object.Injection HIGH" "gf-constant-contact 1.1.1 Open.Redirect MEDIUM" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "google-drive-wp-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-woo-brands 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "google-maps-travel-route No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "gianism No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gianism 5.2.1 Admin+.Stored.XSS LOW" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "groundhogg 4.2.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "groundhogg 4.2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "groundhogg 4.2.2.1 Authenticated.(Sales.Representative+).PHP.Object.Injection HIGH" "groundhogg 4.2.2 Authenticated.(Sales.Rep+).Arbitrary.File.Upload HIGH" "groundhogg 4.1.2 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "groundhogg 4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.label.Parameter MEDIUM" "groundhogg 3.7.3.6 Authenticated.(Author+).Arbitrary.File.Upload.via.gh_big_file_upload.Function HIGH" "groundhogg 3.7.3.4 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 2.0.9.11 Authenticated.Reflected.XSS HIGH" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "gdpr-framework 2.2.0 Admin+.Stored.XSS LOW" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "gozen-forms No.known.fix Unauthenticated.SQL.Injection.via.dirGZActiveForm() HIGH" "gozen-forms No.known.fix Unauthenticated.SQL.Injection.via.emdedSc() HIGH" "guardgiant No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gutenverse 3.3.0 Missing.Authorization MEDIUM" "gutenverse 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.and.Fun.Fact.Blocks MEDIUM" "gutenverse 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.countdown.Block MEDIUM" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "gf-freshdesk 1.3.6 Unauthenticated.Open.Redirect MEDIUM" "gf-freshdesk 1.3.6 Unauthenticated.PHP.Object.Injection HIGH" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "giveaway-boost No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gpx-viewer 2.2.12 Editor+.Path.Traversal LOW" "gpx-viewer 2.2.10 Subscriber+.Arbitrary.File.Creation HIGH" "gf-insightly 1.1.7 Unauthenticated.PHP.Object.Injection HIGH" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "gap-hub-user-role No.known.fix Cross-Site.Request.Forgery MEDIUM" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "grandrestaurant-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "geeky-bot 1.1.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "gmo-font-agent No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-instagram-portfolio No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Injection MEDIUM" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "gravity-forms-css-themes-with-fontawesome-and-placeholder-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "gmap-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-multi-uploader 1.1.8 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "gf-multi-uploader 1.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "genealogical-tree No.known.fix Contributor+.Stored.XSS MEDIUM" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "goodlayers-core 2.1.7 Authenticated.(Contributor+).Privilege.Escalation MEDIUM" "goodlayers-core 2.1.3 Subscriber+.Stored.XSS.via.SVG.Upload HIGH" "goodlayers-core 2.0.10 Contributor+.Stored.XSS MEDIUM" "goodlayers-core 2.0.8 Reflected.Cross-Site.Scripting.via.'font-family' MEDIUM" "gift-cards-for-woocommerce-pro 2.9.2 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf2pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gsheetconnector-gravity-forms 1.3.28 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "gsheetconnector-gravity-forms 1.3.24 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation/Deactivation LOW" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "google-earth-tours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-forminator 1.0.13 Reflected.XSS HIGH" "global-dns 3.1.1 Unauthenticated.Remote.Code.Execution CRITICAL" "gravity-forms-icontact No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gallery-voting 1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "gallerio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallerio No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "get-youtube-subs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.subscribe_link_att.Function MEDIUM" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "gAppointments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "gsheetconnector-ninja-forms 2.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).System.Information.Exposure MEDIUM" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "geodatasource-country-region-dropdown 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gravitate-automated-tester No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gs-logo-slider 3.7.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "gs-logo-slider 3.7.1 Settings.Update.via.Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "gutenverse-form 2.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gutenverse-form 2.3.2 Missing.Authorization MEDIUM" "gutenverse-form 2.3.0 Missing.Authorization MEDIUM" "gamipress 7.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Exposure MEDIUM" "gamipress 7.4.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "gamipress 7.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_do_shortcode().Function HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_ajax_get_logs.Function HIGH" "gamipress 7.3.2 Unauthenticated.SQL.Injection.via.orderby.Parameter HIGH" "gamipress 7.1.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_get_user_earnings HIGH" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "gp-back-to-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "ghostkit 3.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ghostkit 3.4.2 Unauthenticated.Local.File.Inclusion HIGH" "g-ffl-checkout 2.1.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gs-portfolio 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "gift-message-for-woocommerce 1.7.9 Cross-Site.Request.Forgery MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gf-zoho 1.2.9 Open.Redirect MEDIUM" "gf-zoho 1.3.0 Unauthenticated.PHP.Object.Injection HIGH" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "gb-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gb-gallery-slideshow No.known.fix Missing.Authorization MEDIUM" "gallery-widget No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "godam 1.4.7 Missing.Authorization MEDIUM" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "golf-tracker No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gearside-developer-dashboard No.known.fix Reflected.XSS HIGH" "geopost No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getresponse-official 1.5.4 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "getresponse-official 1.5.4 Missing.Authorization MEDIUM" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "gaxx-keywords No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting HIGH" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "gumlet-video 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutensee 1.0.7 Contributor+.Stored.XSS MEDIUM" "good-url-preview-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "gtg-advanced-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gsheetconnector-wpforms 4.0.2 Subscriber+.Arbitrary.Plugin.Installation HIGH" "gsheetconnector-wpforms 4.0.1 Missing.Authorization MEDIUM" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "genesis-club-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-map-on-postpage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.12 Google.Website.Translator.<.1.4.12.-.Authenticated.(Admin+).PHP.Object.Injection CRITICAL" "google-adsense-for-responsive-design-gard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.4.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "garden-gnome-package 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "glofox-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "gallery-and-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "hash-form 1.2.9 Cross-Site.Request.Forgery MEDIUM" "hash-form 1.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Form.Style.Creation MEDIUM" "hash-form 1.2.0 Drag.&.Drop.Form.Builder.<.1.2.0.-.Unauthenticated.Limited.File.Upload MEDIUM" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "helloprint No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Order.Status.Modification MEDIUM" "helloprint 2.1.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "helloprint 2.1.0 Subscriber+.Arbitrary.File.Deletion HIGH" "helloprint 2.0.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "homey-core 2.4.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "homey-core 2.4.4 Missing.Authorization MEDIUM" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "handtalk 6.2 Admin+.Stored.XSS LOW" "haxcan No.known.fix CSRF.Bypass MEDIUM" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "helloasso 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hover-video-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "happy-helpdesk-support-ticket-system 1.0.9 Missing.Authorization MEDIUM" "happy-helpdesk-support-ticket-system 1.0.10 Missing.Authorization MEDIUM" "happy-helpdesk-support-ticket-system 1.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Ticket.Reply MEDIUM" "happy-helpdesk-support-ticket-system 1.0.8 Unauthenticated.Remote.Code.Execution CRITICAL" "happy-helpdesk-support-ticket-system 1.0.7 Missing.Authorization MEDIUM" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "header-footer-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "horizontal-line-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hotelrunner No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hotelrunner No.known.fix Cross-Site.Request.Forgery MEDIUM" "hls-player 1.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "htaccess-ip-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "hmapsprem No.known.fix Customizable.Google.Maps.Plugin.<=.2.3.9.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hb-audio-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html-social-share-buttons 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "hello-in-all-languages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "hyperlink-group-block 2.0.2 Contributor+.Stored.XSS MEDIUM" "hyperlink-group-block 1.17.6 Contributor+.Stored.XSS MEDIUM" "heureka No.known.fix Missing.Authorization MEDIUM" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "hypercomments No.known.fix Unauthenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "happiness-reports-for-help-scout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hd-quiz 2.0.10 Missing.Authorization MEDIUM" "hd-quiz 2.0.0 Editor+.Stored.XSS LOW" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "https-links-in-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ht-mega-for-wpbakery 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-mega-for-wpbakery 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-virtual-classroom 2.2 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-from-front-end No.known.fix Cross-Site.Request.Forgery MEDIUM" "hdforms No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hunk-companion 1.9.0 Unauthenticated.Plugin.Installation CRITICAL" "hunk-companion 1.8.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "horizontal-scroll-image-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "highlight 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "header-and-footer-scripts 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hyp3rl0cal-city-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "handl-utm-grabber 2.8.1 Reflected.XSS.via.utm_source HIGH" "handl-utm-grabber 2.8.1 Reflected.XSS.via.handl_landing_page HIGH" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "hospital-doctor-directory No.known.fix Missing.Authorization MEDIUM" "hospital-doctor-directory No.known.fix Subscriber+.Privilege.Escalation HIGH" "hospital-doctor-directory No.known.fix Missing.Authorization MEDIUM" "html5-video-player-with-playlist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hide-links No.known.fix Unauthenticated.Shortcode.Execution MEDIUM" "hesabfa-accounting No.known.fix Cross-Site.Request.Forgery MEDIUM" "hesabfa-accounting No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "hesabfa-accounting 2.2.0 Cross-Site.Request.Forgery MEDIUM" "hesabfa-accounting 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "hello-event-widgets-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "homefix-ele-portfolio No.known.fix Missing.Authorization MEDIUM" "hm-testimonial 1.5 Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hackrepair-plugin-archiver 3.1.1 Cross-Site.Request.Forgery.to.Arbitrary.Directory.Deletion.in./wp-content MEDIUM" "hackrepair-plugin-archiver 3.1.1 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "html5-video-player 2.5.36 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.heading.Parameter MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "hercules-core No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "hero-banner-ultimate 1.4.5 Author+.Local.File.Inclusion HIGH" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "ht-event No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.HT.Event:.Sponsor MEDIUM" "ht-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "houzez-crm 1.5.0 Missing.Authorization MEDIUM" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "ht-contactform 2.1.0 Authenticated.(Administrator+).Local.File.Inclusion MEDIUM" "ht-contactform 2.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ht-contactform 2.2.2 Directory.Traversal.to.Arbitrary.File.Move CRITICAL" "ht-contactform 2.2.2 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "ht-contactform 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "heat-trackr 1.01 XSS MEDIUM" "hacklog-downloadmanager No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "house-manager No.known.fix Reflected.XSS HIGH" "hm-portfolio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "head-meta-data 20260105 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "head-meta-data 20251118 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hide-real-download-path No.known.fix Cross-Site.Request.Forgery MEDIUM" "hospital-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "hospital-management No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "hospital-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hospital-management No.known.fix Unauthenticated.SQL.Injection HIGH" "hospital-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "hospital-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "history-collection No.known.fix Arbitraty.File.Download HIGH" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "ht-team-member 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-team-member 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htteamember.Shortcode MEDIUM" "htaccess-file-editor 1.0.20 Unauthenticated.Information.Exposure MEDIUM" "htaccess-file-editor 1.0.19 Missing.Authorization MEDIUM" "hammas-calendar 1.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'apix'.Shortcode.Attribute MEDIUM" "hacklog-remote-attachment No.known.fix Cross-Site.Request.Forgery MEDIUM" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "helpgent No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "header-images-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "hub-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "hummingbird-performance 3.18.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.File HIGH" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "hover-image-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "help-scout 6.5.7 Missing.Authorization MEDIUM" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation.in.homey_register CRITICAL" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "hd-quiz-save-results-light 0.6 Missing.Authorization MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "hockeydata-los No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "hippoo 1.7.2 Missing.Authorization.to.Unauthenticated.Limited.File.Write MEDIUM" "hippoo 1.7.2 Unauthenticated.Arbitrary.File.Read HIGH" "hello-world 2.2.0 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "hack-info 3.18 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "homerunner-smartcheckout 1.0.31 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "hide-my-wp 5.4.02 Unauthenticated.Local.File.Inclusion HIGH" "hide-my-wp 5.4.02 Unauthenticated.Limited.File.Read MEDIUM" "hide-my-wp 5.4.01 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.3.02 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "hash-elements 1.5.1 Contributor+.Stored.XSS MEDIUM" "hash-elements 1.4.8 Missing.Authorization.to.Unauthenticated.Draft.Post.Title.Exposure MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "hrm No.known.fix 2.2.17.-.Missing.Authorization.to.Authenticated.(Employee+).Privilege.Escalation.via.wp_ajax_hrm_insert_employee.AJAX.Action HIGH" "hrm No.known.fix 2.2.17.-.Missing.Authorization.to.Authenticated.(Employee+).Arbitrary.User.Deletion.via.ajax_delete_employee.Function MEDIUM" "hrm 2.2.6 Multiple.Issues HIGH" "hotlink2watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hostfact-bestelformulier-integratie 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.5.2 Missing.Authorization MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "hq-rental-software No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "huger-elementor No.known.fix Missing.Authorization MEDIUM" "health-check No.known.fix Authenticated.(Admin+).Path.Traversal LOW" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "headinger-elementor No.known.fix Missing.Authorization MEDIUM" "hq60-fidelity-card No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hls-crm-form-shortcode No.known.fix Unauthenticated.Settings.Reset MEDIUM" "hmh-footer-builder-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "hide-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hide-it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "houzez-property-feed 2.5.5 Unauthenticated.Arbitrary.File.Download HIGH" "houzez-property-feed 2.4.22 Cross-Site.Request.Forgery.to.Property.Feed.Export.Deletion MEDIUM" "hipaatizer 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "huzzaz-video-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html-forms 1.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "html-forms 1.5.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "html-forms 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html-forms 1.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "html-forms 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "happy-elementor-addons 3.21.1 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Duplication.via.'post_id'.Parameter LOW" "happy-elementor-addons 3.21.1 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Conditions MEDIUM" "happy-elementor-addons 3.20.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'_elementor_data'.Meta.Field MEDIUM" "happy-elementor-addons 3.20.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "happy-elementor-addons 3.20.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "happy-elementor-addons 3.20.4 Missing.Authorization MEDIUM" "happy-elementor-addons 3.12.3 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.16.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.15.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison MEDIUM" "happy-elementor-addons 3.12.4 Missing.Authorization MEDIUM" "happy-elementor-addons 3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "hslide No.known.fix WordPress.Slider.Plugin.<=.1.3.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hpbseo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "horoscope-and-tarot 1.3.1 Contributor+.Stored.XSS MEDIUM" "hack-me-if-you-can No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hms-testimonials 2.0.11 CSRF MEDIUM" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "houzez-theme-functionality 4.2.7 Functionality.<.4.2.7.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "houzez-theme-functionality 4.2.0 Functionality.<.4.2.0.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "houzez-theme-functionality 4.2.0 Functionality.<.4.2.0.-.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "houzez-theme-functionality 4.2.0 Functionality.<.4.2.0.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "houzez-theme-functionality 4.1.4 Functionality.<.4.1.4.-.Missing.Authorization MEDIUM" "houzez-theme-functionality 4.1.4 Functionality.<.4.1.4.-.Subscriber+.Arbitrary.File.Download MEDIUM" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hoo-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "hurrytimer 2.14.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hurrytimer 2.14.0 Missing.Authorization MEDIUM" "hurrytimer 2.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Name MEDIUM" "hurrytimer 2.11.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Publication MEDIUM" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Directory.Deletion MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hitpay-payment-gateway 4.1.4 Information.Exposure.via.Log.Files MEDIUM" "html5-audio-player 2.5.2 2.5.1.-.Unauthenticated.Server-Side.Request.Forgery HIGH" "html5-audio-player 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "html5-lyrics-karaoke-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hacklog-remote-image-autosave No.known.fix Cross-Site.Request.Forgery MEDIUM" "htaccess-login-block No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "halfdata-optin-downloads No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "header-and-footer-script-adder 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "houzez-login-register 3.3.0 Subscriber+.Privilege.Escalation.via.Account.Takeover HIGH" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "hot-random-image 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link.Parameter MEDIUM" "hot-random-image 1.9.3 Path.Traversal.to.Authenticated.(Contributor+).Limited.Arbitrary.Image.Access.via.path.Parameter MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hide-plugins No.known.fix Missing.Authorization MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hola-free-video-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 2.5.0 Author+.Stored.XSS MEDIUM" "header-footer-elementor 2.4.7 Subscriber+.Limited.Settings.Update MEDIUM" "header-footer-elementor 1.6.47 Contributor+.Stored.XSS.via.Page.Title.Widget MEDIUM" "header-footer-elementor 1.6.46 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "header-footer-elementor 1.6.44 Authenticated.(Contributor+).Information.Disclosure.via.Shortcode MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "happyforms 1.26.3 Admin+.Stored.XSS LOW" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "ht-builder 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hurrakify 8.0.1 Unauthenticated.Server-Side.Request.Forgery HIGH" "hostel 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.9 Admin+.Stored.XSS LOW" "hostel 1.1.5.8 Reflected.XSS MEDIUM" "hostel 1.1.5.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "hostel 1.1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "hypotext No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hblpay-payment-gateway-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting.via.'cusdata'.Parameter MEDIUM" "highlight-and-share 5.3.0 Missing.Authorization MEDIUM" "highlight-and-share 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-chat 1.08 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-mega-for-elementor 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tag.Attribute.Injection MEDIUM" "ht-mega-for-elementor 2.9.2 Improper.Authorization.to.Authenticated.(Contributor+).Limited.Administrator.Actions MEDIUM" "ht-mega-for-elementor 2.9.1 Missing.Authorization MEDIUM" "ht-mega-for-elementor 2.9.2 Authenticated.(Author+).Path.Traversal.to.Limited.Arbitrary.CSS.File.Actions MEDIUM" "ht-mega-for-elementor 2.9.2 Author+.Sensitive.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.8.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget HIGH" "ht-mega-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block_css.and.inner_css MEDIUM" "ht-mega-for-elementor 2.6.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.template_id MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hotspots No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hebrewdates 2.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hive-support 1.2.6 Authenticated.(Subscriber+).Missing.Authorization.via.hs_update_ai_chat_settings.and.hive_lite_support_get_all_binbox HIGH" "hive-support 1.2.6 Cross-Site.Request.Forgery.via.hs_update_ai_chat_settings.Function MEDIUM" "hive-support 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "hive-support 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "hive-support No.known.fix Subscriber+.Stored.XSS HIGH" "hive-support 1.2.6 Missing.Authorization MEDIUM" "hive-support 1.2.6 Missing.Authorization MEDIUM" "hive-support 1.1.7 Missing.Authorization MEDIUM" "hive-support 1.1.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hive-support 1.1.3 Cross-Site.Request.Forgery MEDIUM" "hive-support 1.1.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "hide-text-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "h5p 1.16.2 Missing.Authorization MEDIUM" "h5p 1.16.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "host-php-info No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "history-log-by-click5 No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "history-log-by-click5 No.known.fix Unauthenticated.SQL.Injection HIGH" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "helpdesk-contact-form 1.1.6 Cross-Site.Request.Forgery.to.Settings.Update.via.handle_query_args MEDIUM" "hyve-lite 1.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "heateor-social-login No.known.fix Cross-Site.Request.Forgery MEDIUM" "heateor-social-login 1.1.36 Authentication.Bypass HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "hotel-listing No.known.fix Missing.Authorization MEDIUM" "hotel-listing No.known.fix Missing.Authorization MEDIUM" "hotel-listing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hotel-listing No.known.fix Subscriber+.Privilege.Escalation HIGH" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "html-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "handmade-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "handmade-framework No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "heateor-login 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hits-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "hcv4-payment-gateway 2.0.0 Unauthenticated.SQL.Injection HIGH" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "headline-analyzer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "hidepost No.known.fix Cross-Site.Request.Forgery MEDIUM" "hidepost No.known.fix Cross-Site.Request.Forgery MEDIUM" "holiday-class-post-calendar 7.2 Unauthenticated.Remote.Code.Execution.via.'contents' CRITICAL" "helpie-faq 1.46 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "helpie-faq 1.28 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "ht-instagram 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "hr-management-lite No.known.fix Missing.Authorization MEDIUM" "hr-management-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "hellofollowers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hydra-booking 1.1.33 Unauthenticated.Privilege.Escalation CRITICAL" "hydra-booking 1.1.33 Authenticated.(Custom.role+).SQL.Injection MEDIUM" "hydra-booking 1.1.28 Unauthenticated.Arbitrary.Booking.Cancellation.via.Weak.Hash.Generation MEDIUM" "hydra-booking 1.1.28 Unauthenticated.Payment.Bypass MEDIUM" "hydra-booking 1.1.19 1.1.18.-.Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation.via.tfhb_reset_password_callback.Function HIGH" "hydra-booking 1.1.10 Missing.Authorization MEDIUM" "hydra-booking 1.1.11 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hydra-booking 1.1.11 Authenticated.(Contributor+).SQL.Injection MEDIUM" "hestia-nginx-cache 2.4.1 Missing.Authorization MEDIUM" "hss-embed-streaming-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "huurkalender-wp 1.6.0 Contributor+.Stored.XSS MEDIUM" "hide-categories-or-products-on-shop-page No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "hide-wp-toolbar No.known.fix Missing.Authorization MEDIUM" "hybrid-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "horizontal-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "hm-cool-author-box-widget 3.0.1 Cross-Site.Request.Forgery MEDIUM" "hm-cool-author-box-widget 3.0.0 Missing.Authorization MEDIUM" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "hashtagger No.known.fix Missing.Authorization MEDIUM" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "history-timeline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "h5pxapikatchu 0.4.18 Unauthenticated.Stored.Cross-Site.Scripting.via.insert_data HIGH" "h5pxapikatchu 0.4.15 Missing.Authorization MEDIUM" "hivepress-claim-listings 1.1.4 Missing.Authorization MEDIUM" "hivepress-claim-listings No.known.fix Missing.Authorization MEDIUM" "hide-category-by-user-role-for-woocommerce 2.3.2 Missing.Authorization.to.Unauthenticated.Cache.Flushing MEDIUM" "hide-category-by-user-role-for-woocommerce 2.2 Subscriber+.Arbitrary.Content.Deletion MEDIUM" "ht-slider-for-elementor 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-slider-for-elementor 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "header-footer 3.3.1 Authenticated.(Administrator+).PHP.Code.Injection.in.Multisite.Environments MEDIUM" "heartland-management-terminal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hiweb-export-posts No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "hamburger-icon-menu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "hover-effects 2.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 2.0 Privilege.Escalation.to.Administrator.via.save_extra_user_profile_fields MEDIUM" "import-users-from-csv-with-meta 1.27.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "import-users-from-csv-with-meta 1.27.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.2.4 Unauthenticated.PHP.Object.Injection.via.verify_field_val.Function CRITICAL" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "infusionsoft-official-opt-in-forms 2.0.2 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "infusionsoft-official-opt-in-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "infusionsoft-official-opt-in-forms 1.0.12 Admin+.Stored.XSS LOW" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "infunding No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inspectlet-heatmaps-and-user-session-recording No.known.fix User.Session.Recording.and.Heatmaps.<=.2.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Post.Title.Update MEDIUM" "image-gallery 1.3.0 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "ideapush 8.73 Missing.Authorization MEDIUM" "ideapush 8.72 Missing.Authorization.to.Board.Term.Deletion MEDIUM" "ideapush 8.71 Cross-Site.Request.Forgery MEDIUM" "ideapush 8.69 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "improved-sale-badges-free-version No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "interactive-uk-map 3.4.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "image-viewer 1.0.3 Unauthenticated.Server-Side.Request.Forgery.via.image-proxy.Endpoint HIGH" "integrate-firebase 0.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-carousel-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "integrate-google-drive No.known.fix Missing.Authorization MEDIUM" "integrate-google-drive 1.5.4 Unauthenticated.Sensitive.Information.Exposure HIGH" "integrate-google-drive 1.5.3 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-headers-and-footers-script 1.1.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "insert-headers-and-footers-script 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "instant-chat-wp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ip2location-world-clock 1.1.10 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "inet-webkit No.known.fix Missing.Authorization MEDIUM" "inet-webkit 1.2.3 Missing.Authorization MEDIUM" "indieauth 4.5.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.Stolen.OAuth.Tokens HIGH" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "icestats No.known.fix Cross-Site.Request.Forgery MEDIUM" "inline-frame-iframe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "instantsearch-for-woocommerce 3.0.68 Subscriber+.Plugin.Deactivation MEDIUM" "instantsearch-for-woocommerce 3.0.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icegram 3.1.36 Missing.Authorization MEDIUM" "icegram 3.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.32 Author+.Stored.XSS MEDIUM" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "instant-breaking-news 1.0.1 Cross-Site.Request.Forgery MEDIUM" "integromat-connector 1.6.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "image-gallery-box-by-crudlab No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "inline-click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "isee-products-extractor 2.1.4 .Reflected.Cross-Site.Scripting HIGH" "intelly-posts-footer-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "intelly-posts-footer-manager 2.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "image-optimization 1.7.2 Missing.Authorization MEDIUM" "info-boxes-shortcode-and-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "issuu-panel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "images-optimizer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-maps 0.99 Cross-Site.Request.Forgery MEDIUM" "imagenius No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ig-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "instapage 3.7.1 Cross-Site.Request.Forgery MEDIUM" "insta-gallery 4.9.3 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "ifolders 1.5.1 Admin+.XSS MEDIUM" "infusionsoft-web-form-javascript No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imaq-core No.known.fix Cross-Site.Request.Forgery.to.URL.Structure.Update MEDIUM" "image-optimizer-wpssk No.known.fix Cross-Site.Request.Forgery.to.Bulk.Image.Optimization MEDIUM" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "infinite-scroll No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "infusionsoft-web-tracker No.known.fix Cross-Site.Request.Forgery MEDIUM" "infility-global No.known.fix Unauthenticated.SQL.Injection.via.Predictable.API.Key.and.IP.Whitelist.Bypass HIGH" "infility-global No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "infility-global No.known.fix Unauthenticated.SQL.Injection HIGH" "infility-global 2.14.43 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "infility-global No.known.fix Subscriber+.Arbitrary.File.Download HIGH" "infility-global 2.13.5 Reflected.Cross-Site.Scripting MEDIUM" "infility-global No.known.fix Reflected.Cross-Site.Scripting HIGH" "infility-global No.known.fix Subscriber+.SQL.Injection HIGH" "infility-global 2.9.9 Reflected.XSS HIGH" "infility-global 2.9.9 Reflected.XSS.via.set_type.Parameter HIGH" "infility-global 2.9.9 Subscriber+.Plugin.Settings.Update MEDIUM" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "increase-sociability No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "internal-links-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "invelity-sps-connect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "iworks-pwa 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "increase-upload-file-size-maximum-execution-time-limit 3.0 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "instant-appointment No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "instant-appointment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Unauthenticated.SQL.Injection HIGH" "iframe-wrapper No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ioncube-tester-plus 1.4 Unauthenticated.Arbitrary.File.Download CRITICAL" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "import-external-images No.known.fix CSRF MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.16.17 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.16.16 Lite.Edition.<.1.16.16.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.style.and.mode.Parameters MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-addon-for-elementor No.known.fix Missing.Authorization MEDIUM" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "intelly-welcome-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "immotoolbox-connect 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ione360-configurator No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form.Parameters HIGH" "ione360-configurator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-classify No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "image-alt-text 3.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Image.Alt.Text.Update MEDIUM" "ie-css3-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "islamic-phrases No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "institutions-directory No.known.fix Missing.Authorization MEDIUM" "institutions-directory No.known.fix Missing.Authorization MEDIUM" "institutions-directory No.known.fix Subscriber+.Privilege.Escalation HIGH" "institutions-directory 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "infinite-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-upload-for-bbpress 1.1.20 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "ider-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.28.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.29.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "ip2location-variables 2.9.6 Cross-Site.Request.Forgery MEDIUM" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "ip2location-redirection 1.33.4 Missing.Authorization.to.Unauthenticated.Settings.Export MEDIUM" "indeed-wp-superbackup 2.4 Reflected.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "indeed-wp-superbackup 2.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "indeed-wp-superbackup 2.4 Missing.Authorization MEDIUM" "indeed-wp-superbackup 2.4 Missing.Authorization.to.Unauthenticated.Back-Up.File.Download HIGH" "indeed-wp-superbackup 2.4 Migrate.for.WordPress.<.2.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "imagemeta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "imagemagick-engine 1.7.11 Administrator+.OS.Command.Injection MEDIUM" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "intelly-related-posts 3.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "interact-quiz-embed 3.2 Cross-Site.Request.Forgery MEDIUM" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "ithemelandco-woo-report 1.5.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "interactive-uk-regional-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "infugrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "ismobile 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.device.Parameter MEDIUM" "iamport-for-woocommerce 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "ird-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "images-optimize-and-upload-cf7 2.2.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "iwjob No.known.fix Missing.Authorization MEDIUM" "iwjob No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integration-of-zoho-crm-and-contact-form-7 No.known.fix Open.Redirect MEDIUM" "irobotstxt-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ichart 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "iframe-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "if-as-shortcode No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "invoice-payment-for-woocommerce 2.8.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Partial.Payment.Creation/Cancellation MEDIUM" "invoice-payment-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "immocaster No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "ip-loc8 No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "info-cards 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "info-cards 2.0.0 Missing.Authorization MEDIUM" "info-cards 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon-list-block 1.2.2 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "icon-list-block 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ipaymu-for-woocommerce 2.0.3 Missing.Authentication.to.Unauthenticated.Payment.Bypass.and.Order.Information.Disclosure HIGH" "ip-locator 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-widget 4.4.11 Admin+.Stored.XSS LOW" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "insert-php 2.5.1 Woody.code.snippets..Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php 2.5.1 Admin+.Stored.XSS MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ignitiondeck No.known.fix Missing.Authorization MEDIUM" "ignitiondeck 1.10.0 Missing.Authorization MEDIUM" "indieblocks 0.13.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.kind.Parameter MEDIUM" "indieblocks 0.13.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "inline-footnotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.17 Reflected.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "irm-newsroom 1.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmcalendarview'.Shortcode MEDIUM" "irm-newsroom 1.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmeventlist'.Shortcode MEDIUM" "irm-newsroom 1.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'irmflat'.Shortcode MEDIUM" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "inseri-core No.known.fix Missing.Authorization MEDIUM" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "include-mastodon-feed 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-mastodon-feed 1.9.6 Contributor+.Stored.XSS MEDIUM" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "icons-enricher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "igumbi-online-booking 1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.5 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "iteras 1.8.1 Stored.XSSS.via.CSRF HIGH" "internal-link-builder No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin's.Settings MEDIUM" "internal-link-builder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "immonex-kickstart-team 1.7.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'api'.and.'type' MEDIUM" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "import-facebook-events 1.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "i-plant-a-tree 1.7.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "i-plant-a-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ims-countdown 1.3.6 Contributor+.Stored.XSS MEDIUM" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "integrations-of-zoho-crm-with-elementor-form No.known.fix Open.Redirect MEDIUM" "image-cleanup No.known.fix Missing.Authorization MEDIUM" "image-cleanup No.known.fix Unauthenticated.Information.Exposure MEDIUM" "image-cleanup No.known.fix Cross-Site.Request.Forgery MEDIUM" "icount No.known.fix Missing.Authorization MEDIUM" "include-url No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "include-url No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "import-from-yml 4.0.0 Reflected.Cross-Site.Scripting MEDIUM" "integration-for-contact-form-7-and-google-sheets 1.1.2 Unauthenticated.PHP.Object.Injection.via.verify_field_val.Function CRITICAL" "integration-for-contact-form-7-and-google-sheets 1.1.0 Cross-Site.Request.Forgery MEDIUM" "indeed-api No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "insertify No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "image-mapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inline-svg-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "instagram-feed 6.9.1 Contributor+.Stored.XSS.via.'data-plugin'.Attribute MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "interactions 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-with-description No.known.fix Cross-Site.Request.Forgery MEDIUM" "in-stock-mailer-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "intelligent-importer No.known.fix Unauthenticated.PHP.Code.Injection HIGH" "intelligent-importer 5.1.4 Reflected.Cross-Site.Scripting MEDIUM" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "interactive-page-hierarchy No.known.fix Missing.Authorization MEDIUM" "intelliwidget-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ideal-wp-login-logo-changer 1.1.8 Cross-Site.Request.Forgery MEDIUM" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "inline-text-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "innovs-woo-manager No.known.fix Missing.Authorization MEDIUM" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "inventory-presser 15.2.7 Admin+.Stored.XSS LOW" "internal-link-shortcode No.known.fix Unauthenticated.SQL.Injection HIGH" "insert-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "interview No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "iframe-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "indianic-testimonial No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "inlocation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "interactive-medical-drawing-of-human-body No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "implied-cookie-consent No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-map-pro 6.0.21 Missing.Authorization.to.Authenticated.(Contributor+).Map.Project.Add/Update/Delete MEDIUM" "image-map-pro 6.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "import-users-to-mailchimp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "interactive-map-of-florida No.known.fix Missing.Authorization MEDIUM" "iamport-payment No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indeed-learning-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "indeed-learning-pro No.known.fix Authenticated.(Instructor+).Arbitrary.Content.Deletion MEDIUM" "indeed-learning-pro No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "issuupress No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-export No.known.fix Directory.Traversal CRITICAL" "ithoughts-advanced-code-editor No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "image-wall 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-wall 3.1 Reflected.Cross-Site.Scripting MEDIUM" "inboxify-sign-up-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "interactive-map-of-africa No.known.fix Cross-Site.Request.Forgery MEDIUM" "invisible-optin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ibtana-ecommerce-product-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "include-file No.known.fix Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "include-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icafe-library No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "import-cdn-remote-images 2.1.3 Cross-Site.Request.Forgery MEDIUM" "inactive-logout 3.6.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "ics-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS LOW" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS.via.Widgets LOW" "instagram-slider-widget 2.2.5 Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "import-export-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "import-export-for-woocommerce No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "import-export-for-woocommerce No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "improve-my-city No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "image-sizes-controller No.known.fix Missing.Authorization MEDIUM" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "interactive-geo-maps 1.6.25 Reflected.Cross-Site.Scripting HIGH" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "infographic-and-list-builder-ilist 5.0.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "immonex-kickstart 1.11.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "imwptip No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "integration-dynamics 1.3.24 Contributor+.RCE.and.Arbitrary.File.Read CRITICAL" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "image-caption-hover-pro 20.0 Missing.Authorization MEDIUM" "internal-linking-of-related-contents 1.1.9 Missing.Authorization MEDIUM" "icons-factory No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "integracao-entre-eduzz-e-wc-powers No.known.fix 1.7.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "image-shadow No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "ink-official No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "inlinkz-scripter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ipblocklist No.known.fix CSRF MEDIUM" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "idonate-pro No.known.fix Missing.Authorization MEDIUM" "idonate-pro No.known.fix Missing.Authorization MEDIUM" "idonate-pro No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "idonate-pro No.known.fix Missing.Authorization MEDIUM" "idonate-pro No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "idonate 2.1.0 2.1.9.-.Subscriber+.Account.Takeover/Privilege.Escalation HIGH" "idonate 2.1.16 Missing.Authorization MEDIUM" "idonate 2.1.16 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "idonate 2.1.10 2.1.9.-.Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion.via.admin_post_donor_delete.Function MEDIUM" "idonate 2.1.10 2.1.9.-.Subscriber+.Account.Takeover/Privilege.Escalation HIGH" "idonate 2.1.13 Unauthenticated.User.Deletion HIGH" "idonate 2.1.10 2.1.9.-.Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Disclosure.via.admin_donor_profile_view.Function MEDIUM" "idonate No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "idonate 2.0.0 Admin+.Stored.XSS LOW" "ibtana-visual-editor 1.2.5.2 Contributor+.DOM-Based.Stored.XSS.via.lightGallery.Library MEDIUM" "ibtana-visual-editor 1.2.5.4 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "ibtana-visual-editor No.known.fix Contributor+.Stored.XSS MEDIUM" "ibtana-visual-editor 1.2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "id-arrays No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "imager-elementor No.known.fix Missing.Authorization MEDIUM" "issuem 2.9.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "if-menu 0.19.2 Missing.Authorization.to.License.Key.Update MEDIUM" "idraw No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "injection-guard 1.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Query.Parameter.Name HIGH" "injection-guard 1.2.8 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "image-resizer-on-the-fly No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "ibuildapp No.known.fix Reflected.XSS HIGH" "image-hover-effects-elementor-addon 1.0.2.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Upload HIGH" "image-hover-effects-elementor-addon No.known.fix Contributor+.Stored.XSS MEDIUM" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "inline-stock-quotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock.Shortcode MEDIUM" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "indieweb 5.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.'Telephone'.Parameter MEDIUM" "inpost-gallery 2.1.4.6 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "inpost-gallery 2.1.4.4 Cross-Site.Request.Forgery MEDIUM" "inpost-gallery 2.1.4.3 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.inpost_gallery_get_shortcode_template MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "image-magnify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iats-online-forms No.known.fix Authenticated.(Contributor+).SQL.Injection.via.order.Parameter MEDIUM" "instabot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "integrate-dynamics-365-crm 1.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Field.Mapping.Configuration MEDIUM" "integrate-dynamics-365-crm 1.1.0 Missing.Authorization MEDIUM" "incredible-font-awesome No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insert-php-code-snippet 1.4.4 Missing.Authorization MEDIUM" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "iwp-client 1.13.1 Unauthenticated.Limited.Directory.Traversal.to.Arbitrary..txt.File.Reading MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "icon-widget-with-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "i3geek-baiduxzh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "iframe-to-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "ilogic-accessibility No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "inext-woo-pincode-checker No.known.fix Cross-Site.Request.Forgery MEDIUM" "imbachat-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "image-hover-effects-ultimate No.known.fix Contributor+.DOM-Based.Stored.XSS.via.lightGallery.Library MEDIUM" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "idealien-category-enhancements No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "ical-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "indeed-membership-pro 12.8 Unauthenticated.Privilege.Escalation CRITICAL" "indeed-membership-pro 12.8 Reflected.Cross-Site.Scripting HIGH" "indeed-membership-pro 12.8 Unauthenticated.PHP.Object.Injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "igit-related-posts-with-thumb-images-after-posts No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "inprosysmedia-likes-dislikes-post No.known.fix Unauthenticated.SQL.Injection HIGH" "inprosysmedia-likes-dislikes-post No.known.fix Unauthenticated.SQL.Injection HIGH" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this 3.9.1 CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "invelity-mygls-connect No.known.fix Cross-Site.Request.Forgery MEDIUM" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "ip2location-country-blocker 2.38.9 Unauthenticated.Information.Disclosure MEDIUM" "ip2location-country-blocker 2.38.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "instant-locations No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "infomaniak-connect-openid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "inline-tweets No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "image-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "irecco-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "integrate-contact-form-7-and-aweber 0.1.43 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Reset MEDIUM" "integrate-contact-form-7-and-aweber 0.1.43 Missing.Authorization MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "icegram-rainmaker 1.3.19 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "iphone-webclip-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ibryl-switch-user No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "interactivecalculator 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'id'.Shortcode.Attribute MEDIUM" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "instawp-connect 0.1.2.0 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.86 Unauthenticated.Local.PHP.File.Inclusion HIGH" "instawp-connect 0.1.0.83 Unauthenticated.Local.File.Inclusion CRITICAL" "instawp-connect 0.1.0.84 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "internal-link-finder 5.1.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "internal-link-finder 5.1.3 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "image-content-show-hover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ia-map-analytics-basic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "include-me 1.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "image-editor-by-pixo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-editor-by-pixo 2.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.download.Parameter MEDIUM" "import-products-to-wc No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "import-products-to-wc No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Product.Creation MEDIUM" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "image-comparison-elementor-addon 1.0.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Upload HIGH" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "imoney No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "insert-or-embed-articulate-content-into-wordpress 4.3000000026 Editor+.Arbitrary.File.Upload HIGH" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000025 Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress 4.30000000254.3000000025 Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "invition-print-ship No.known.fix Cross-Site.Request.Forgery MEDIUM" "invition-print-ship No.known.fix Unauthenticated.Path.Traversal MEDIUM" "isape No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "iconize No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "i-order-terms 1.5.1 Cross-Site.Request.Forgery MEDIUM" "image-horizontal-reel-scroll-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "import-youtube-videos-as-wp-post No.known.fix Missing.Authorization MEDIUM" "ip-based-login 2.4.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip-based-login 2.4.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip-based-login 2.4.1 Log.Deletion.via.CSRF MEDIUM" "ip-based-login 2.4.1 Admin+.Stored.XSS LOW" "iksweb 3.8 Admin+.Stored.XSS LOW" "intl-datetime-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.date.Parameter MEDIUM" "ixml No.known.fix Reflected.Cross-Site.Scripting.via.'iXML_email'.Parameter MEDIUM" "import-external-attachments No.known.fix Missing.Authorization MEDIUM" "import-external-attachments No.known.fix Cross-Site.Request.Forgery MEDIUM" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "integration-cds 2.81.1 2.81.-.Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation.via.reset_password_link.REST.Route HIGH" "icdsoft-reseller-store 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "infocob-crm-forms 2.4.1 Authenticated.(Editor+).Arbitrary.File.Download MEDIUM" "import-export-with-custom-rest-api No.known.fix 2.0.3.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.process_handler.Function CRITICAL" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "if-so 1.9.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "if-so 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "if-so 1.9.2.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.8.0.3 Contributor+.Shortcode.Stored.XSS MEDIUM" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-compare-block No.known.fix Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "import-eventbrite-events 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "image-slider-slideshow No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "instantio 3.3.17 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "instantio 3.3.8 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "instantio 1.2.6 CSRF.Bypass MEDIUM" "insert-html-here No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "imgspider No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "imithemes-listing 3.4 Unauthenticated.Privilege.Escalation.via.Unverified.Password.Reset CRITICAL" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "idx-broker-platinum 3.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idx-broker-platinum 3.2.3 Contributor+.Stored.XSS MEDIUM" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "interactive-us-map No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobbank No.known.fix Missing.Authorization MEDIUM" "jobbank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "jnews-gallery 12.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jt-express 2.0.15 Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "jobboardwp 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "jsp-store-locator No.known.fix Contributor+.SQL.Injection HIGH" "jsp-store-locator No.known.fix Deletion.via.Missing.CSRF MEDIUM" "jnews-pay-writer No.known.fix Pay.Writer.<=.11.0.0.-.Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "javascript-notifier 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jb-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jwp-a11y No.known.fix Admin+.Stored.XSS LOW" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jc-importer 2.14.18 Unauthenticated.Information.Exposure MEDIUM" "jc-importer 2.14.17 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "jc-importer 2.14.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "jet-tricks 1.5.4.2 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "jet-tricks 1.5.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tricks 1.5.1.1 Missing.Authorization MEDIUM" "jay-login-register 2.6.04 Authenticated.(Subscriber+).Privilege.Escalation.via.jay_panel_ajax_update_profile HIGH" "jay-login-register 2.6.04 Unauthenticated.Privilege.Escalation.via.jay_login_register_ajax_create_final_user CRITICAL" "jay-login-register 2.5.01 Authentication.Bypass.via.Cookie CRITICAL" "just-writing-statistics 5.4 Missing.Authorization MEDIUM" "just-writing-statistics 4.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "jnews-frontend-submit No.known.fix Frontend.Submit.<=.11.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "jinshuju No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-booking 4.0.3.1 Unauthenticated.SQL.Injection.via.'check_in_date'.Parameter HIGH" "joomsport-sports-league-results-management 5.7.4 Unauthenticated.Directory.Traversal.to.Local.File.Inclusion CRITICAL" "joomsport-sports-league-results-management 5.6.18 Reflected.Cross-Site.Scripting.via.page HIGH" "joomsport-sports-league-results-management 5.6.4 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jb-horizontal-scroller-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "jp-students-result-system-premium No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "js-vehicle-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "jibu-pro No.known.fix Stored.XSS MEDIUM" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "jet-popup 2.0.20.2 Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "jet-popup 2.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-popup 2.0.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-popup 2.0.15.1 Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "jet-popup 2.0.12 Missing.Authorization MEDIUM" "json-content-importer 2.0.10 Contributor+.Stored.XSS MEDIUM" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jet-compare-wishlist 1.5.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jupiterx-core 4.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "jupiterx-core 4.11.1 Contributor+.Stored.XSS MEDIUM" "jupiterx-core 4.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Inline.SVG MEDIUM" "jupiterx-core 4.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jupiterx-core 4.8.12 Unauthenticated.PHP.Object.Injection.via.PHAR HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "jupiterx-core 4.8.8 Authenticated.(Contributor+).SVG.Upload.to.Local.File.Inclusion.(Remote.Code.Execution) HIGH" "jupiterx-core 4.8.6 Missing.Authorization.to.Authenticated.Library.Sync MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Unauthenticated.Popup.Template.Export MEDIUM" "jupiterx-core 4.7.8 Limited.Unauthenticated.Authentication.Bypass.to.Account.Takeover HIGH" "jupiterx-core 4.6.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 4.6.9 Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "just-highlight No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'Highlight.Color'.Setting MEDIUM" "jlayer-parallax-slider-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "just-post-preview No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "joy-of-text No.known.fix Missing.Authorization MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "jobhunt-notifications No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jsm-show-post-meta 4.6.1 Missing.Authorization MEDIUM" "jet-blocks 1.3.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.19 Authenticated.(Subscriber+).Information.Disclsoure MEDIUM" "jet-blocks 1.3.19.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.16.1 Missing.Authorization MEDIUM" "jet-blocks 1.3.16.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "jkdevkit No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "jetwidgets-for-elementor 1.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison.and.Subscribe.Widgets MEDIUM" "jetwidgets-for-elementor 1.0.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "jetpack 14.1-a.1 Unauthenticated.DOM-XSS MEDIUM" "jetpack 13.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.4.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.2.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.0.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.3.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.5.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.6.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.0.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.3.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.8.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.7.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.9.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.3.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.1.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.5.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.0.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.8.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.2.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.7.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.7.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.4.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 3.9.10 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8 Contributor+.Stored.XSS MEDIUM" "jetpack 13.8 Unauthenticated.Arbitrary.Block.&.Shortcode.Execution MEDIUM" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "jet-woo-product-gallery 2.2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-woo-product-gallery 2.1.22.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blog 2.4.7.1 Missing.Authorization MEDIUM" "jet-blog 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blog 2.4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "jet-blog 2.4.3.1 Missing.Authorization MEDIUM" "jet-blog 2.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "jigoshop-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "jemployee No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "job-board-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "job-board-manager No.known.fix Authenticated.(Job.Poster+).Arbitrary.Shortcode.Execution MEDIUM" "job-board-manager 2.1.61 Missing.Authorization MEDIUM" "job-board-manager No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board-manager 2.1.60 Cross-Site.Request.Forgery MEDIUM" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "jalbum-bridge 2.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ar.Parameter MEDIUM" "justified-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-menu 2.4.11.2 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "jet-menu 2.4.9.1 Missing.Authorization MEDIUM" "jet-tabs 2.2.12.1 Missing.Authorization MEDIUM" "jet-tabs 2.2.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tabs 2.2.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tabs 2.2.9.1 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "jet-tabs 2.2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tabs 2.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jsfiddle-shortcode 1.1.3 Contributor+.XSS.via.Shortcode MEDIUM" "jnews-video No.known.fix Video.<=.11.0.2.-.Reflected.Cross-Site.Scripting MEDIUM" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jw-player-7-for-wp 2.3.4 Missing.Authorization MEDIUM" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "justclick-subscriber No.known.fix Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "jet-footer-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jf3-maintenance-mode 2.1.0 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "just-wp-variables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jetformbuilder 3.5.6.3 Unauthenticated.Arbitrary.File.Read.via.Media.Field HIGH" "jetformbuilder 3.5.4 Missing.Authorization.to.Unauthenticated.Form.Generation MEDIUM" "jetformbuilder 3.5.4 Missing.Authorization MEDIUM" "jetformbuilder 3.5.2 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "jet-reviews 3.0.0.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jet-reviews 2.3.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "javo-core No.known.fix Cross-Site.Request.Forgery MEDIUM" "javo-core No.known.fix Missing.Authorization MEDIUM" "javo-core No.known.fix Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "javo-core No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "javo-core 3.0.0.266 Unauthenticated.Privilege.Escalation.in.ajax_signup CRITICAL" "job-board 1.2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.$_GET.Array.Storage MEDIUM" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "jet-woo-builder 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-woo-builder 2.1.20.1 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "jet-woo-builder 2.1.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-woo-builder 2.1.18.1 Missing.Authorization MEDIUM" "jet-woo-builder 2.1.18.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "js-twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jetpack-debug-helper 2.0.1 Missing.Authorization MEDIUM" "jet-elements 2.7.12.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.7.1 Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "jet-elements 2.7.4.2 Missing.Authorization MEDIUM" "jet-elements 2.7.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "jnews-paywall 12.0.1 Cross-Site.Request.Forgery MEDIUM" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jeba-cute-forkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jma-youtube-playlists-with-schema No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.3 Unauthenticated.SQL.Injection.via.'js-support-ticket-token-tkstatus'.Cookie HIGH" "js-support-ticket 3.0.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "js-support-ticket 2.9.3 Missing.Authorization MEDIUM" "js-support-ticket 2.9.2 Unauthenticated.Arbitrary.File.Download HIGH" "js-support-ticket 2.9.3 Unauthenticated.SQL.Injection HIGH" "js-support-ticket 2.9.3 Unauthenticated.Local.File.Inclusion CRITICAL" "js-support-ticket 2.9.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "js-support-ticket 2.8.9 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "js-support-ticket 2.8.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "js-support-ticket 2.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "jobwp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "jobwp 2.4.4 Cross-Site.Request.Forgery MEDIUM" "jobwp 2.4.1 Cross-Site.Request.Forgery MEDIUM" "jobwp 2.4.0 Unauthenticated.SQL.Injection HIGH" "jobwp 2.4.0 Cross-Site.Request.Forgery MEDIUM" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "jet-skinner-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "justrows-free No.known.fix Reflected.XSS HIGH" "json-structuring-markup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "js-jobs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "js-jobs No.known.fix Unauthenticated.SQL.Injection HIGH" "js-jobs No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "js-jobs No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "js-jobs No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "js-jobs No.known.fix Authenticated.Insecure.Direct.Object.Reference MEDIUM" "js-jobs No.known.fix Missing.Authorization MEDIUM" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "jk-html-to-pdf No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "jetpack-feedback-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "jquery-drop-down-menu-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jannah-extensions 1.1.5 Extensions.<.1.1.5.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "jiangqie-official-website-mini-program No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "jobmonster-addon 1.1.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "job-board-light No.known.fix Unauthenticated.Information.Exposure MEDIUM" "job-board-light No.known.fix Missing.Authorization MEDIUM" "job-board-light No.known.fix Authenticated.(Employer+).Insecure.Direct.Object.Reference MEDIUM" "job-board-light 1.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "just-tinymce-styles No.known.fix Cross-Site.Request.Forgery MEDIUM" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "jetpackcrm-ext-woo-connect 2.13 Unauthorized.Invoice.Disclosure LOW" "jquery-archive-list-widget 6.2.0 Authenticated.(Contributor+).PHP.Object.Injection.via.'included'.Shortcode.Attribute MEDIUM" "jquery-archive-list-widget 6.1.6 Unauthenticated.SQL.Injection HIGH" "jquery-archive-list-widget 6.1.6 Unauthenticated.SQL.Injection.via.build_sql_where.Function HIGH" "job-postings 2.8.1 Missing.Authorization MEDIUM" "job-postings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "job-postings 2.7.15 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.12 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "job-postings 2.7.11 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.8 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "jcarousel-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2..Authenticated.SQL.Injection HIGH" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "jabberbenachrichtigung No.known.fix Reflected.Cross-Site.Scripting.via.admin.php.PATH_INFO MEDIUM" "jiangqie-free-mini-program No.known.fix Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "jquery-colorbox No.known.fix Contributor+.Stored.XSS MEDIUM" "jobify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.keyword.Parameter MEDIUM" "jigoshop-store-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-listings No.known.fix Unauthenticated.Privilege.Escalation.via.register_action.Function CRITICAL" "jayj-quicktag 1.3.2 CSRF HIGH" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "jet-search 3.5.16.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-search 3.5.10.1 Reflected.Cross-Site.Scripting MEDIUM" "jet-search 3.5.10.1 Unauthenticated.SQL.Injection HIGH" "jet-search 3.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-search 3.5.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "joan 6.0.5 Missing.Authorization MEDIUM" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "jet-engine 3.8.1.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "jet-engine 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "jet-engine 3.7.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "jet-engine 3.8.1.2 Missing.Authorization MEDIUM" "jet-engine 3.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-engine 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-engine 3.7.1.1 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "jet-engine 3.7.1.1 Contributor+.RCE.via.Server-Side.Template.Injection MEDIUM" "jet-engine 3.7.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-engine 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-engine 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.list_tag.Parameter MEDIUM" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "jobcareer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrative.Actions HIGH" "justified-image-grid 4.7 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "jeg-elementor-kit 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.7.0 Author+.Stored.XSS MEDIUM" "jeg-elementor-kit 2.6.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Button.and.Countdown.Widgets MEDIUM" "jeg-elementor-kit 2.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Countdown.and.Off-Canvas MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.sg_content_template MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jetpack-boost 3.4.8 Contributor+.Stored.XSS MEDIUM" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "jet-smart-filters 3.6.7.1 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "jet-smart-filters 3.6.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-smart-filters 3.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "kevins-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kb-support No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "kb-support 1.6.8 Unauthenticated.Open.Redirect MEDIUM" "kb-support 1.6.7 Unauthenticated.Ticket.Reply.Exposure MEDIUM" "kb-support 1.6.7 Subscriber+.Multiple.Administrator.Actions HIGH" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "kalrav-ai-agent No.known.fix Unauthenticated.Arbitrary.File.Upload.via.kalrav_upload_file.AJAX.Action CRITICAL" "keywords-highlight-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "keymaster-chord-notation-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.4.10.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "kintpv-connect 8.141 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kikfyre-events-calendar-tickets No.known.fix Missing.Authorization MEDIUM" "kv-send-email-from-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kubio 2.6.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Installation MEDIUM" "kubio 2.5.2 Unauthenticated.Local.File.Inclusion CRITICAL" "kubio 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knr-author-list-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kontur-admin-style 1.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kush-micro-news No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kama-clic-counter 4.1.0 Contributor+.Stored.XSS MEDIUM" "kama-clic-counter 4.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "kama-clic-counter 3.5.0 XSS MEDIUM" "key4ce-osticket-bridge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kento-wp-stats No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kali-forms 2.4.10 Unauthenticated.Remote.Code.Execution.via.form_process CRITICAL" "kali-forms 2.4.9 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Form.Data.Exposure MEDIUM" "kali-forms 2.4.3 Contributor+.Stored.XSS MEDIUM" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kredeum-nfts 1.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "ki-live-video-conferences No.known.fix Missing.Authorization MEDIUM" "ki-live-video-conferences No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "kentha-elementor 3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "killer-theme-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "korea-for-woocommerce 1.1.12 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "knowband-mobile-app-builder-for-woocommerce 3.0.0 Knowband.Mobile.App.Builder.for.wooCommerce.<.3,0,0..Unauthenticated.Arbitrary.User.Deletion HIGH" "kumihimo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "kk-youtube-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "konami-easter-egg No.known.fix Cross-Site.Request.Forgery MEDIUM" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "kiwichat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "kh-easy-user-settings No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "kunze-law No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "kirilkirkov-pdf-invoice-manager 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Exposure MEDIUM" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "keycaptcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kiwi-social-share No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "kento-ads-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "koalendar-free-booking-widget 1.0.3 Contributor+.Stored.XSS.via.height.Parameter MEDIUM" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "king-addons 51.1.51 Unauthenticated.API.Keys.Disclosure MEDIUM" "king-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "king-addons 51.1.35 51.1.14.-.Unauthenticated.Privilege.Escalation CRITICAL" "king-addons 51.1.37 Unauthenticated.Arbitrary.File.Upload CRITICAL" "king-addons 51.1.37 Unauthenticated.Privilege.Escalation CRITICAL" "king-addons No.known.fix Missing.Authorization MEDIUM" "king-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "king-addons 24.12.59 Missing.Authorization MEDIUM" "k-elements 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "k-elements 5.4.0 Authentication.Bypass CRITICAL" "kadence-woocommerce-email-designer 1.5.18 Unauthenticated.Stored.XSS HIGH" "kadence-woocommerce-email-designer 1.5.17 Shop.Manager+.Arbitrary.Options.Update HIGH" "kadence-woocommerce-email-designer 1.5.15 Admin+.Arbitrary.File.Upload MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "knowledgebase-helpdesk-pro No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "knowledgebase-helpdesk-pro 8.0.5 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "kstats-reloaded No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "knowledge-base-maker No.known.fix Cross-Site.Request.Forgery MEDIUM" "keydatas 2.6.4 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "kings-tab-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "kargo-entegrator 1.1.15 Authenticated.(Shop.Manager+).SQL.Injection MEDIUM" "koko-analytics 2.1.3 Unauthenticated.SQL.Injection HIGH" "koko-analytics 1.3.13 Reflected.Cross-Site.Scripting MEDIUM" "kama-spamblock 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "kata-plus 1.5.4 Missing.Authorization MEDIUM" "kata-plus 1.5.4 Unauthenticated.PHP.Object.Injection HIGH" "kata-plus 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kata-plus 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kapost-byline 2.3.0 Stored.XSS.via.CSRF HIGH" "kirimemail-woocommerce-integration No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "keep-backup-daily 2.1.3 Authenticated.(Admin+).Limited.Path.Traversal.via.'kbd_path'.Parameter LOW" "keep-backup-daily 2.1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Backup.Title MEDIUM" "keep-backup-daily 2.1.1 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "keep-backup-daily No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "keyy No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "kvcore-idx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kundgenerator 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kadence-blocks 3.6.2 Contributor+.SSRF LOW" "kadence-blocks 3.6.2 Contributor+.Unauthorized.Media.Upload LOW" "kadence-blocks 3.6.0 Missing.Authorization MEDIUM" "kadence-blocks 3.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'redirectURL'.Parameter MEDIUM" "kadence-blocks 3.4.10 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.3.2 Missing.Authorization MEDIUM" "kadence-blocks 3.4.3 Authenticated.(contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "kadence-blocks 3.2.54 Admin+.Stored.XSS LOW" "kadence-blocks 3.2.54 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Widget MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kopa-nictitate-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "key-figures No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.kf_field_figure_default_color_render MEDIUM" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "kenta-companion No.known.fix Cross-Site.Request.Forgery MEDIUM" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kk-i-like-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kalender-digital 1.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "kanpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kama-thumbnail No.known.fix Cross-Site.Request.Forgery MEDIUM" "kento-latest-tabs No.known.fix Cross-Site.Request.Forgery.to.Plugin's.Settings.Update MEDIUM" "kivicare-clinic-management-system 4.1.3 Unauthenticated.Authentication.Bypass.via.Social.Login.Token CRITICAL" "kivicare-clinic-management-system 4.1.3 Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.Setup.Wizard HIGH" "kivicare-clinic-management-system 4.0.0 Authenticated.(Receptionist+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.16 Missing.Authorization.to.Unauthenticated..Limited.Arbitrary.File.Upload MEDIUM" "kivicare-clinic-management-system 3.6.14 Authenticated.(Patient+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.8 Authenticated.(Doctor+).SQL.Injection.via.'u_id'.Parameter MEDIUM" "kivicare-clinic-management-system 3.6.5 Unauthenticated.SQL.Injection HIGH" "kivicare-clinic-management-system 3.6.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.5 Authenticated.(Doctor/Receptionist+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.7 Patient+.Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "kento-splash-screen No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "klarna-order-management-for-woocommerce 1.9.9 Shop.Manager+.Information.Disclosure LOW" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "kangu 2.2.10 Reflected.XSS HIGH" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting.via.'add_query_arg' MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "king-ie No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kiotvietsync No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "kiotvietsync No.known.fix Unauthenticated.Webhook.Key.Exposure MEDIUM" "kiotvietsync No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kiotvietsync No.known.fix Authorization.Bypass.via.Use.of.Hard-coded.Password MEDIUM" "kiotvietsync No.known.fix Missing.Authorization MEDIUM" "kiotvietsync No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kiotvietsync 1.8.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "kineticpay-for-woocommerce 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "klarna-checkout-for-woocommerce 2.13.5 DoS.via.Excessive.Logging MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "ksher-payment 1.1.3 Missing.Authorization MEDIUM" "ksher-payment 1.1.2 Missing.Authorization MEDIUM" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "knowledgebase 2.3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Slug MEDIUM" "knowledgebase 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knowledgebase 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kbucket 4.2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kbucket 4.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lava-ajax-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "list-last-changes 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-shield No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "link-shield No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "logo-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-tql-edition 1.2.7 TQL.Edition.<.1.2.7.-.Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "lock-your-updates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "lws-sms No.known.fix Cross-Site.Request.Forgery MEDIUM" "luckywp-scripts-control 1.2.2 Missing.Authorization MEDIUM" "luckywp-scripts-control 1.2.2 CSRF.via.multiple.AJAX.actions LOW" "linked-variation-for-woocommerce 2.0.0 CSRF MEDIUM" "ltl-freight-quotes-sefl-edition 3.2.5 Unauthenticated.SQL.Injection HIGH" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "lms-elementor-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "leaderboard-lite No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "lazy-load-for-videos 2.18.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-video-title.and.href.Attributes MEDIUM" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lawyer-directory No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "lawyer-directory 1.3.4 Missing.Authorization MEDIUM" "lawyer-directory No.known.fix Missing.Authorization MEDIUM" "lawyer-directory 1.3.4 Subscriber+.Privilege.Escalation HIGH" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "lpagery 2.4.10 Missing.Authorization MEDIUM" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "login-me-now 1.7.3 Authentication.Bypass HIGH" "last-email-address-validator No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "latepoint 5.2.8 Cross-Site.Request.Forgery.in.Booking.Form.Settings.Update.to.Stored.Cross-Site.Scripting MEDIUM" "latepoint 5.2.8 Authenticated.(Administrator+).SQL.Injection.via.JSON.Import MEDIUM" "latepoint 5.2.8 Agent+.Privilege.Escalation HIGH" "latepoint 5.2.6 Cross-Site.Request.Forgery MEDIUM" "latepoint 5.2.7 Missing.Authorization.to.Booking.Details.Exposure MEDIUM" "latepoint 5.2.6 Unauthenticated.Stored.XSS HIGH" "latepoint 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "latepoint 5.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "latepoint 5.2.0 Unauthenticated.Authentication.Bypass HIGH" "latepoint 5.2.0 Account.Takeover.via.CSRF HIGH" "latepoint 5.1.94 Unauthenticated.LFI MEDIUM" "latepoint 5.1.93 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "latepoint 5.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "latepoint 5.0.13 Authentication.Bypass HIGH" "latepoint 5.0.12 Unauthenticated.Arbitrary.User.Password.Change.via.SQL.Injection CRITICAL" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "lock-my-bp 2.1.2 Missing.Authorization MEDIUM" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "leanpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "learning-management-system 2.0.4 LMS.<.2.0.4.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "learning-management-system 1.18.4 LMS.<.1.18.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Stored.Cross-Site.Scripting.via.Ask.a.Question.Functionality MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Missing.Authorization.to.Privilege.Escalation HIGH" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "loggedin 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "locateandfilter 1.6.17 Missing.Authorization MEDIUM" "locateandfilter 1.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "latest-registered-users No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure.via.User.Data.Export HIGH" "likert-survey-master No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-with-vipps 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "labinator-content-types-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "legoeso-pdf-manager No.known.fix Authenticated.(Author+).SQL.Injection.via.checkedVals.Parameter MEDIUM" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "links-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "landing-page-cat 1.7.9 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.8 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.5 Missing.Authorization MEDIUM" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "ltm-popup-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "leartes-try-exchange-rates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-recaptcha 1.7 IP.Check.Bypass LOW" "leads-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "lbg-cleverbakery 2.5.3 WPBakery.Page.Builder.Addon.<.2.5.3.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "linear 2.8.2 Cross-Site.Request.Forgery.to.Cache.Reset MEDIUM" "linear 2.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linear 2.8.1 Contributor+.Stored.XSS MEDIUM" "liveforms 4.8.5 Missing.Authorization MEDIUM" "liveforms No.known.fix Entry.Deletion.via.CSRF MEDIUM" "liveforms No.known.fix Missing.Authorization MEDIUM" "liveforms 4.8.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "load-more-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lead-form-builder 2.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "lead-form-builder 2.0.2 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "lt-unleashed No.known.fix Authenticated.(Contributor+).Local.File.Inclusion.via.'template'.Parameter HIGH" "listamester 2.3.7 Cross-Site.Request.Forgery MEDIUM" "listamester 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "listamester 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "library-bookshelves No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "lazy-load-optimizer No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ltl-freight-quotes-saia-edition 2.2.11 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-ups-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "lbg-audio1-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "lockets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-hopper No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'hop_name'.Parameter MEDIUM" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "label-plugins No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "legacy-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Notification.Triggering MEDIUM" "learnpress 4.3.2.5 Missing.Authorization.to.Unauthenticated.Sensitive.User.Information.Disclosure.via.REST.API MEDIUM" "learnpress 4.3.2.2 Insecure.Direct.Object.Reference.to.Authenticated.(Instructor+).Teacher.Material.Deletion MEDIUM" "learnpress 4.3.2.1 Missing.Authentication.to.Unauthenticated.Course.Modification MEDIUM" "learnpress 4.3.2 Missing.Authorization.to.Unauthenticated.Orders.Statistics.Exposure MEDIUM" "learnpress 4.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.get_profile_social MEDIUM" "learnpress 4.3.0 Missing.Authorization MEDIUM" "learnpress 4.3.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Callback.Execution.to.Information.Exposure MEDIUM" "learnpress 4.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.9.4 Missing.Authorization.to.Unauthenticated.Database.Table.Manipulation MEDIUM" "learnpress 4.2.7.6 Missing.Authorization MEDIUM" "learnpress 4.2.7.5.1 Authenticated.(LP.Instructor+).Stored.Cross-Site.Scripting.via.Lesson.Name MEDIUM" "learnpress 4.2.7.2 Authenticated.(Subscriber+).Open.Redirect MEDIUM" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.4 Course.Material.Sensitive.Information.Exposure.via.REST.API MEDIUM" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "locker-content 1.0.1 Unauthenticated.Information.Exposure MEDIUM" "lazy-blocks 4.2.1 Contributor+.Remote.Code.Execution HIGH" "lazy-blocks 4.1.1 Missing.Authorization MEDIUM" "lazy-blocks 3.8.3 Reflected.XSS HIGH" "license-envato 1.1.0 Unauthenticated.Local.File.Inclusion CRITICAL" "license-envato 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "luzuk-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lisfinity-core No.known.fix Lisfinity.Core.plugin.used.for.pebas®.Lisfinity.WordPress.theme.<=.1.5.0.-.Unauthenticated.SQL.Injection HIGH" "lisfinity-core 1.5.0 Lisfinity.Core.plugin.used.for.pebas®.Lisfinity.WordPress.theme.<.1.5.0.-.Unauthenticated.Privilege.Escalation.to.Editor HIGH" "lisfinity-core 1.5.0 Lisfinity.Core.plugin.used.for.pebas®.Lisfinity.WordPress.theme.<.1.5.0.-.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "language-switcher 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "label-grid-tools 1.3.59 Reflected.Cross-Site.Scripting MEDIUM" "login-logout-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "listings-for-appfolio 1.2.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lightgallerywp No.known.fix Contributor+.DOM-Based.Stored.XSS.via.lightGallery.Library MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "links-in-captions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "lifterlms 9.1.1 Various.Versions.-.Authenticated.(Student+).Privilege.Escalation HIGH" "lifterlms 8.0.7 Unauthenticated.SQL.Injection HIGH" "lifterlms 8.0.2 Missing.Authorization.to.Unauthenticated.Post.Trashing MEDIUM" "lifterlms 7.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "lifterlms 8.0.1 Reflected.XSS HIGH" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "lightbox-block 1.1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leadinfo 2.1 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "lenix-scss-compiler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lenix-scss-compiler No.known.fix Cross-Site.Request.Forgery MEDIUM" "loginpress 4.0.0 Arbitrary.Options.Update.via.CSRF HIGH" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.16 Authenticated.Blind.SQL.Injection CRITICAL" "latex2html 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "latex2html 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "linet-erp-woocommerce-integration 3.6.0 Authenticated.(Admin+).Arbitrary.File.Read.&.Deletion HIGH" "linet-erp-woocommerce-integration 3.5.8 Cross-Site.Request.Forgery MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Contact/Widget.Toggle MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "landing-pages-and-domain-aliases No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "llm-hubspot-blog-import No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Hubspot.Import MEDIUM" "link-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-view No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "linkedin-sc No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Settings.Page MEDIUM" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "library-instruction-recorder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-freightview-edition 1.0.12 Unauthenticated.Stored.Cross-Site.Scripting.via.'expiry_date'.Parameter HIGH" "luzuk-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-flight-radar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lbg-vp2-html5-bottom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lodgixcom-vacation-rental-listing-management-booking-plugin No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "leader No.known.fix Missing.Authorization MEDIUM" "list-related-attachments-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lbg-audio3-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "legull No.known.fix Reflected.XSS HIGH" "lucidlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "luckywp-table-of-contents 2.1.11 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.7 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.5 Admin+.Stored.XSS MEDIUM" "luckywp-table-of-contents 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Contributor+.Stored.XSS MEDIUM" "leaky-paywall No.known.fix Missing.Authorization MEDIUM" "leaky-paywall 4.21.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "list-attachments-shortcode No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.list-attachments.Shortcode MEDIUM" "linklaunder-seo-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lj-custom-menu-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "logger-elementor No.known.fix Missing.Authorization MEDIUM" "latest-post-shortcode 14.2.1 Missing.Authorization MEDIUM" "latest-post-shortcode 14.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "leira-cron-jobs 1.2.10 Reflected.Cross-Site.Scripting MEDIUM" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "linkedin-resume No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "leadbi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'form_id'.Shortcode.Attribute MEDIUM" "leadbi No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "leyka No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "leyka No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leyka 3.31.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leyka 3.31.7 Missing.Authorization MEDIUM" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "leads-for-amo-crm No.known.fix Cross-Site.Request.Forgery MEDIUM" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "login-redirect No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "live-css-preview 2.1.5 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "local-syndication No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery.via.Shortcode MEDIUM" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lh-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "laposta-woocommerce 1.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "loginplus No.known.fix Missing.Authorization MEDIUM" "loginplus No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "live-chat-support-by-social-intents No.known.fix Admin+.Stored.XSS LOW" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "legal-pages 1.4.7 Missing.Authorization MEDIUM" "legal-pages 1.4.6 Missing.Authorization MEDIUM" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "list-site-contributors No.known.fix Reflected.Cross-Site.Scripting.via.alpha MEDIUM" "ltl-freight-quotes-globaltranz-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-globaltranz-edition 2.3.13 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "laurent-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "likecoin 3.3.0 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "list-pages-at-depth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lbg-universal-video-player-addon-visual-composer 3.2.2.0 Addon.for.WPBakery.Page.Builder.<.3.2.2.0.-.Reflected.Cross-Site.Scripting MEDIUM" "lbg-universal-video-player-addon-visual-composer 3.2.2.0 Addon.for.WPBakery.Page.Builder.<.3.2.2.0.-.Reflected.Cross-Site.Scripting MEDIUM" "logs-de-connexion No.known.fix Admin+.SQL.Injection LOW" "logs-de-connexion No.known.fix Log.Deletion.via.CSRF MEDIUM" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "lastudio-element-kit 1.6.0 Unauthenticated.Privilege.Escalation.via.Backdoor.to.Administrative.User.Creation.via.lakit_bkrole.parameter CRITICAL" "lastudio-element-kit 1.5.6.3 Missing.Authorization MEDIUM" "lastudio-element-kit 1.5.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "lastudio-element-kit 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Compare.and.Google.Maps.Widgets MEDIUM" "lastudio-element-kit 1.5.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.data-lakit-element-link.Parameter MEDIUM" "lastudio-element-kit 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Table.of.Contents.Widget MEDIUM" "lastudio-element-kit 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.4.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "lastudio-element-kit 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "lifepress 2.2.2 Missing.Authorization MEDIUM" "lifepress 2.2 Missing.Authorization MEDIUM" "lis-video-gallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-with-salesforce No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "lastfm-recent-album-artwork No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "library-viewer 3.2.0 Reflected.Cross-Site.Scripting HIGH" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "lafka-plugin No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Option.Update MEDIUM" "ltl-freight-quotes-rl-edition 3.3.5 Unauthenticated.SQL.Injection HIGH" "latestcheckins No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-purolator-freight-edition 2.2.4 Unauthenticated.SQL.Injection HIGH" "loan-comparison 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "lbg-audio8-html5-radio-ads 3.5.5 HTML5.Radio.Player.With.Ads.-.ShoutCast.and.IceCast.Support.<.3.5.5.-.Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "lime-developer-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "litho-addons No.known.fix Missing.Authorization MEDIUM" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "linkpreview No.known.fix Cross-Site.Request.Forgery MEDIUM" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "local-shipping-labels-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "listingpro-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "listingpro-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "listingpro-plugin No.known.fix Missing.Authorization MEDIUM" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "lucky-draw No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "ltl-freight-quotes-freightquote-edition 2.3.12 Missing.Authorization MEDIUM" "ltl-freight-quotes-freightquote-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "local-sync 1.1.9 Subscriber+.Arbitrary.File.Upload CRITICAL" "local-sync 1.1.7 Missing.Authorization MEDIUM" "lazytasks-project-task-management 1.3.01 Unauthenticated.Privilege.Escalation CRITICAL" "lazytasks-project-task-management No.known.fix Missing.Authorization.to.Uanuthenticated.Privilege.Escalation CRITICAL" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "liquid-chatgpt No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "league-of-legends-rotation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linkz-ai 1.2.0 Subscriber+.Plugin.Settings.Update MEDIUM" "linkz-ai 1.2.0 Unauthenticated.Plugin.Settings.Update MEDIUM" "layers 1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lmbbox-smileys No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "location-click-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loi-hamon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lottier-elementor No.known.fix Missing.Authorization MEDIUM" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "legalweb-cloud 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "list-sub-pages 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "lsd-google-maps-embedder No.known.fix Cross-Site.Request.Forgery.Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "listingpro-lead-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "listingpro-lead-form No.known.fix Missing.Authorization MEDIUM" "like-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "live-support-tickets 1.11.1 Unauthenticated.Information.Disclosure MEDIUM" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "leadcapture 2.6 Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "leadcapture 2.6 Unauthenticated.SQL.Injection HIGH" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "language-field No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lwscache 2.9 Subscriber+.Limited.Plugin.Activation MEDIUM" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "ltl-freight-quotes-estes-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "logo-showcase-ultimate 1.4.5 Contributor+.Local.File.Inclusion HIGH" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "l-squared-hub-wp-virtual-device No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "layoutboxx No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "list-mixcloud No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logic-pro No.known.fix Unauthenticated.PHP.Object.Injection.via.'lpblocks'.Cookie HIGH" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subsciber+).Log.Deletion.and.Session.Termination MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+)Privilege.Escalation HIGH" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "logo-slider-wp No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.'logo-slider'.Shortcode MEDIUM" "logo-slider-wp No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "logo-slider-wp 4.9.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.6.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Author+.Stored.XSS MEDIUM" "logo-slider-wp 4.1.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "lightweight-accordion 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "listapp-mobile-manager No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lh-qr-codes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "location-piker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "login-with-yourmembership 1.1.8 YM.SSO.Login.<.1.1.8.-.Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure.via.'moym_display_test_attributes' MEDIUM" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "leopard-wordpress-offload-media 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "lgpd-compliant-cookie-banner No.known.fix Cross-Site.Request.Forgery MEDIUM" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "listinghub No.known.fix Missing.Authorization MEDIUM" "listinghub No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "learnpress-import-export 4.1.1 Missing.Authentication.to.Unauthenticated.Migrated.Course.Deletion MEDIUM" "learnpress-import-export 4.1.0 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.1.3 Unauthenticated.Local.File.Inclusion HIGH" "learnpress-import-export 4.0.5 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "list-children 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lws-affiliation No.known.fix Cross-Site.Request.Forgery MEDIUM" "lws-affiliation 2.3.5 Missing.Authorization MEDIUM" "liquid-blocks 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lock-user-account No.known.fix User.Lock.Bypass MEDIUM" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "lightweight-and-responsive-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lightweight-and-responsive-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lbg-audio2-html5 3.5.9 Reflected.Cross-Site.Scripting MEDIUM" "lbg-audio2-html5 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "live-sports-streamthunder No.known.fix Cross-Site.Request.Forgery MEDIUM" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ltl-freight-quotes-odfl-edition 4.2.11 Unauthenticated.SQL.Injection HIGH" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "likebot No.known.fix Admin+.Stored.XSS.via.CSRF LOW" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "laika-pedigree-tree No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "layouts-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "loginizer-security 1.9.3 Authentication.Bypass HIGH" "listsearch No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'placeholder'.Shortcode.Attribute MEDIUM" "lesson-plan-book No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "listdom 5.1.0 Missing.Authorization MEDIUM" "listdom 4.1.0 Open.Redirect MEDIUM" "listdom 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode.Parameter MEDIUM" "linkedin-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ltl-freight-quotes-daylight-edition 2.2.8 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "ltl-freight-quotes-daylight-edition 2.2.7 Unauthenticated.Stored.Cross-Site.Scripting.via.'expiry_date'.Parameter HIGH" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Missing.Authorization MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Unauthenticated.SQL.Injection HIGH" "litespeed-cache 7.6 Reflected.XSS HIGH" "litespeed-cache 7.1 Editor+.Server-Side.Request.Forgery MEDIUM" "litespeed-cache 6.5.3 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5.2 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5.1 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5.1 Author+.Path.Traversal MEDIUM" "litespeed-cache 6.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "link-library No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "link-library 7.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-library 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Additional.Parameters MEDIUM" "link-library 7.7.3 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "lh-signing No.known.fix Cross-Site.Request.Forgery MEDIUM" "localgrid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lucas-string-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-xpo-edition 4.3.8 Unauthenticated.SQL.Injection HIGH" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "login-page-editor No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "livemesh-siteorigin-widgets 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Hero.Header.and.Pricing.Table.Widgets MEDIUM" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "last-viewed-posts 1.0.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "login-customizer 2.5.4 Unauthenticated.Arbitrary.Password.Reset HIGH" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "like-on-vkontakte No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lu-radioplayer 6.24.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lu-radioplayer 6.24.11.07 Unauthenticated.Arbitrary.File.Read HIGH" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "loginizer 1.9.3 Authentication.Bypass HIGH" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "logo-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logo-showcase 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "limit-bio No.known.fix Stored.XSS.via.CSRF HIGH" "limit-bio No.known.fix Reflected.XSS HIGH" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "lockerpress-wordpress-security No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "ljusers No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'name'.Shortcode.Attribute MEDIUM" "learnpress-course-review 4.2.0 Authenticated.(Learnpress.student+).Stored.Cross-Site.Scripting MEDIUM" "live-shopping-video-streams No.known.fix Missing.Authorization MEDIUM" "live-shopping-video-streams No.known.fix Cross-Site.Request.Forgery MEDIUM" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 2.0.3 Authenticated.(Contributor+).PHP.Object.Injection.via.dslc_module_posts_output.Shortcode HIGH" "live-composer-page-builder 2.0.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lh-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "listly No.known.fix Unauthenticated.Arbitrary.Transient.Deletion MEDIUM" "listingpro-reviews 2.9.11 Reflected.Cross-Site.Scripting MEDIUM" "listingpro-reviews 2.9.11 Missing.Authorization MEDIUM" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "limit-login-attempts-plus No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "login-sidebar-widget No.known.fix Open.Redirect MEDIUM" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "ls-gmap-route No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "leenkme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "legal-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leadboxer 1.4 Reflected.XSS HIGH" "linkid No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "lh-ogp-meta-tags No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "leira-roles 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "lizza-lms-pro 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "linux-promotional-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "link-to-url-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "list-urls No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-widget-for-ultimate-member 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "live-sales-notifications-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "live-sales-notifications-for-woocommerce 2.3.40 Missing.Authorization.to.Unauthenticated.Customer.Data.Exposure HIGH" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "learts-addons 1.7.5 Unauthenticated.SQL.Injection HIGH" "locatoraid No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.51 Unauthenticated.PHP.Object.Injection CRITICAL" "locatoraid 3.9.48 Reflected.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "lana-downloads-manager 1.11.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "lana-downloads-manager 1.10.0 Admin+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "lightview-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "leadpages 1.1.4 Missing.Authorization MEDIUM" "linkedinclude No.known.fix Cross-Site.Request.Forgery MEDIUM" "live-2d 1.9.12 Subscriber+.Arbitrary.File.Deletion HIGH" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "likebtn-like-button 2.6.54 Cross-Site.Request.Forgery MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "limit-max-ips-per-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lgpd-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lunar-sell-photos-online No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "logo-manager-for-enamad 0.7.2 Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad 0.7.1 Stored.XSS.via.CSRF HIGH" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-abf-freight-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "listings-for-buildium 0.1.6 Stored.XSS.via.CSRF HIGH" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "lemonade-sna-pinterest-edition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "language-icons-flags-switcher No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-day-ross-edition 2.1.12 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "ltl-freight-quotes-day-ross-edition 2.1.11 Unauthenticated.Stored.Cross-Site.Scripting.via.'expiry_date'.Parameter HIGH" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "linked-variation 1.0.4 Missing.Authorization MEDIUM" "lupsonline-link-netwerk 3.0.0 Unauthenticated.Arbitrary.Post/Category.Modification HIGH" "lupsonline-link-netwerk 3.0.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "local-magic No.known.fix Unauthenticated.SQL.Injection HIGH" "local-magic No.known.fix Missing.Authorization MEDIUM" "login-with-azure 2.2.6 Authentication.Bypass CRITICAL" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "libro-de-reclamaciones-y-quejas 1.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "libro-de-reclamaciones-y-quejas No.known.fix Stored.XSS.via.CSRF HIGH" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "linkedin-auto-publish 1.9.9 Reflected.Cross-Site.Scripting.via.PostMessage MEDIUM" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lessbuttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "login-watchdog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "like-dislike-plus-counter No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "liveagent 4.4.8 Cross-Site.Request.Forgery MEDIUM" "launchpage-app-importer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "list-one-category-of-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "lingotek-translation No.known.fix Missing.Authorization MEDIUM" "lingotek-translation 1.7.2 Unauthenticated.Local.File.Inclusion HIGH" "lingotek-translation 1.7.1 Unauthenticated.Local.File.Inclusion CRITICAL" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "lws-cleaner 2.4.2 Admin+.Arbitrary.File.Deletion MEDIUM" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "listeo-core No.known.fix Directory.Plugin.by.Purethemes.<=.2.0.21.-.Reflected.Cross-Site.Scripting MEDIUM" "listeo-core 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "listeo-core 2.0.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "latest-custom-post-type-updates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 3.0.13 Admin+.SQL.Injection MEDIUM" "license-manager-for-woocommerce 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lazy-load-videos-and-sticky-control No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lbg-audio4-html5-shoutcast 4.4.8 Reflected.Cross-Site.Scripting MEDIUM" "listivo-core 2.3.78 Unauthenticated.Local.File.Inclusion HIGH" "lbg-vp2-html5-rightside No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "list-category-posts 0.92.0 Authenticated.(Contributor+).SQL.Injection.via.Plugin's.Shortcode MEDIUM" "list-category-posts 0.93.0 Authenticated.(Contributor+).Information.Exposure MEDIUM" "list-category-posts 0.92.0 Contributor+.Local.File.Inclusion HIGH" "list-category-posts 0.90.3 Author+.Stored.XSS LOW" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "login-logout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "listar-directory-listing No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Listing.Update MEDIUM" "listar-directory-listing No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "list-posts-by-category No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-fedex-freight-edition 3.4.2 Unauthenticated.SQL.Injection HIGH" "loginwp-pro 4.0.8.6 Pro.<.4.0.8.6.-.Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "loginwp-pro 4.0.8.6 Pro.<.4.0.8.6.-.Missing.Authorization MEDIUM" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "login-with-phone-number 1.8.48 Authentication.Bypass HIGH" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "latest-post-accordian-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linkmyposts No.known.fix Reflected.XSS HIGH" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.22 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Worldwide.Express.Edition.<.5.0.21.-.Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Unauthenticated.SQL.Injection HIGH" "len-slider No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "lbg-audio5-html5-shoutcast-sticky 3.6.4 Sticky.Full.Width.HTML5.Audio.Player.<.3.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "lenxel-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lenxel-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lenxel-core 1.2.5 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "laser No.known.fix Missing.Authorization MEDIUM" "lazyload-background-images No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "lh-copy-media-file 1.09 Reflected.Cross-Site.Scripting MEDIUM" "lenix-elementor-leads-addon 1.8.3 Unauthenticated.Stored.Cross-Site.Scripting.via.URL.Form.Field HIGH" "login-register-using-jwt 3.1.0 Missing.Authorization.to.Authenticated.(Subscriber+).API.Key.Exposure MEDIUM" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "live-stock-prices-for-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lottier-wpbakery No.known.fix Missing.Authorization MEDIUM" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "local-search-seo-contact-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "leadconnector 3.0.22 Unauthenticated.Rest.Call MEDIUM" "leadconnector 3.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "lmsace-connect No.known.fix Missing.Authorization MEDIUM" "lottier-gutenberg No.known.fix Missing.Authorization MEDIUM" "library-management-system 3.3 Unauthenticated.SQL.Injection HIGH" "library-management-system 3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Manipulation MEDIUM" "library-management-system 3.2.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "library-management-system No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "lottiefiles 3.1.0 Missing.Authorization HIGH" "lottiefiles 3.1.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "leadquizzes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-whisper 0.9.1 Unauthenticated.Settings.and.User.Meta.Update MEDIUM" "link-whisper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.8.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.8.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper No.known.fix Missing.Authorization MEDIUM" "link-whisper 0.7.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting.via.remove_query_arg.Parameter MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "luzuk-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libro-de-reclamaciones No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "last-updated-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ldap-login-password-and-role-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "live-stream-badger No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "like-dislike-voting No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "loginpress-pro 5.0.2 Authentication.Bypass.via.WordPress.com.OAuth.provider HIGH" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "learning-management-system-pro 2.20.1 Unauthenticated.Privilege.Escalation CRITICAL" "ledenbeheer-external-connection 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-lockdown 2.15 IP.Block.Bypass MEDIUM" "login-lockdown 2.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.IP.Whitelisting MEDIUM" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "list-child-pages-shortcode 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "like-share-my-site No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-logger No.known.fix Cross-Site.Request.Forgery MEDIUM" "live-dashboard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadfox 2.2.0 Stored.XSS.via.CSRF HIGH" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "media-author No.known.fix Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.90 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "motors-car-dealership-classified-listings 1.4.81 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "motors-car-dealership-classified-listings 1.4.72 Unauthenticated.Local.File.Inclusion CRITICAL" "motors-car-dealership-classified-listings 1.4.65 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "motors-car-dealership-classified-listings 1.4.64 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "motors-car-dealership-classified-listings 1.4.67 Missing.Authorization.to.Authenticated.(Subscriber+).Wizard.Set-up MEDIUM" "motors-car-dealership-classified-listings 1.4.72 Contributor+.Local.File.Inclusion HIGH" "motors-car-dealership-classified-listings 1.4.72 Contributor+.Stored.XSS MEDIUM" "motors-car-dealership-classified-listings 1.4.58 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Listing.Template.Creation MEDIUM" "motors-car-dealership-classified-listings 1.4.44 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Custom.Title MEDIUM" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "mybrain-utilities 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "mapplic-lite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "media-slider 1.4.0 Missing.Authorization MEDIUM" "most-and-least-read-posts-widget 2.5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "most-and-least-read-posts-widget 2.5.19 Cross-Site.Request.Forgery.via.most_and_least_read_posts_options MEDIUM" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "midi-synth 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.'export'.AJAX.Action CRITICAL" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "mstoreapp-mobile-app No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "map-addons-for-elementor-waze-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "microsoft-start No.known.fix Missing.Authorization MEDIUM" "multisite-clone-duplicator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mstore-api 4.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Posts.Creation MEDIUM" "mstore-api 4.17.5 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "mstore-api 4.16.5 Authenticated.(Subscriber+).HTML.File.Upload.(Stored.Cross-Site.Scripting) MEDIUM" "mstore-api 4.15.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "mailin 3.3.1 Unauthenticated.Authorization.Bypass.via.Type.Juggling MEDIUM" "mailin 3.1.88 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "myhome-core 4.1.1 Unauthenticated.Local.File.Inclusion HIGH" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "maintenance-notice 1.0.7 Settings.Reset.via.CSRF MEDIUM" "motor-racing-league No.known.fix Admin+.XSS LOW" "meeting-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mp-restaurant-menu 2.4.8 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "mp-restaurant-menu 2.4.7 Cross-Site.Request.Forgery MEDIUM" "mp-restaurant-menu 2.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "makesweat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'makesweat_clubid'.Setting MEDIUM" "member-database No.known.fix Reflected.XSS HIGH" "magic-login-mail 2.06 Unauthenticated.Privilege.Escalation.via.Insecure.QR.Code.File.Storage HIGH" "maanstore-api No.known.fix Authentication.Bypass CRITICAL" "magic-import-document-extractor No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "magic-import-document-extractor 1.0.6 Missing.Authorization.to.Unauthenticated.Plugin.License.Status.Modification MEDIUM" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "metricool 1.18 Admin+.Stored.XSS LOW" "mollie-forms 2.7.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "maxslider 1.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "modal-popup-box 1.6.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'marketplace'.Shortcode MEDIUM" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "mine-cloudvod 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.audio.Parameter MEDIUM" "masjidal 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-category-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "myshouts-shoutbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "multi-column-tag-map No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'mctm_css_conditional'.Parameter MEDIUM" "multi-column-tag-map 17.0.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mctagmap.Shortcode MEDIUM" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "master-addons-pro 2.1.4 Authenticated.(Subscriber+).Remote.Code.Execution.via.render_preview HIGH" "multiple-pages-generator-by-porthas 4.0.6 Authenticated.(Editor+).Server-Side.Request.Forgery.via.fileUrl MEDIUM" "multiple-pages-generator-by-porthas 4.0.3 Authenticated.(Editor+).Directory.Traversal.to.Limited.File.Deletion LOW" "multiple-pages-generator-by-porthas 4.0.2 Missing.Authorization MEDIUM" "multiple-pages-generator-by-porthas 3.4.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "mixlr-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "mipl-wc-multisite-sync 1.1.6 Unauthenticated.Arbitrary.File.Download HIGH" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "my-marginalia No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "multi-step-form 1.7.26 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "multi-step-form 1.7.24 Missing.Authorization.to.Unauthenticated.Limited.File.Upload MEDIUM" "multi-step-form 1.7.22 Missing.Authorization.via.fw_delete_files MEDIUM" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "media-modal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magic-buttons-for-elementor 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.magic-button.Shortcode MEDIUM" "magic-buttons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.magic-button.Shortcode MEDIUM" "mail-mint 1.19.5 Missing.Authorization MEDIUM" "mail-mint 1.19.3 Authenticated.(Administrator+).SQL.Injection.via.Multiple.API.Endpoints MEDIUM" "mail-mint 1.19.5 Unauthenticated.Emails.Disclosure HIGH" "mail-mint 1.19.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mail-mint 1.18.11 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "mail-mint 1.18.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "mail-mint 1.18.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "mail-mint 1.17.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "modal-window 6.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.iframeBox.Shortcode MEDIUM" "modal-window 6.1.5 Cross-Site.Request.Forgery.to.Settings.Ipdate MEDIUM" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "mainwp-child 5.3 Authentication.Bypass HIGH" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "mb-custom-post-type 2.7.7 Admin+.Stored.XSS LOW" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "map-categories-to-pages No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mancx-askme-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mstoic-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'start'.Shortcode.Attribute MEDIUM" "mementor-core No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "mycurator 3.79 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marketing-performance No.known.fix Reflected.XSS HIGH" "market-360-viewer No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "momoyoga-integration 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "migrate-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minimum-password-strength No.known.fix Cross-Site.Request.Forgery MEDIUM" "mycbgenie-clickbank-storefront No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "my-calendar 3.6.17 Missing.Authorization MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "multi-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "mislider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "mesmerize-companion 1.6.162 Missing.Authorization.Authenticated.(Subscriber+).Settings.Update MEDIUM" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "m2wp No.known.fix Admin+.Stored.XSS LOW" "mg-post-contributors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "muse-ai 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.muse-ai.Shortcode MEDIUM" "mosaic-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'c'.Parameter MEDIUM" "masterbip-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "myd-delivery No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "mobile-dj-manager 1.7.8.2 Missing.Authorization.to.Unauthenticated.Arbitrary.Custom.Event.Field.Deletion MEDIUM" "mobile-dj-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "mobile-dj-manager 1.7.5.3 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "mobile-dj-manager 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "mini-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "my-wp-health-check No.known.fix Missing.Authorization.to.Unauthenticated.Site.Health.Information.Exposure MEDIUM" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "mynx-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "meta-box-gallerymeta 3.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Image.Caption MEDIUM" "meta-box-gallerymeta 3.1 Missing.Authorization.to.Authenticated.(Author+).Gallery.Management MEDIUM" "mxchat-basic 2.5.6 Unauthenticated.Information.Exposure MEDIUM" "mxchat-basic 2.4.7 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "my-resume-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiline-files-for-contact-form-7 2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Deactivation MEDIUM" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "marquee-addons-for-elementor 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial.Marquee.Widget MEDIUM" "marquee-addons-for-elementor 3.8.3 Contributor+.Stored.XSS MEDIUM" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mobile-kiosk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "melascrivi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "make-builder 1.1.11 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.make_builder_ajax_subscribe.Function MEDIUM" "mf-plus-wpml No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "multiple-location-google-map No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "memberlite-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "memberlite-shortcodes 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "memberlite-shortcodes 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.memberlite_accordion.Shortcode MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ms-registration No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ms-registration No.known.fix Missing.Authorization MEDIUM" "microblog-poster No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "mobi2go No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "modern-footnotes 1.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "masterstudy-elementor-widgets 1.2.5 Missing.Authorization MEDIUM" "masterstudy-elementor-widgets 1.2.5 Missing.Authorization MEDIUM" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "menus-plus No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "myworks-woo-sync-for-quickbooks-online 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "media-library-file-size 1.6.8 Missing.Authorization MEDIUM" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "my-reading-library No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "mytweetlinks No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "meks-flexible-shortcodes 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-flexible-shortcodes 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "maximum-products-per-user-for-woocommerce 4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maximum-products-per-user-for-woocommerce 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "marekkis-watermark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mergado-marketing-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "mergado-marketing-pack No.known.fix Stored.XSS.via.CSRF HIGH" "medical-prescription-attachment-plugin-for-woocommerce No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "modern-polls No.known.fix Cross-Site.Request.Forgery MEDIUM" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.1.00 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.25 Missing.Authorization MEDIUM" "min-and-max-quantity-for-woocommerce 2.1.0 Missing.Authorization MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "multiple-roles-per-user No.known.fix Missing.Authorization.to.Authenticated.(Custom+).Privilege.Escalation HIGH" "mh-board No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "macme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-contact-bar 3.0.5 Admin+.Stored.XSS LOW" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "mshop-naver-talktalk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.add_plus_friends.and.add_plus_talk.Shortcodes MEDIUM" "mailup-auto-subscribtion 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "mg-parallax-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "music-store 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "metform-pro No.known.fix Missing.Authorization MEDIUM" "metform-pro 3.9.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "media-folder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system-pro 4.7.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "masterstudy-lms-learning-management-system-pro 4.7.16 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system-pro 4.7.16 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "masterstudy-lms-learning-management-system-pro 4.7.10 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "masterstudy-lms-learning-management-system-pro 4.7.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "magicform No.known.fix WordPress.Form.Builder.<=.1.6.2.-.Missing.Authorization MEDIUM" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "miniorange-wp-as-saml-idp 1.15.7 Authenticated.(Administrator+).SQL.Injection HIGH" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "macro-admin-email-data-optin-calculator No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "masker-elementor No.known.fix Missing.Authorization MEDIUM" "myorderdesk 3.3.0 Contributor+.Stored.XSS MEDIUM" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "mailgun-subscriptions 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-smart No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "movie-database No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "meteor-slides No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "music-let-loose-mp3-audio-player No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "manycontacts-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "migrate-shopify-to-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mindvalley-pagemash No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "mybookprogress No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mybookprogress No.known.fix Missing.Authorization MEDIUM" "mybookprogress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.book.Parameter MEDIUM" "materialis-companion 1.3.53 Missing.Authorization MEDIUM" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "multiple-votes-in-one-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "multilanguage No.known.fix Missing.Authorization MEDIUM" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "mybooktable No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.5.4 Cross-Site.Request.Forgery MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "mind3dom-ryebread-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "myweather No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "moderate-selected-posts No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "media-library-plus 8.3.7 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.Attachment.Deletion.and.Rename MEDIUM" "media-library-plus 8.3.1 Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "market-exporter 2.0.23 Cross-Site.Request.Forgery MEDIUM" "market-exporter 2.0.22 Missing.Authorization MEDIUM" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "mega-forms 1.6.2 Missing.Authorization MEDIUM" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "magic-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marketer-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multimanager-wp 1.1.0 Authentication.Bypass.via.User.Impersonation CRITICAL" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "miniorange-firebase-sms-otp-verification 3.6.3 3.6.2.-.Unauthenticated.Privilege.Escalation HIGH" "miniorange-firebase-sms-otp-verification 3.6.1 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Privilege.Escalation.via.Registration.due.to.Administrator.Default.User.Role.Value CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Authentication.Bypass HIGH" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "moka-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "more-mime-type-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "myanime-widget No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation CRITICAL" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "mcjh-button-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "martins-free-and-easy-ad-network-get-more-visitors No.known.fix Stored.XSS.via.CSRF HIGH" "multilang-contact-form No.known.fix Cross-Site.Request.Forgery MEDIUM" "multilang-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marketing-automation 1.2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "milat-jquery-automatic-popup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "mww-disclaimer-buttons 3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mlanguage No.known.fix Cross-Site.Request.Forgery MEDIUM" "memsource-connector 4.7.6 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "mopinion-feedback-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mdirector-newsletter 4.5.9 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "meta-store-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "m1downloadlist No.known.fix Contributor+.Sensitive.Information.Disclosure MEDIUM" "m1downloadlist 0.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mystickyelements 2.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Bulk.Lead.Deletion MEDIUM" "mystickyelements 2.3.4 Missing.Authorization MEDIUM" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mwp-herd-effect 6.2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "modula-best-grid-gallery 2.13.7 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post/Page.Editing MEDIUM" "modula-best-grid-gallery 2.13.5 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.13.4 Missing.Authorization.to.Authenticated.(Author+).Arbitrary.Gallery.Modification MEDIUM" "modula-best-grid-gallery 2.13.4 Missing.Authorization.to.Arbitrary.Directory.Listing MEDIUM" "modula-best-grid-gallery 2.13.3 2.13.2.-.Author+.Arbitrary.File.Deletion HIGH" "modula-best-grid-gallery 2.13.3 2.13.2.-.Author+.Arbitrary.File.Upload.via.Race.Condition MEDIUM" "modula-best-grid-gallery 2.13.7 Missing.Authorization MEDIUM" "modula-best-grid-gallery 2.12.29 Author+.Arbitrary.Image.File.Move MEDIUM" "modula-best-grid-gallery 2.10.2 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.FancyBox.5.JavaScript.Library MEDIUM" "modula-best-grid-gallery 2.11.11 Author+.Arbitrary.File.Upload HIGH" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mrkv-vchasno-kasa 1.0.4 Unauthenticated.Log.File.Clearing MEDIUM" "mrkv-vchasno-kasa 1.0.4 Missing.Authorization.to.Unauthenticated.Invoice.Generation MEDIUM" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "mortgage-loan-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "magical-blocks 2.0.0 Contributor+.Stored.XSS MEDIUM" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mesa-mesa-reservation-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "manage-user-columns 1.0.6 Cross-Site.Request.Forgery MEDIUM" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "minimal-share-buttons 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Parameter MEDIUM" "my-geo-posts-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-geo-posts-free No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "mojo-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multi-crypto-currency-payment No.known.fix Unauthenticated.SQL.Injection HIGH" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "mobile-bottom-menu-for-wp 1.4.1 Missing.Authorization MEDIUM" "magical-products-display 1.1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.MPD.Pricing.Table.Widget MEDIUM" "mapsvg 8.7.4 Unauthenticated.SQL.Injection HIGH" "mapsvg 8.6.12 Authenticated.(Contributor+).Arbitrary.File.Download MEDIUM" "mapsvg 8.7.4 Contributor+.Arbitrary.File.Upload HIGH" "mapsvg 8.6.13 Contributor+.Privilege.Esclation HIGH" "mapsvg 8.6.13 Missing.Authorization MEDIUM" "mapsvg No.known.fix All.Kinds.of.Maps.and.Store.Locator.for.WordPress.<=.8.6.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg 8.6.13 Missing.Authorization MEDIUM" "mapsvg 8.6.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "mapsvg 8.6.11 Contributor+.Stored.XSS MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "mitfahrgelegenheit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.date.Parameter MEDIUM" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "majestic-before-after-image 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mma-call-tracking No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "monetize-link No.known.fix Missing.Authorization.to.Plugin.Settings.Deletion MEDIUM" "media-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mail-baby-smtp 3.2.12 Cross-Site.Request.Forgery MEDIUM" "maintenance-and-noindex-nofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "memberpress 1.12.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberpress 1.12.0 Reflected.Cross-Site.Scripting MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress 1.11.35 Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "maintenance-coming-soon-redirect-animation 2.3.0 Missing.Authorization.to.Settings.Update MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "menu-ordering-reservations 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "meta-tag-manager 3.3 Contributor+.Open.Redirect MEDIUM" "meta-tag-manager 3.2 Missing.Authorization MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "msrp-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multi-video-box No.known.fix Reflected.Cross-Site.Scripting.via.video_id.and.group_id.Parameters MEDIUM" "meta-accelerator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "make-section-column-clickable-elementor 2.4.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "minimalistic-event-manager No.known.fix Missing.Authorization MEDIUM" "meta-display-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multimedia-carousel 2.6.1 Authenticated.(Contributor+).SQL.Injection MEDIUM" "mindmeister-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mail-picker 1.0.15 Unauthenticated.PHP.Object.Injection CRITICAL" "mail-picker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "more-link-modifier No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "map-my-locations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.9.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'mycred_load_coupon'.Shortcode MEDIUM" "mycred 2.9.7.4 Missing.Authorization MEDIUM" "mycred 2.9.7.2 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "mycred 2.9.7.1 Missing.Authorization.to.Unauthenticated.Withdrawal.Request.Approval MEDIUM" "mycred No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.9.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.9.4.4 Authenticated.(Subscriber+).Race.Condition MEDIUM" "mycred 2.9.4.3 Missing.Authorization MEDIUM" "mycred 2.9.4.3 Missing.Authorization MEDIUM" "mycred 2.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_send.Shortcode MEDIUM" "mycred 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_link.Shortcode MEDIUM" "mycred 2.7.4 Missing.Authorization.to.Unauthenticated.Database.Upgrade MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "mobiloud-mobile-app-plugin 4.6.6.1 Missing.Authorization MEDIUM" "motionger-elementor No.known.fix Missing.Authorization MEDIUM" "melapress-role-editor 1.2.0 Improper.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Secondary.Role.Assignment HIGH" "music-press-pro No.known.fix Missing.Authorization MEDIUM" "music-press-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mihdan-elementor-yandex-maps 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marker.Pins MEDIUM" "meetinghub 1.23.10 Missing.Authorization MEDIUM" "meetinghub 1.23.10 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "mass-messaging-in-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-search-enhanced 0.9.2 Authenticated.(Author+).SQL.Injection MEDIUM" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "mylco No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "mediavine-control-panel 2.10.7 Unauthenticated.Information.Exposure MEDIUM" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "maniac-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mejorcluster 1.1.16 Contributor+.Stored.XSS MEDIUM" "mtphr-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mobile-app-editor No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-wp 1.24.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "mshop-npay 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mnp_purchase.Shortcode MEDIUM" "multi-day-booking-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magic-the-gathering-card-tooltips 3.6.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "magic-the-gathering-card-tooltips 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-reservation-system No.known.fix Reflected.XSS HIGH" "marquee-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mashsharer No.known.fix Missing.Authorization MEDIUM" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "melapress-login-security 2.2.0 2.1.1.-.Privilege.Escalation.via.Authentication.Bypass CRITICAL" "melapress-login-security 2.1.1 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "melapress-login-security 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "meow-gallery 5.2.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "media-downloader 0.4.7.6 Reflected.Cross-Site.Scripting MEDIUM" "media-downloader 0.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "mailoptin 1.2.75.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.70.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "modeltheme-addons-for-wpbakery 1.5.6 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "modeltheme-addons-for-wpbakery 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maxab No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "monetag-official No.known.fix Missing.Authorization MEDIUM" "monetag-official No.known.fix Missing.Authorization MEDIUM" "master-paper-collapse-toggle No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "mas-static-content 1.0.9 Authenticated.(Contributor+).Private.Static.Content.Page.Disclosure MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mailchimp-subscribe-sm 4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.8 Editor+.Stored.XSS LOW" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "mitm-bug-tracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meks-easy-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-bootstrap-menu No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.21.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.6.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "magayo-lottery-results No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.26.15 Missing.Authorization MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.26.13 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.26.13 Cross-Site.Request.Forgery MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.26.4 Authentication.Bypass HIGH" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "magical-posts-display 1.2.55 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Magical.Posts.Accordion.Widget MEDIUM" "magical-posts-display 1.2.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "my-loginlogout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mfplugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.7.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'stm_lms_courses_grid_display'.Shortcode MEDIUM" "masterstudy-lms-learning-management-system 3.7.7 MasterStudy.LMS.WordPress.Plugin..for.Online.Courses.and.Education.<.3,7,7.Missing.Authorization.to.Authenticated.(Subscriber+).Posts.and.Media.Creation,.Modification.and.Deletion MEDIUM" "masterstudy-lms-learning-management-system 3.6.28 Authenticated.(Instructor+).SQL.Injection MEDIUM" "masterstudy-lms-learning-management-system 3.6.21 Authenticated.(Instructor+).Sensitive.Information.Exposure MEDIUM" "masterstudy-lms-learning-management-system 3.6.21 Authenticated.(Subscriber+).Race.Condition.to.Multiple.Reviews MEDIUM" "masterstudy-lms-learning-management-system 3.6.21 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.6.16 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.5.29 Contributor+.Local.File.Inclusion HIGH" "masterstudy-lms-learning-management-system 3.5.29 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "munk-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mamurjor-employee-info No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Employee.and.Related.Data.Manipulation MEDIUM" "morkva-ua-shipping 1.7.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'Weight,.kg'.Field MEDIUM" "morkva-ua-shipping 1.0.20 Unauthenticated.Local.File.Inclusion CRITICAL" "moving-media-library 1.23 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Deletion MEDIUM" "melapress-login-security-premium 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "map-store-location No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Form.Color.Parameters MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.10.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.masterslider_pb.and.ms_slide.Shortcodes MEDIUM" "master-slider No.known.fix Missing.Authorization MEDIUM" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_layer.Shortcode MEDIUM" "master-slider 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_slider.Shortcode MEDIUM" "master-slider 3.10.5 Editor+.Stored.XSS LOW" "master-slider 3.10.0 CSRF.to.slider.deletion MEDIUM" "master-slider 3.10.5 Reflected.Cross-Site.Scripting HIGH" "master-slider 3.10.0 Contributor+.Stored.XSS.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Editor+.Stored.XSS.via.slider.callback LOW" "master-slider 3.10.0 Sliders.Deletion.via.CSRF MEDIUM" "master-slider 3.10.0 Contributor+.Stored.XSS MEDIUM" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "mpl-publisher 2.18.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "material-design-iconic-font-integration No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "metadata-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.6.0 Cross-Site.Request.Forgery MEDIUM" "meeting-scheduler-by-vcita 4.6.0 Missing.Authorization MEDIUM" "meeting-scheduler-by-vcita 4.5.5 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "meeting-scheduler-by-vcita 4.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.6.0 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Cross-Site.Request.Forgery MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.5 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita 4.5 Subscriber+.Settings.Update.&.Stored.XSS MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Unauthenticated.Stored.XSS CRITICAL" "meeting-scheduler-by-vcita 4.5.2 Denial.of.Service.via.CSRF MEDIUM" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "my-default-post-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "microtango 0.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "mp-timetable 2.4.16 Contributor+.Event.Disclosure.via.IDOR LOW" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "mdc-youtube-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Limited.Settings.Update MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multifox-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "medinik-core No.known.fix Unauthenticated.SQL.Injection HIGH" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "metrika No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mixtape No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "markup-markdown 3.20.10 Contributor+.Stored.XSS MEDIUM" "markup-markdown 3.20.10 Contributor+.Stored.XSS MEDIUM" "markup-markdown 3.20.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-contador-wp 2.1 Missing.Authorization.to.Unauthenticated.User.Registration.CSV.Export MEDIUM" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "majestic-support 1.1.1 Missing.Authorization MEDIUM" "majestic-support 1.1.1 Unauthenticated.SQL.Injection HIGH" "majestic-support 1.1.1 Missing.Authorization MEDIUM" "majestic-support 1.0.8 Authenticated.(Contributor+).Local.File.Inclusion MEDIUM" "majestic-support 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "majestic-support 1.0.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "majestic-support 1.0.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "mobilize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "msstiger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "map-block-leaflet 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "maxi-blocks 2.1.4 Missing.Authorization MEDIUM" "maxi-blocks 2.1.1 Contributor+.Arbitrary.Options.Update HIGH" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "memeone No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mmm-unity-loader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributes.Parameter MEDIUM" "mycustomwidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-sms-order-notification-otp-verification 4.3.9 Missing.Authorization.to.Unauthenticated.Notification.Settings.Modification MEDIUM" "my-favorite-cars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Unauthenticated.SQL.Injection MEDIUM" "modern-events-calendar-lite 7.22 Information.Exposure MEDIUM" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "melipayamak No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "monarch 1.2.7 Privilege.Escalation HIGH" "modular-connector 2.6.0 Cross-Site.Request.Forgery.via.postConfirmOauth MEDIUM" "modular-connector 2.6.0 Unauthenticated.Privilege.Escalation CRITICAL" "modular-connector 2.5.2 Unauthenticated.Privilege.Escalation CRITICAL" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "masvideos No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "my-favorites 1.4.3 Contributor+.Stored.XSS MEDIUM" "my-favorites 1.4.4 Contributor+.Stored.XSS MEDIUM" "my-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mobile-banner 1.6 CSRF MEDIUM" "mage-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "mailster 4.1.14 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mediapress 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediapress 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Plugin's.Shortcode MEDIUM" "mediapress 1.6.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-for-woocommerce No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "mlr-audio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "my-auctions-allegro-free-edition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "my-auctions-allegro-free-edition 3.6.34 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "my-auctions-allegro-free-edition 3.6.34 Cross-Site.Request.Forgery MEDIUM" "my-auctions-allegro-free-edition No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.33 Unauthenticated.Local.File.Inclusion.via.controller HIGH" "my-auctions-allegro-free-edition 3.6.33 Unauthenticated.SQL.Injection.via.auction_id HIGH" "my-auctions-allegro-free-edition 3.6.32 Authenticated.(Admin+).SQL.Injection MEDIUM" "my-auctions-allegro-free-edition 3.6.34 Cross-Site.Request.Forgery MEDIUM" "my-auctions-allegro-free-edition 3.6.21 Contributor+.SQLi HIGH" "my-auctions-allegro-free-edition 3.6.19 Reflected.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.18 Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "media-hygiene No.known.fix Missing.Authorization MEDIUM" "media-hygiene 4.0.1 Missing.Authorization MEDIUM" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "metform 4.1.1 Unauthenticated.Form.Submission.Exposure.via.Forgeable.Cookie.Value LOW" "metform 4.0.2 Contributor+.Stored.XSS.via.mf-template.DOM.Element MEDIUM" "metform 3.9.3 Admin+.SSRF MEDIUM" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "modalier-elementor No.known.fix Missing.Authorization MEDIUM" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mailhawk 1.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "meta-box 5.11.2 Contributor+.Arbitrary.File.Deletion HIGH" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "metasync No.known.fix 2.5.12.-.Missing.Authorization.to.Authenticated.(Subscriber+).Authentication.Bypass.via.Account.Takeover HIGH" "metasync 2.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "metasync 1.8.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mpwizard No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "mrlegend-typedjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.typespeed.Parameter MEDIUM" "mailchimp-for-wp 4.12.0 Unauthenticated.Arbitrary.Subscription.Deletion MEDIUM" "mailchimp-for-wp 4.9.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.9.17 4.9.16.-.Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "marmoset-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "mt-addons-for-elementor 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "my-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 6.1.2 Missing.Authorization MEDIUM" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "mobile-app 3.8.3 Missing.Authorization MEDIUM" "mass-custom-fields-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "muslim-prayer-time-bd 2.5 Settings.Reset.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.30.13 Missing.Authorization MEDIUM" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "modal-portfolio No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mapmap No.known.fix Cross-Site.Request.Forgery.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "modal-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modal-survey No.known.fix Unauthenticated.SQL.Injection HIGH" "modal-survey No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "mailchimp 2.0.1 Cross-Site.Request.Forgery.to.Mailchimp.List.Change MEDIUM" "medma-matix No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "madara-core 2.2.4 Core.<.2.2.4.-.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "magazine-lister-for-yumpu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meintopf No.known.fix Reflected.XSS HIGH" "movylo-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modeltheme-framework No.known.fix Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.11 5.10.-.Unauthenticated.Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "mp3-music-player-by-sonaar 5.11 5.10.-.Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "mp3-music-player-by-sonaar 5.9.5 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Podcast.RSS.Feed MEDIUM" "mp3-music-player-by-sonaar 5.9 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "myticket-events No.known.fix Unauthenticated.Limited.File.Read MEDIUM" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "my-album-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "my-album-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'style_css'.Shortcode.Attribute MEDIUM" "my-album-gallery No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "makewebbetter-hubspot-for-woocommerce 1.6.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "memberfindme 6.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "magic-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mtcaptcha No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "mangboard 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.8.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Board.Header.And.Footer MEDIUM" "mangboard 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "magical-addons-for-elementor 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "magical-addons-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "magical-addons-for-elementor 1.2.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "mediaview 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mediaview 1.1.3 Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "mapsvg-lite-interactive-vector-maps 8.7.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "mapsvg-lite-interactive-vector-maps 8.7.23 Contributor+.Stored.XSS MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.10 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.5 Contributor+.Arbitrary.File.Upload HIGH" "mapsvg-lite-interactive-vector-maps 8.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg-lite-interactive-vector-maps 8.6.5 Missing.Authorization MEDIUM" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mobile-navigation No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "makestories-helper No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mollie-payments-for-woocommerce 8.1.2 Reflected.Cross-Site.Scripting MEDIUM" "mollie-payments-for-woocommerce 8.0.3 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "miniorange-discord-integration No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "myqtip-easy-qtip2 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "my-quota No.known.fix Reflected.XSS HIGH" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "magicpost 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wb_share_social.Shortcode MEDIUM" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "material-dashboard 1.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "material-dashboard 1.4.6 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "material-dashboard 1.4.6 Unauthenticated.Local.File.Inclusion CRITICAL" "material-dashboard 1.4.6 Unauthenticated.Privilege.Escalation CRITICAL" "my-wp-tabs 2.2.7 Admin+.Stored.XSS LOW" "mercadolibre-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mavis-https-to-http-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "motopress-hotel-booking-lite 5.2.4 Authenticated.(Hotel.Worker+).Remote.Code.Execution MEDIUM" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "master-addons 2.1.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ma_el_bh_table_btn_text' MEDIUM" "master-addons 2.1.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "master-addons 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fancyBox MEDIUM" "master-addons 2.0.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "master-addons 2.0.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "master-addons 2.0.6.8 Free.Widgets,.Hover.Effects,.Toggle,.Conditions,.Animations.for.Elementor.<.2.0.6.8.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.Module MEDIUM" "master-addons 2.1.0 Author+.Stored.XSS MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "mobile-contact-line 2.4.1 Missing.Authorization MEDIUM" "mins-to-read No.known.fix Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "minical No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "merge-minify-refresh 2.15 Cross-Site.Request.Forgery MEDIUM" "media-library-tools 1.7.0 Authenticated.(Author+).SQL.Injection MEDIUM" "media-library-tools 1.5.0 Author+.Stored.XSS.via.SVG MEDIUM" "mywebtonet-performancestats No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "multicarousel No.known.fix Unauthenticated.SQL.Injection HIGH" "media-player-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Fields MEDIUM" "mayosis-core 5.4.2 Unauthenticated.Arbitrary.File.Read HIGH" "masy-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapbox-for-wp-advanced No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "membees-member-login-widget 2.3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "multilevel-referral-plugin-for-woocommerce 2.28.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "multilevel-referral-plugin-for-woocommerce 2.28 Reflected.XSS HIGH" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miraculouscore 2.0.9 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "miraculouscore 2.0.8 Unauthenticated.Privilege.Escalation CRITICAL" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc 2.3.0 Reflected.XSS HIGH" "magic-carousel 1.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "mad-mimi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "musicbox No.known.fix Reflected.XSS HIGH" "menu-card No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "manuall-dofollow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-posts-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "mailchimp-top-bar 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "magic-edge-lite-image-background-remover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.height.Parameter MEDIUM" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "mobile-site-redirect No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "mdl-shortcodes 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mystyle-custom-product-designer 3.21.2 Unauthenticated.SQL.Injection HIGH" "mobigatevn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "meks-themeforest-smart-widget 1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-askai No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediacommander 2.4.0 Missing.Authorization.to.Authenticated.(Author+).Media.Folder.Deletion MEDIUM" "mambo-joomla-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "melhor-envio-cotacao 2.15.12 Unauthenticated.Sensitive.Information.Exposure.via.Hardcoded.Hash MEDIUM" "mailpoet 5.14.2 Reflected.XSS HIGH" "mailpoet 5.5.2 Admin+.Stored.XSS LOW" "mailpoet 5.3.2 Admin+.Stored.XSS LOW" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "martinus-partnersky-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-admin-emails No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meks-quick-plugin-disabler No.known.fix Cross-Site.Request.Forgery MEDIUM" "mighty-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maintenance-mode-based-on-user-roles 2.0.0 Cross-Site.Request.Forgery MEDIUM" "mylinksdump No.known.fix Authenticated.(Administrator+).SQL.Injection.via.'sort_by'.and.'sort_order'.Parameters HIGH" "music-player-for-woocommerce 1.6.0 Missing.Authorization MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "move-addons 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "move-addons 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meinturnierplande-widget-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "message-ticker No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "memberful-wp 1.76.0 Missing.Authorization MEDIUM" "memberful-wp 1.74.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberful-wp 1.73.8 Authenticated.(contributor+).Stored.Cross-Site.Scripting MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 50.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 40.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 30.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 18.5.4 Incorrect.Authorization.to.Sensitive.Information.Exposure MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "music-sheet-viewer No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "music-sheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-post-type-order No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mpto.Shortcode MEDIUM" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch 1.6.3 Reflected.XSS HIGH" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "my-wp-translate No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "my-wp-translate No.known.fix Authenticated.(Subscriber+).Missing.Authorization.to.Arbitrary.Option.Read.and.Deletion MEDIUM" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "metalpriceapi 1.1.5 Contributor+.Remote.Code.Execution HIGH" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-in-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "machform-shortcode 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ml-slider 3.99.0 Contributor+.Stored.XSS.via.aria-label.Parameter MEDIUM" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Authenticated.(Editor+).PHP.Object.Injection HIGH" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "moneytigo No.known.fix Malicious..htaccess.directive MEDIUM" "multi-feed-reader No.known.fix Cross-Site.Request.Forgery MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "music-player-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.album_buy_url.Parameter MEDIUM" "music-player-for-elementor 2.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Template.Import MEDIUM" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "muzaara-adwords-optimize-dashboard No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "muzaara-adwords-optimize-dashboard No.known.fix Information.Exposure MEDIUM" "markdown-shortcode 0.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar No.known.fix Missing.Authorization MEDIUM" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "moreads-se 1.4.7 XSS MEDIUM" "mikado-core 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "member-access No.known.fix Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "members-page-only-for-logged-in-users No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-wp-responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-icons 0.13.21 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "miraculous-el 2.0.8 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "meta-slider-and-carousel-with-lightbox 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "mobile-builder No.known.fix Authentication.Bypass CRITICAL" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediabay No.known.fix WordPress.Media.Library.Folders.<=.1.4.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mediabay No.known.fix WordPress.Media.Library.Folders.<=.1.4.-.Reflected.Cross-Site.Scripting MEDIUM" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "my-tickets 2.1.1 Unauthenticated.Information.Exposure MEDIUM" "my-tickets 2.1.1 Missing.Authorization MEDIUM" "my-tickets 2.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-tickets 2.0.17 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "my-tickets 2.0.10 Missing.Authorization MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "make-email-customizer-for-woocommerce No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "make-email-customizer-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "media-library-assistant 3.34 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Taxonomy.Modification MEDIUM" "media-library-assistant 3.30 Unauthenticated.Limited.File.Read MEDIUM" "media-library-assistant 3.30 Missing.Authorization MEDIUM" "media-library-assistant 3.29 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.28 Authenticated.(Author+).Limited.File.Deletion MEDIUM" "media-library-assistant 3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_tag_cloud.and.mla_term_list.Shortcodes MEDIUM" "media-library-assistant 3.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.24 Reflected.Cross-Site.Scripting.via.smc_settings_tab,.unattachfixit-action,.and.woofixit-action.Parameters MEDIUM" "media-library-assistant 3.20 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "monitor-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-library-downloader No.known.fix Cross-Site.Request.Forgery MEDIUM" "media-library-downloader 1.3.2 Missing.Authorization MEDIUM" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "mizan-demo-importer 0.1.4 Missing.Authorization MEDIUM" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "miniorange-login-openid No.known.fix Authenticated.(Administrator+).Local.File.Inclusion MEDIUM" "miniorange-login-openid 7.7.0 Unauthenticated.Local.File.Inclusion HIGH" "miniorange-login-openid 200.3.10 Authentication.Bypass HIGH" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "mp-ukagaka No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meetup No.known.fix Authentication.Bypass CRITICAL" "material-design-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mdi-icon.Shortcode MEDIUM" "mightyforms 1.3.10 Missing.Authorization MEDIUM" "mightyforms 1.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "make-column-clickable-elementor 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mg-advancedoptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "membership-for-woocommerce 3.0.4 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "membership-for-woocommerce 3.0.0 Missing.Authorization MEDIUM" "membership-for-woocommerce 2.8.2 Missing.Authorization MEDIUM" "membership-for-woocommerce 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mx-time-zone-clocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mx-time-zone-clocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "moosend-landing-pages No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Option.Deletion MEDIUM" "maan-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "marquee-style-rss-news-ticker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "mstw-league-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "minify-html-markup 2.1.11 -.Regular.Expressions.Denial.of.Service MEDIUM" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mark-new-posts 7.6 Missing.Authorization.via.save_options MEDIUM" "mas-addons-for-elementor 1.1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "mas-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "music-pack-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "mini-course-generator 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "monkee-boy-wp-essentials No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "memorialday 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "medical-addon-for-elementor 1.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Typewriter.Widget MEDIUM" "medical-addon-for-elementor 1.6.3 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "medical-addon-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.94.10 Admin+.Stored.XSS LOW" "mappress-google-maps-for-wordpress 2.94.9 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.94.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Map.Block MEDIUM" "mappress-google-maps-for-wordpress 2.93 Admin+.Stored.XSS.via.Map.Settings LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "mihdan-no-external-links 5.1.7 Cross-Site.Request.Forgery MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "mailclient No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "mdc-comment-toolbar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "meks-smart-social-widget 1.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "mailmunch 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "moving-users 1.10 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "map-contact No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "mark-posts 2.2.5 Missing.Authorization MEDIUM" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 9.8.4 Admin+.Stored.XSS LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Button.Width LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Text.Color LOW" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "md-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mailarchiver 4.5.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "mailarchiver 4.5.1 Authenticated.(Admininistrator+).SQL.Injection.via.'logid'.Parameter MEDIUM" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "mas-wp-job-manager-company 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "mail-subscribe-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "mixcloud-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion HIGH" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "money-space 2.14.0 Unauthenticated.Sensitive.Information.Exposure HIGH" "mage-eventpress 5.1.2 Unauthenticated.PHP.Object.Injection HIGH" "mage-eventpress 5.0.9 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "mage-eventpress 5.1.2 Cross-Site.Request.Forgery MEDIUM" "mage-eventpress 5.0.5 Missing.Authorization MEDIUM" "mage-eventpress 5.0.5 Missing.Authorization MEDIUM" "mage-eventpress 4.4.9 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "mage-eventpress 4.4.7 Missing.Authorization MEDIUM" "mage-eventpress 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.3.7 Contributor+.PHP.Object.Injection MEDIUM" "mage-eventpress 4.3.0 Missing.Authorization MEDIUM" "mage-eventpress 4.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "mage-eventpress 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "memberspace 2.1.14 Reflected.Cross-Site.Scripting MEDIUM" "memberspace 2.1.14 Reflected.XSS MEDIUM" "media-library-alt-text-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'post_id'.Shortcode.Attribute MEDIUM" "mapfig-premium-leaflet-map-maker No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "mind-doodle-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "mfolio-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "mfolio-lite 1.2.2 Missing.Authorization.to.Authenticated.(Author+).File.Upload.via.EXE.and.SVG.Files CRITICAL" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-wp-brand 1.1.4 Cross-Site.Request.Forgery MEDIUM" "my-wp-brand 1.1.3 Missing.Authorization MEDIUM" "movie-booking 1.1.6 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "multi-column-taxonomy-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mybb-last-topics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "mystickymenu 2.8.7 Unauthenticated.SQLi.via.'stickymenu_contact_lead_form'.Action HIGH" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "mobile-friendly-flickr-slideshow 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-friendly-flickr-slideshow 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdr-webmaster-tools No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.4 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "mj-contact-us No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marketing-and-seo-booster No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "members 3.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "movies-importer No.known.fix Cross-Site.Request.Forgery MEDIUM" "mhr-custom-anti-copy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mmx-make-me-christmas No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mstw-csv-exporter No.known.fix Missing.Authorization MEDIUM" "ninja-charts 3.3.6 Unauthenticated.Information.Exposure MEDIUM" "nexter-extension 4.4.7 Unauthenticated.PHP.Object.Injection.via.'nxt_unserialize_replace' HIGH" "nexter-extension 4.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nelio-content 4.2.1 Authenticated.(Contributor+).SQL.Injection MEDIUM" "nelio-content 4.0.6 Missing.Authorization MEDIUM" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "nirweb-support No.known.fix Missing.Authorization MEDIUM" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "narnoo-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsletter-subscriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "norebro-extra No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "neon-product-designer-for-woocommerce No.known.fix Unauthenticated.SQL.Injection HIGH" "neon-product-designer-for-woocommerce No.known.fix Contributor+.SQL.Injection MEDIUM" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "netinsight-analytics-implementation-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "netinsight-analytics-implementation-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "navz-photo-gallery 3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attachment.Metadata.Modification MEDIUM" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "nino-social-connect No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "no-spam-at-all No.known.fix Missing.Authorization MEDIUM" "nextgen-gallery 4.0.5 Author+.Local.File.Inclusion HIGH" "nextgen-gallery 4.0.0 Contributor+.Local.File.Inclusion.via.'template' MEDIUM" "nextgen-gallery 3.59.12 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.ThickBox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.5 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.SimpleLightbox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.9 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.5 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS CRITICAL" "ni-woocommerce-product-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "notification-for-telegram No.known.fix Missing.Authorization MEDIUM" "notification-for-telegram No.known.fix Cross-Site.Request.Forgery MEDIUM" "notification-for-telegram 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Send.Telegram.Test.Message MEDIUM" "news-element No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Data.Loss MEDIUM" "news-element No.known.fix Contributor+.Stored.XSS MEDIUM" "news-element 1.0.6 Unauthenticated.LFI HIGH" "nextend-social-login-pro 3.1.17 Authentication.Bypass.via.Apple.OAuth.provider CRITICAL" "nextend-social-login-pro 3.1.15 Authentication.Bypass CRITICAL" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "nmedia-mailchimp-widget No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "navigation-tree-elementor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "ni-woocommerce-product-enquiry No.known.fix Missing.Authorization MEDIUM" "ninja-page-categories-and-tags No.known.fix Admin+.Stored.XSS LOW" "ns-simple-intro-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noveldesign-store-directory No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "niche-hero No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'spacing'.Shortcode.Attribute MEDIUM" "newsletter-page-redirects 1.0.6 Unauthenticated.Privilege.Escalation CRITICAL" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "nmedia-user-file-uploader No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Sharing.via.'file_id'.Parameter HIGH" "nmedia-user-file-uploader No.known.fix Unauthenticated.Arbitrary.Email.Sending MEDIUM" "nmedia-user-file-uploader 23.5 Subscriber+.Arbitrary.File.Deletion HIGH" "nmedia-user-file-uploader 23.5 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.File.Renaming MEDIUM" "nmedia-user-file-uploader 23.3 Missing.Authorization MEDIUM" "nmedia-user-file-uploader 23.4 Missing.Authorization MEDIUM" "nmedia-user-file-uploader 22.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion HIGH" "nmedia-user-file-uploader No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Content.Injection MEDIUM" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "nex-forms-lite 8.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "nofollow-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "news-magazine-and-blog-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notifier No.known.fix Missing.Authorization MEDIUM" "notifier 2.7.13 Missing.Authorization MEDIUM" "notifier 2.6.1 Admin+.Stored.XSS LOW" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "nestbyte-core No.known.fix Unauthenticated.SQL.Injection HIGH" "n360-splash-screen 1.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ninjateam-telegram 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "ninjateam-telegram 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nacc-wordpress-plugin 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-booking No.known.fix Missing.Authorization MEDIUM" "nd-booking 3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-booking 3.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-booking 3.7 Unauthenticated.Local.File.Inclusion CRITICAL" "nd-booking 3.3 Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "naver-blog-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "nimbata-call-tracking No.known.fix Stored.XSS.via.CSRF HIGH" "nertworks-all-in-one-social-share-tools No.known.fix Cross-Site.Request.Forgery MEDIUM" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ninja-countdown No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Countdown.Deletion MEDIUM" "ni-woocommerce-sales-report-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "navigation-du-lapin-blanc No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nelio-popups 1.3.6 Missing.Authorization MEDIUM" "nelio-popups 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "nps-computy 2.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "nps-computy 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "ni-woocommerce-customer-product-report No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nextcart-woocommerce-migration 3.9.5 Unauthenticated.SQL.Injection HIGH" "nextcart-woocommerce-migration 3.9.4 Reflected.Cross-Site.Scripting MEDIUM" "nanosupport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nanosupport No.known.fix Missing.Authorization MEDIUM" "navayan-subscribe No.known.fix Cross-Site.Request.Forgery MEDIUM" "ninja-tables-pro 5.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "nite-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nazy-load 2.4.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "newstatpress 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "new-simple-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nm-visitors No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Header HIGH" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "notice-faq No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nitropack 1.18.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update.via.nitropack_set_compression_ajax.Function MEDIUM" "nitropack 1.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Transient.Update MEDIUM" "nitropack 1.17.6 Subscriber+.Limited.Options.Update HIGH" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "nblocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "no-disposable-email No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 9.1.1 Cross-Site.Request.Forgery.to.Newsletter.Unsubscription MEDIUM" "newsletter 9.1.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "newsletter 8.8.5 Admin+.Stored.XSS.via.Widget LOW" "newsletter 8.8.5 Admin+.Stored.XSS.via.Form LOW" "newsletter 8.8.2 Admin+.Stored.XSS.via.Subscription LOW" "newsletter 8.7.1 Admin+.Stored.XSS LOW" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "news-ticker-widget-for-elementor 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmanapp 3.0.0 Cross-Site.Request.Forgery MEDIUM" "newsmanapp 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nelio-ab-testing 8.2.5 Authenticated.(Editor+).SQL.Injection MEDIUM" "nelio-ab-testing 8.2.0 Authenticated.(Editor+).Remote.Code.Execution HIGH" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "newsticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.12 Unauthenticated.PHP.Object.Injection HIGH" "newsletters-lite 4.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.11 Unauthenticated.Local.File.Inclusion HIGH" "newsletters-lite 4.11 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.10 Authenticated.(Administrator+).Local.File.Inclusion HIGH" "newsletters-lite 4.9.9.9 Authenticated.(Contributor+).SQL.Injection.orderby.Parameter MEDIUM" "newsletters-lite 4.9.9.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "newsletters-lite 4.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "newsletters-lite 4.9.9.8 Reflected.Cross-Site.Scripting.via.To.Parameter MEDIUM" "newsletters-lite 4.9.9.7 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.newsletters_video.Shortcode MEDIUM" "newsletters-lite 4.9.9.2 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.3 Admin+.Command.Injection MEDIUM" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "nicebackgrounds No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "ninjascanner 3.2.6 Admin+.Arbitrary.File.Deletion MEDIUM" "navayan-csv-export No.known.fix Unauthenticated.SQL.Injection CRITICAL" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "news-and-blog-designer-bundle No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "norse-runes-oracle 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "norse-runes-oracle 1.4.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "notibar 2.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notibar 2.1.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.njt_nofi_text MEDIUM" "notibar 2.1.5 Missing.Authorization.via.ajax_install_plugin MEDIUM" "new-user-approve 3.2.1 Missing.Authorization MEDIUM" "new-user-approve 3.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Approval,.Denial,.and.Information.Disclosure HIGH" "new-user-approve 3.1.0 Unauthenticated.Sensitive.Information.Disclosure.via.Type.Juggling MEDIUM" "new-user-approve 3.2.4 Cross-Site.Request.Forgery MEDIUM" "new-user-approve 2.6.4 Missing.Authorization MEDIUM" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nasa-core 6.4.4 Reflected.Cross-Site.Scripting MEDIUM" "nasa-core 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nasa-core No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "nasa-core 6.4.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "netcash-pay-now-payment-gateway-for-woocommerce 4.1.4 Missing.Authorization.to.Unauthenticated.Order.Status.Modification MEDIUM" "next-page-not-next-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "nemesis-all-in-one No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nova-poshta-ttn 1.19.7 Unauthenticated.SQL.Injection HIGH" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery-search-galleries No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "novelist 1.2.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "notice-bar 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "ninja-tables 5.2.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ninja-tables 5.2.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "ninja-tables 5.0.19 Unauthenticated.Server-Side.Request.Forgery HIGH" "ninja-tables 5.0.19 Unauthenticated.PHP.Object.Injection.to.Limited.Remote.Code.Execution MEDIUM" "ninja-tables 5.0.17 Admin+.Stored.XSS LOW" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "news-list No.known.fix Reflected.XSS HIGH" "notice-board-by-towkir No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notifications-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nearby-locations No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "notificationx 3.2.1 Missing.Authorization.to.Authenticated.(Contributor+).Analytics.Reset MEDIUM" "notificationx 3.2.1 Unauthenticated.DOM-Based.Cross-Site.Scripting.via.'nx-preview' HIGH" "notificationx 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.9.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "n-media-wp-simple-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nabz-image-gallery No.known.fix Unauthenticated.SQL.Injection CRITICAL" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "nepali-date-converter 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsboard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.7.2 Contributor+.Stored.XSS MEDIUM" "nicejob 3.6.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nix-anti-spam-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "nix-anti-spam-light No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "netgsm 2.9.64 Reflected.Cross-Site.Scripting MEDIUM" "netgsm No.known.fix Missing.Authorization MEDIUM" "netgsm 2.9.33 Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "neon-channel-product-customizer-free 3.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "nonaki-email-template-customizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Fields MEDIUM" "notif-bell 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nearby-now-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "newsletter-subscription-widget-for-sendblaster No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nurelm-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 9.1.10 Missing.Authorization.to.Unauthenticated.Arbitrary.Form.Entry.Modification.via.nf_set_entry_update_id HIGH" "nex-forms-express-wp-form-builder 9.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).License.Deactivation.via.deactivate_license MEDIUM" "nex-forms-express-wp-form-builder 9.1.8 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 9.1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "nex-forms-express-wp-form-builder 9.1.9 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nex-forms-express-wp-form-builder 9.1.8 Authenticated.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 9.1.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 9.1.4 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.9.2 Authenticated.(Custom).Limited.Code.Execution.via.get_table_records.Function MEDIUM" "nex-forms-express-wp-form-builder 8.9.2 Authenticated.(Custom).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.8.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nex-forms-express-wp-form-builder 8.7.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.4 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "north-plugin No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nginx-cache-optimizer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Dynamic.Caching.Exclusion.Update MEDIUM" "ninja-forms 3.14.1 Unauthenticated.Information.Disclosure HIGH" "ninja-forms 3.13.3 Unauthenticated.Token.Generation.and.Submission.Disclosure HIGH" "ninja-forms 3.12.1 Limited.File.Deletion.via.CSRF MEDIUM" "ninja-forms 3.12.1 Statistics.Collection.Opt.In.via.CSRF MEDIUM" "ninja-forms 3.11.1 Unauthenticated.PHP.Object.Injection HIGH" "ninja-forms 3.10.2.2 Contributor+.Stored.XSS.via.CSTI MEDIUM" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.10.1 Admin+.Stored.XSS LOW" "ninja-forms 3.8.25 Contributor+.Stored.XSS MEDIUM" "ninja-forms 3.8.23 Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.20 Unauthenticated.Stored.XSS.via.Form.Calculations HIGH" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.16 Reflected.Self-Based.Cross-Site.Scripting.via.Referer MEDIUM" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "nova-blocks 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nova-blocks 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "nokaut-offers-box No.known.fix Plugin.Reset.via.CSRF MEDIUM" "nokaut-offers-box No.known.fix Admin+.Stored.XSS LOW" "newsletter2go No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Style.Reset MEDIUM" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "neoforum No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "neoforum No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "nk-themes-helper No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nias-course No.known.fix Contributor+.Stored.XSS MEDIUM" "ns-maintenance-mode-for-wp No.known.fix Admin+.Stored.XSS LOW" "ns-maintenance-mode-for-wp No.known.fix Unauthenticated.Subscribers.Export HIGH" "next-event-calendar No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "news-ticker-for-elementor No.known.fix Missing.Authorization MEDIUM" "nepali-date-utilities No.known.fix Stored.XSS.via.CSRF HIGH" "newsletters-from-rss-to-email-newsletters-using-nourish No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "new-contact-form-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.7 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.3 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "ni-crm-lead No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-crm-lead No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "naver-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.7.5 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.4 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.2 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "nativery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "nmr-strava-activities 1.0.8 Contributor+.Stored.XSS MEDIUM" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "nexa-blocks 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Google.Maps.Widget MEDIUM" "nexa-blocks No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "nexa-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "noindex-by-path No.known.fix Cross-Site.Request.Forgery MEDIUM" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "norby-ai No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "notely 1.9.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ngg-smart-image-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ngg-smart-image-search 3.4.3 Unauthenticated.SQL.Injection HIGH" "ngg-smart-image-search 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ngg-smart-image-search 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nhrrob-options-table-manager 1.1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "national-weather-service-alerts No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "nepali-post-date No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notify-odoo 1.0.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ni-woo-sales-commission No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Commission.Update MEDIUM" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-page No.known.fix Admin+.Stored.XSS LOW" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "namaste-lms No.known.fix Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.5 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "namaste-lms 2.6.3 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "nextgen-gallery-voting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nari-accountant No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "nc-wishlist-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "newspack-newsletters 3.14.0 Open.Redirect MEDIUM" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "ni-woocommerce-order-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netease-music No.known.fix Missing.Authorization MEDIUM" "nautic-pages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "notifikacie-sk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "name-directory 1.33.0 Unauthenticated.Stored.Cross-Site.Scripting.via.'name_directory_name' HIGH" "name-directory 1.32.1 Unauthenticated.Stored.Cross-Site.Scripting.via.Double.HTML-Entity.Encoding.in.Submission.Form HIGH" "name-directory 1.31.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Multiple.Parameters HIGH" "name-directory 1.30.1 Missing.Authorization MEDIUM" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "namasha-by-mdesign 1.2.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.playicon_title.Parameter MEDIUM" "nooz 1.7.0 Admin+.Stored.XSS LOW" "network-posts-extended No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.post_height.Parameter MEDIUM" "network-favorites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newpost-catch 1.3.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.npc.Shortcode MEDIUM" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "nextend-facebook-connect 3.1.22 Cross-Site.Request.Forgery.to.Unlink.User.Social.Login MEDIUM" "nextend-facebook-connect 3.1.20 Contributor+.Stored.XSS MEDIUM" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "nopeamedia 1.2.1 Cross-Site.Request.Forgery MEDIUM" "nopeamedia 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "noakes-menu-manager 3.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "news-articles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "ns-ie-compatibility-fixer No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "narnoo-commerce-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "nifty-backups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "new-album-gallery 1.6.4 Authenticated.(Editor+).PHP.Object.Injection.via.Gallery.Meta HIGH" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "navegg No.known.fix Cross-Site.Request.Forgery MEDIUM" "nextgen-cooliris-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "nextgen-download-gallery No.known.fix Unauthenticated.Information.Exposure MEDIUM" "nest-addons 1.6.4 Unauthenticated.SQL.Injection HIGH" "newsletter-email-subscribe No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "novo-map No.known.fix CSRF MEDIUM" "ninja-forms-webhooks 3.0.8 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Form.Webhook MEDIUM" "news-kit-elementor-addons No.known.fix Missing.Authorization MEDIUM" "news-kit-elementor-addons 1.3.5 Missing.Authorization MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons 1.2.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Canvas.Menu.Elementor.Template MEDIUM" "nota-fiscal-eletronica-woocommerce 3.4.1.0 Missing.Authorization MEDIUM" "nota-fiscal-eletronica-woocommerce 3.4.1.0 Shop.manager+.Stored.XSS MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Subscriber+.Stored.XSS MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Missing.Authorization MEDIUM" "ni-woocommerce-cost-of-goods 3.2.9 Admin+.SQL.Injection MEDIUM" "newsletter-optin-box 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "new-image-gallery 1.6.1 Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "new-order-notification-for-woocommerce 2.0.3 Missing.Authorization MEDIUM" "opt-in-hound No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "order-delivery-pickup-location-date-time-free-version No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "onepay-payment-gateway-for-woocommerce 1.1.3 Missing.Authorization.to.Unauthenticated.Order.Status.Modification MEDIUM" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "oganro-travel-portal-search-widget-for-hotelbeds-apitude-api No.known.fix Cross-Site.Request.Forgery MEDIUM" "ownerrez 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ownerrez 1.2.1 Cross-Site.Request.Forgery MEDIUM" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ot-twitter-feed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "open-social No.known.fix Admin+.Stored.XSS LOW" "option-editor No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "order-hours-scheduler-for-woocommerce 4.3.22 Reflected.Cross-Site.Scripting MEDIUM" "ota-sync-booking-engine-widget 1.3.0 Settings.Update.via.CSRF MEDIUM" "onceki-yazi-linki No.known.fix Cross-Site.Request.Forgery MEDIUM" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "optimole-wp 4.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Media.Offload MEDIUM" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "otp-login 1.5 Authentication.Bypass.via.Weak.OTP HIGH" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "omplag No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "oliver-pos 2.4.2.4 Sensitive.Information.Exposure.to.Privilege.Escalation CRITICAL" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "od-photogallery-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "open-ai-search-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "ova-events-manager 1.8.7 Missing.Authorization MEDIUM" "ova-events-manager 1.8.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ova-events-manager 1.8.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "order-import-export-for-woocommerce 2.6.8 Missing.Authorization MEDIUM" "order-import-export-for-woocommerce 2.6.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "order-import-export-for-woocommerce 2.6.1 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "order-import-export-for-woocommerce 2.6.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "order-import-export-for-woocommerce 2.6.1 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "odihost-easy-redirect-301 No.known.fix Cross-Site.Request.Forgery MEDIUM" "oik 4.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oik 4.15.3 Reflected.Cross-Site.Scripting MEDIUM" "oik 4.15.3 Cross-Site.Request.Forgery MEDIUM" "oik 4.15.2 Missing.Authorization MEDIUM" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.1.14 Contributor+.Stored.XSS MEDIUM" "osm 6.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osm 6.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.osm_map.and.osm_map_v3.Shortcodes MEDIUM" "osm 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.0.4 Contributor+.SQL.Injection MEDIUM" "osm 6.0.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm 6.0.3 CSRF MEDIUM" "official-statcounter-plugin-for-wordpress 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Nickname MEDIUM" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "osm-map-elementor 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos..Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "opcache No.known.fix Reflected.XSS HIGH" "order-status-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "osomblocks 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class_name.Parameter MEDIUM" "onlinecontract No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Import MEDIUM" "offsprout-page-builder No.known.fix 2.15.2.-.Contributor+.Privilege.Escalation HIGH" "orbisius-child-theme-creator 1.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Cloud.Snippet.Update/Delete MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "oxygen-mydata 1.0.65 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "owl-carousel-wp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "os-bxslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "optimate-ads No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ok-poster-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "orion-login-with-sms No.known.fix Authenticated.Bypass.via.Weak.OTP HIGH" "originality-ai No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Disclosure.via.'ai_get_table' MEDIUM" "originality-ai 1.0.16 Subscriber+.Scan.Log.Deletion MEDIUM" "oceanpayment-creditcard-gateway No.known.fix Unauthenticated.Order.Status.Update MEDIUM" "outdoor No.known.fix Unauthenticated.SQL.Injection HIGH" "om-stripe No.known.fix Reflected.XSS HIGH" "order-audit-log-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-post No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "oganro-reservation-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "os-datahub-maps 1.8.4 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "onionbuzz-viral-quiz No.known.fix Cross-Site.Request.Forgery MEDIUM" "orion-sms-otp-verification 2.0.0 Authentication.Bypass.via.Account.Takeover CRITICAL" "orders-chat-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "opencart-product-in-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "omnipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "omnipress No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "omnipress 1.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "omnipress 1.6.5 Contributor+.Stored.XSS MEDIUM" "omnipress 1.5.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "omnipress 1.5.0 Contributor+.Stored.XSS MEDIUM" "oik-privacy-policy 1.4.11 Reflected.Cross-Site.Scripting HIGH" "ova-events 1.2.9 Unauthenticated.Local.File.Inclusion HIGH" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ocean-extra 2.5.0 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.4.7 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ocean-extra 2.4.7 Contributor+.Stored.XSS.via.'ocean_gallery_id' MEDIUM" "ocean-extra 2.4.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "okay-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ocean-social-sharing 2.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opal-portfolios No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "oshine-core No.known.fix Missing.Authorization MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "outdooractive-embed 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "openai-tools-for-wp-wc No.known.fix Missing.Authorization MEDIUM" "omnify-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-tip-woo 1.5.5 Unauthenticated.Tip.Manipulation.to.Negative.Value.Leading.to.Unauthorized.Discounts HIGH" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "onestore-sites No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "onestore-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "online-appointment-scheduling-software No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "os-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "onlywire-multi-autosubmitter No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "occupancyplan No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "occupancyplan No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "order-notification-for-telegram No.known.fix Missing.Authorization.to.Unauthenticated.Send.Telegram.Test.Message MEDIUM" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "opencart-product-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "openpix-for-woocommerce No.known.fix Subscriber+.Payment.Gateway.Settings.Reset MEDIUM" "oa-social-login 5.10.0 Authentication.Bypass CRITICAL" "opti-marketing 2.0.10 Unauthenticated.SQLi HIGH" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "omnishop No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.User.Deletion.via./users/delete.REST.Endpoint MEDIUM" "omnishop No.known.fix Missing.Registration.Restriction.to.Unauthenticated.Account.Creation.via./users/register.REST.Endpoint MEDIUM" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "oxygen 4.4 CSRF MEDIUM" "ootb-openstreetmap 2.8.4 Contributor+.Stored.XSS.via.ootb_query.Shortcode MEDIUM" "opensheetmusicdisplay 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onlyoffice-docspace 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ownid-passwordless-login No.known.fix Authentication.Bypass HIGH" "ova-advent 1.1.8 Contributor+.Stored.XSS MEDIUM" "office-locator No.known.fix Unauthenticated.SQL.Injection HIGH" "office-locator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "overstock-affiliate-links No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date-for-woocommerce 4.3.2 Missing.Authorization MEDIUM" "order-delivery-date-for-woocommerce 4.2.0 Missing.Authorization MEDIUM" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "onlyoffice No.known.fix 2.2.0.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.callback.Function CRITICAL" "onlyoffice 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ops-robots-txt 2.0.1 Stored.XSS.via.CSRF HIGH" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ova-brw 1.8.8 Unauthenticated.Local.File.Inclusion HIGH" "ova-brw 1.8.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ova-brw 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oppso-unit-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-minimum-amount-for-woocommerce 4.6.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting.via.Hide.Add.to.Cart.Content.Fields MEDIUM" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "online-booking-engine No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "otpless No.known.fix 2.0.59.-.Unauthenticated.Arbitrary.Email.Update.to.Account.Takeover/Privilege.Escalation CRITICAL" "otpless 2.0.59 Reflected.Cross-Site.Scripting MEDIUM" "online-accessibility 4.20 Missing.Authorization MEDIUM" "online-accessibility 4.19 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "online-accessibility 4.19 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "online-accessibility 4.19 Missing.Authorization MEDIUM" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "ocean-modal-window 2.3.3 Editor+.Remote.Code.Execution.via.Modal.Conditions HIGH" "open-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.7.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "open-graph-metabox No.known.fix CSRF MEDIUM" "ogulo-360-tour 1.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slug.Parameter MEDIUM" "ohio-extra 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ohio-extra No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ovation-elements 1.1.3 Missing.Authorization MEDIUM" "onet-regenerate-thumbnails No.known.fix Cross-Site.Request.Forgery MEDIUM" "opal-woo-custom-product-variation 1.2.1 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "opal-woo-custom-product-variation 1.1.4 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "olympus-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "orderable No.known.fix Subscriber+.Arbitrary.Plugin.Installation HIGH" "orbisius-simple-notice 1.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "orangebox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "osticket-wp-bridge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "opentracker-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "optin 1.4.30 Unauthenticated.Server-Side.Request.Forgery.via.'link'.Parameter.in.REST.API HIGH" "optin 1.4.25 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "oneclick-whatsapp-order 1.1.0 Missing.Authorization.to.Authenticated.(Editor+).Plugin.Settings.Update LOW" "oneclick-whatsapp-order 1.0.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "oboxmedia-ads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "os-our-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "one-backend-language No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "oopspam-anti-spam 1.2.54 Unauthenticated.IP.Header.Spoofing MEDIUM" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "order-delivery-date 12.6.0 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "order-delivery-date 12.4.0 Reflected.XSS HIGH" "order-delivery-date 12.3.1 Unauthenticated.Arbitrary.Option.Update CRITICAL" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "official-sendle-shipping-method 6.03 Missing.Authorization MEDIUM" "official-sendle-shipping-method 6.03 Cross-Site.Request.Forgery MEDIUM" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "onpay-io-for-woocommerce 1.0.48 Missing.Authorization MEDIUM" "oracle-cards 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "optio-dentistry 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "optio-dentistry 2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "orbisius-random-name-generator 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'btn_label'.Shortcode.Attribute MEDIUM" "ooohboi-steroids-for-elementor 2.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.URL.Controls MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "otter-blocks 3.1.1 Gutenberg.Block.<.3.1.1.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "otter-blocks 3.0.7 Unauthetnicated.Path.Traversal.to.Arbitrary.Image.View MEDIUM" "otter-blocks 3.0.4 Gutenberg.Block.<.3.0.4.-.Missing.Authorization MEDIUM" "otter-blocks 3.0.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "one-page-express-companion 1.6.44 Missing.Authorization MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "order-status-rules-for-woocommerce 3.7.2 Open.Redirect HIGH" "omigo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "optional-email No.known.fix Unauthenticated.Privilege.Escalation.to.Account.Takeover CRITICAL" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "onesignal-free-web-push-notifications 3.6.2 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "open-user-map 1.4.17 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "open-user-map 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "octrace-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "octrace-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ongkoskirim-id No.known.fix Missing.Authorization MEDIUM" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "onoffice-for-wp-websites 6.10 Authenticated.(Editor+).SQL.Injection MEDIUM" "onoffice-for-wp-websites 6.10 Missing.Authorization MEDIUM" "onoffice-for-wp-websites 6.5.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "otw-portfolio-manager No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "otw-portfolio-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "official-saleswizard-crm 1.0.4 Contributor+.Stored.XSS MEDIUM" "os-diagnosis-generator No.known.fix Missing.Authorization MEDIUM" "official-skrill-woocommerce 1.0.67 Settings.Update.via.CSRF MEDIUM" "optimize-more-images No.known.fix Missing.Authorization MEDIUM" "oshine-modules 3.3.8 Reflected.Cross-Site.Scripting MEDIUM" "oshine-modules 3.3.8 Unauthenticated.Server-Side.Request.Forgery HIGH" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "oz-canonical No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "omnileads-scripts-and-tags-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "out-of-stock-badge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "orange-confort-plus 0.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "one-login No.known.fix Unauthenticated.Privilege.Esclation CRITICAL" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "order-export-and-more-for-woocommerce 3.25 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "opal-estate-pro No.known.fix Unauthenticated.Privilege.Escalation.via.'on_regiser_user' CRITICAL" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "our-team-members 2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "order-attachments-for-woocommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-attachments-for-woocommerce 2.5.0 2.4.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optimize-more-css No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Reset MEDIUM" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "off-page-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.9 Cross-Site.Request.Forgery MEDIUM" "off-canvas-sidebars 0.5.8.5 Reflected.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "olalaweb-mailchimp-campaign-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).MailChimp.App.Disconnection MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "oneelements-ultimate-addons-for-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "opal-service No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "open-hours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oss-upload No.known.fix Cross-Site.Request.Forgery MEDIUM" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "pdf-invoicing-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-for-learndash 1.3.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "plezi 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "print-my-blog 3.27.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "penci-filter-everything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "penci-filter-everything 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pallet-packaging-for-woocommerce 1.1.16 Missing.Authorization MEDIUM" "push-monkey-desktop-push-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "photo-gallery-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "pochipp 1.18.1 Missing.Authorization MEDIUM" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "post-from-frontend No.known.fix Post.Deletion.via.CSRF MEDIUM" "pagbank-connect 4.44.4 Authenticated.(Shop.Manager+).SQL.Injection MEDIUM" "pie-register-social-site 1.8 Authentication.Bypass.via.WordPress.com.OAuth.provider HIGH" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pingmeter-uptime-monitoring No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-for-gravity-forms 6.5.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.11 Authenticated.(Subscriber+).SQL.Injection HIGH" "premmerce-woocommerce-wholesale-pricing 1.1.11 Unauthenticated.Local.File.Inclusion HIGH" "premmerce-woocommerce-wholesale-pricing 1.1.11 Missing.Authorization MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-blocks No.known.fix Cross-Site.Request.Forgery MEDIUM" "page-post-notes 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Note.Update/Deletion MEDIUM" "page-health-o-meter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popover-windows No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Popover.Configuration.Update MEDIUM" "popover-windows No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Popover.Configuration.Update.via.AJAX.Actions MEDIUM" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "print-science-designer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "print-science-designer No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "print-science-designer 1.3.153 Unauthenticated.PHP.Object.Injection HIGH" "posts-slider-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-tabs-for-woocommerce 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-tabs-for-woocommerce 1.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-carousel-slider-for-elementor No.known.fix Missing.Authorization MEDIUM" "post-carousel-slider-for-elementor 1.7.0 Authenticated.(Subscriber+).Missing.Authorization.via.process_wbelps_promo_form.Function MEDIUM" "post-carousel-slider-for-elementor 1.6.0 Contributor+.Stored.XSS MEDIUM" "pafacile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "product-loops No.known.fix Missing.Authorization MEDIUM" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "popup-seo-optimized No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pdf-for-contact-form-7 6.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Duplication MEDIUM" "pdf-for-contact-form-7 6.5.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "post-to-pdf 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-in-page 1.3.0 Directory.Traversal HIGH" "push-notification-by-feedify 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.4.6 Reflected.XSS HIGH" "push-notification-by-feedify 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "protect-your-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "posts-by-tag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pushe-webpush No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixtypes 1.4.16 Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "post-by-email No.known.fix Unauthenticated.Arbitrary.File.Upload.via.Email.Attachments CRITICAL" "post-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "posts-navigation-links-for-sections-and-headings-free-by-wp-masters No.known.fix Free.by.WP.Masters.<=.1.0.1.-.Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "private-content-mail-actions No.known.fix Mail.Actions.<=.2.3.2.-.Unauthenticated.Local.File.Inclusion HIGH" "product-input-fields-for-woocommerce 1.12.1 Unauthenticated.Limited.File.Upload HIGH" "product-input-fields-for-woocommerce 2.0 .Contributor+.Arbitrary.File.Read MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "primer-by-chloedigital No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'premmerce_wizard_actions'.AJAX.Endpoint MEDIUM" "premmerce 1.3.20 Unauthenticated.Local.File.Inclusion HIGH" "premmerce 1.3.20 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "professional-contact-form No.known.fix Cross-Site.Request.Forgery.to.Test.Email.Sending MEDIUM" "push-notification-for-wp-by-pushassist No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "piotnetforms No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnetforms No.known.fix Authenticated.(Editor+).Path.Traversal LOW" "piotnetforms No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "piotnetforms No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "pagepost-specific-social-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "pushbiz No.known.fix Reflected.XSS HIGH" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "platformly-for-woocommerce 1.1.7 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "polldaddy 3.1.4 Cross-Site.Request.Forgery MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pinpoll No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-import-export-for-woo 2.5.1 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "product-import-export-for-woo 2.5.1 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "product-import-export-for-woo 2.5.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "product-import-export-for-woo 2.5.1 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "popup-by-supsystic 1.10.30 Admin+.Remote.Code.Execution MEDIUM" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "pjw-mime-config No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "performance-lab 2.3.0 CSRF MEDIUM" "page-views-count No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "page-views-count 2.8.5 2.8.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "pdf-viewer-for-wordpress 12.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-image-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "passwords-manager 1.5.1 Unauthenticated.SQL.Injection HIGH" "passwords-manager 1.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "passwords-manager 1.5.1 Missing.Authorization.to.Authenticated.(Subscriber+).Add.Password.+.Update.Encryption.Key HIGH" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "photo-express-for-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "pt-luxa-addons No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion CRITICAL" "pet-manager No.known.fix Reflected.XSS HIGH" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "policy-genius No.known.fix Reflected.XSS HIGH" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photostack-gallery No.known.fix Unauthenticated.SQL.Injection.via.'postid'.Parameter HIGH" "pollin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pollin No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.8.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Message.Deletion MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.8.3 Cross-Site.Request.Forgery.to.Group.Membership.Request.Approval/Denial MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.7.3 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Profile.and.Cover.Image.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Suspension MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.8 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.5 Reflected.Cross-Site.Scripting.via.'pm_get_messenger_notification'.function MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.3 Authenticated.(Subscriber+).Full.Path.Disclosure MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.2 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.5 Missing.Authorinzation.to.Authenticated.(Subscriber+).Join.Group.Requests.Management MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.Messages.Disclosure MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Deletion MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.1 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "page-transition No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "page-parts 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "plugin-optimizer No.known.fix Missing.Authorization MEDIUM" "paygreen-payment-gateway 1.0.27 Reflected.Cross-Site.Scripting MEDIUM" "paypal-gift-certificate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.wpppgc_plugin_options MEDIUM" "pdf-for-elementor-forms 6.5.0 Missing.Authorization MEDIUM" "pdf-for-elementor-forms 6.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-for-elementor-forms 6.5.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "provide-forex-signals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 2.0.6 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "pagelayer 2.0.1 Reflected.Cross-Site.Scripting.via.login_url.Parameter MEDIUM" "pagelayer 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "pagelayer 2.0.0 Missing.Authorization.to.Authenticated.(Contributor+).Post.Publication MEDIUM" "pagelayer 1.9.9 Authenticated.(Contributor+).Private.Post.Disclosure.in.pagelayer_builder_posts_shortcode MEDIUM" "pagelayer 1.9.9 Cross-Site.Request.Forgery.(CSRF).To.Post.Contents.Modification MEDIUM" "pagelayer 1.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.9.0 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "parallax-scrolling-enllax-js No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "parallax-scrolling-enllax-js No.known.fix Cross-Site.Request.Forgery MEDIUM" "projectopia-core 5.1.20 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "projectopia-core No.known.fix Authenticated.(Custom+).Insecure.Direct.Object.Reference MEDIUM" "projectopia-core 5.1.18 Missing.Authorization MEDIUM" "projectopia-core 5.1.17 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "projectopia-core No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "projectopia-core 5.1.8 Missing.Authorization.to.Privilege.Escalation.via.pto_reset_password() CRITICAL" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-catalog-woocommerce 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perfect-woocommerce-brands 3.6.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "perfect-woocommerce-brands 3.6.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "persian-nested-showhide-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "post-author No.known.fix Cross-Site.Request.Forgery MEDIUM" "peprodev-ups No.known.fix 7.5.2.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "peprodev-ups No.known.fix 7.5.2.-.Limited.Unauthenticated.Arbitrary.User.Meta.Update HIGH" "peprodev-ups No.known.fix 7.5.2.-.Unauthenticated.Email.Enumeration MEDIUM" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "photonic 3.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Caption.Attribute MEDIUM" "powerpress-multisite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payoneer-checkout 3.5.0 Missing.Authorization MEDIUM" "proofreading 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.1 Reflected.XSS HIGH" "processing-projects No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "processing-projects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pago-redsys-tpv-grafreak 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "product-table-for-woocommerce 1.2.5 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "product-table-for-woocommerce 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-donation-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "publitio No.known.fix Authenticated.(Contributor+).Information.Exposure MEDIUM" "publitio 2.2.2 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "publitio 2.2.2 Contributor+.Arbitrary.File.Read MEDIUM" "publitio 2.1.9 Missing.Authorization MEDIUM" "publitio 2.1.9 Missing.Authorization MEDIUM" "portfolio-and-projects 1.5.6 Authenticated.(Contributor+).Information.Exposure MEDIUM" "portfolio-and-projects No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "payu-india 3.8.8 Authentication.Bypass CRITICAL" "payu-india 3.8.4 Unauthenticated.Privilege.Escalation CRITICAL" "payu-india No.known.fix Reflected.XSS.via.type HIGH" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.7.1 Missing.Authorization MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peepso-files 6.4.6.1 Insecure.Direct.Object.Reference.to.Unauthenticated.Sensitive.Information.Exposure.via.file_download MEDIUM" "paytium 4.4.12 Unauthenticated.Full.Path.Disclosure MEDIUM" "paytium 4.4.11 Missing.Authorization MEDIUM" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "paytiko No.known.fix Missing.Authorization MEDIUM" "profiler-what-slowing-down No.known.fix What.Slowing.Down.Your.WP.<=.1.0.0.-.Missing.Authorization MEDIUM" "profiler-what-slowing-down No.known.fix Missing.Authentication.to.Unauthenticated.Arbitrary.Plugin.Reactivation.via.State.Restoration MEDIUM" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "post-status-notifier-lite 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "pin-generator 2.0.1 Missing.Authorization MEDIUM" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-block 6.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Shortcode.Export MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "popliup No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "postalicious No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "private-comment 0.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Label.Text.Setting MEDIUM" "pearl-header-builder 1.3.10 Missing.Authorization MEDIUM" "pearl-header-builder 1.3.10 Cross-Site.Request.Forgery MEDIUM" "pearl-header-builder 1.3.9 Cross-Site.Request.Forgery.to.Header.Deletion MEDIUM" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "post-status-notifier 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "profile-widget-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-expire-popup 1.1 Authenticated.(Author+).SQL.Injection.via.'id'.Shortcode.Attribute MEDIUM" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "postgallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "post-ideas No.known.fix Unauthenticated.SQL.Injection HIGH" "pull-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "planaday-api 11.5 Reflected.Cross-Site.Scripting MEDIUM" "post-cloner No.known.fix Missing.Authorization MEDIUM" "purchase-and-expense-manager No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Purchase.Record.Deletion MEDIUM" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "portfolio-manager-powered-by-behance 1.8.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-manager-powered-by-behance 1.8.0 Cross-Site.Request.Forgery MEDIUM" "portfolio-manager-powered-by-behance 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-manager-powered-by-behance No.known.fix Missing.Authorization MEDIUM" "portfolio-manager-powered-by-behance 1.8.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "portfolio-manager-powered-by-behance 1.8.0 Authenticated.(Contributor+).SQL.Injection MEDIUM" "plestar-directory-listing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "poll-maker 6.0.8 Authenticated.(Administrator+).SQL.Injection.via.'filterbyauthor'.Parameter MEDIUM" "poll-maker 6.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "poll-maker 5.9.0 Unauthenticated.Basic.Information.Exposure MEDIUM" "poll-maker 5.7.8 Unauthenticated.Race.Condition.to.Multi-Vote MEDIUM" "poll-maker 5.5.4 Admin+.Stored.XSS LOW" "poll-maker 5.6.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "poll-maker 5.5.7 Missing.Authorization MEDIUM" "poll-maker 5.5.5 Unauthenticated.HTML.Injection MEDIUM" "poll-maker 5.5.1 Missing.Authorization MEDIUM" "poll-maker 5.5.5 Cross-Site.Request.Forgery.to.Poll.Duplication MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Time-Based.SQL.Injection MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Poll.Settings MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).SQL.Injection.via.Order_by.Parameter MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "product-quantity-dropdown-for-woocommerce 1.3 Cross-Site.Request.Forgery MEDIUM" "project-notebooks 1.2.0 1.1.3.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.wpnb_pto_new_users_add.Function CRITICAL" "peoplepond No.known.fix CSRF.to.Stored.XSS HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "parallax-section 2.0.0 Missing.Authorization MEDIUM" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "price-calculator-to-your-website No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "price-alert-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-manager-for-elementor No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "page-manager-for-elementor No.known.fix Missing.Authorization MEDIUM" "password-for-wp 1.6 Stored.XSS.via.CSRF HIGH" "product-xml-feeds-for-woocommerce 2.9.4 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "product-xml-feeds-for-woocommerce 2.9.3 Missing.Authorization MEDIUM" "peekaboo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixelating-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "podiant No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "preload-current-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pixel-gallery 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-bacs-receipt-upload-for-woocommerce 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "posts-table-filterable 1.0.4.3 Reflected.Cross-Site.Scripting MEDIUM" "posts-table-filterable 1.0.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tableon_popup_iframe_button.Shortcode MEDIUM" "posts-table-filterable No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "posts-table-filterable 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "posts-table-filterable 1.0.4.4 Unauthenticated.PHP.Object.Injection CRITICAL" "posts-table-filterable No.known.fix Missing.Authorization MEDIUM" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "project-cost-calculator No.known.fix Missing.Authorization MEDIUM" "plugin-security-scanner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photofade No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "porsline 1.1 Contributor+.SQL.Injection MEDIUM" "product-blocks 4.4.4 Unauthenticated.SQL.Injection.via.'search'.Parameter HIGH" "product-blocks 4.2.5 Missing.Authorization MEDIUM" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "pdfjs-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "percent-to-infograph No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-thumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "plugin-inspector No.known.fix Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "phpls No.known.fix Cross-Site.Request.Forgery MEDIUM" "playlist-for-youtube 1.40 Editor+.Stored.XSS LOW" "persian-admin-fonts 4.1.05 Missing.Authorization MEDIUM" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.2.6 Open.Redirect MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.3 Cross-Site.Request.Forgery.via.ajax_transcript_delete.Function MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Feed.Name MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.1 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.1.24 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.1.17 Authenticated.(Admin+).Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "popup-builder 4.4.3 Unauthenticated.Subscriber.Removal.via.Predictable.Tokens MEDIUM" "popup-builder 4.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popup-builder 4.3.5 Admin+.Stored.XSS LOW" "popup-builder 4.3.7 Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "plugin-central No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "product-puller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "propovoice 1.7.7 Unauthenticated.Arbitrary.File.Read HIGH" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice 1.7.6.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "post-slides No.known.fix Contributor+.Local.File.Inclusion MEDIUM" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "porn-videos-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "publish-approval No.known.fix Cross-Site.Request.Forgery MEDIUM" "pilotpress No.known.fix Missing.Authorization MEDIUM" "pilotpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "pdf-catalog-for-woocommerce No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "product-sync-master-sheet 1.1.4 Missing.Authorization MEDIUM" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-websites-showcase No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "posten-post-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "penci-shortcodes 6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "penci-shortcodes 6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pie-register No.known.fix Missing.Authorization MEDIUM" "pie-register 3.8.4.1 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register 3.8.3.3 Unauthenticated.Arbitrary.File.Upload HIGH" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "premmerce-user-roles 1.0.14 Unauthenticated.Local.File.Inclusion HIGH" "premmerce-user-roles 1.0.14 Missing.Authorization MEDIUM" "premmerce-user-roles 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "precise-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-downloads No.known.fix Unauthenticated.SQL.Injection HIGH" "post-smtp 3.9.0 Unauthenticated.Stored.Cross-Site.Scripting.via.'event_type' HIGH" "post-smtp 3.9.0 Missing.Authorization.to.Authenticated.(Subscriber+).Office.365.OAuth.Configuration.Overwrite MEDIUM" "post-smtp 3.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).OAuth.Token.Update MEDIUM" "post-smtp 3.6.1 Account.Takeover.via.Unauthenticated.Email.Log.Disclosure CRITICAL" "post-smtp 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Option.Update MEDIUM" "post-smtp 3.3.0 Subscriber+.Account.Takeover.via.Email.Log.Exposure HIGH" "post-smtp 3.1.3 Authenticated.(Administrator+).SQL.Injection.via.columns.Parameter MEDIUM" "post-smtp 3.1.0 Unauthenticated.Stored.XSS HIGH" "post-smtp 2.9.12 Missing.Authorization.via.regenerate_qrcode() MEDIUM" "post-smtp 2.9.10 Admin+.SQLi MEDIUM" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "phzoom No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-rechnungsverwaltung No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "pretty-file-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pie-calendar 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pie-calendar 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pie-calendar 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piecal.Shortcode MEDIUM" "pta-volunteer-sign-up-sheets 5.5.5 Authenticated.(Admin+).Stored.Cross-site.Scripting MEDIUM" "portfolleo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pdpa-thailand No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixelines-email-protector 1.4.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pay-with-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pay-with-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "pay-with-contact-form-7 No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "prezi-embedder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-promotions-and-insights No.known.fix Missing.Authorization MEDIUM" "popup-maker 1.21.0 Contributor+.Stored.XSS.via.title.Parameter MEDIUM" "popup-maker 1.20.5 Contributor+.Stored.XSS.via.popupID.Parameter MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.0 Missing.Authorization MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "premmerce-woocommerce-wishlist 1.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Wishlist.Deletion MEDIUM" "premmerce-woocommerce-wishlist 1.1.11 Unauthenticated.Local.File.Inclusion HIGH" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "progressmatify-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "penci-podcast No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "penci-podcast 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "power-forms-builder No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "property-hive-stamp-duty-calculator 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perfect-portal-widgets 3.0.4 Contributor+.Stored.XSS MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pure-chat 2.41 Reflected.Cross-Site.Scripting.via.purechatWidgetName.Parameter MEDIUM" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat 2.23 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "password-only-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "printcart-integration No.known.fix Missing.Authorization MEDIUM" "printcart-integration 2.4.1 Subscriber+.SQLi HIGH" "printcart-integration 2.4.1 Unauthenticated.SQL.Injection HIGH" "printcart-integration 2.4.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "posts-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pesapal-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postify-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "penci-bookmark-follow 2.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "project-panorama-lite No.known.fix Admin+.Stored.XSS LOW" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "page-title-splitter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "penci-pay-writer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "proranktracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pressforward No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-featured-video No.known.fix Cross-Site.Request.Forgery MEDIUM" "people-lists 2.0.0 Missing.Authorization MEDIUM" "product-countdown-for-woocommerce No.known.fix Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "product-countdown-for-woocommerce 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "press3d No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Link.URL.Parameter.in.3D.Model.Block MEDIUM" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "prevent-direct-access 2.8.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "prevent-direct-access 2.8.8.3 2.8.8.2.-.Incorrect.Authorization.to.Authenticated.(Contributor+).Multiple.Media.Actions MEDIUM" "power-ups-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixelyoursite 11.2.0.2 Unauthenticated.Stored.XSS HIGH" "pixelyoursite 11.2.0.1 Unauthenticated.Stored.XSS HIGH" "pixelyoursite 11.1.5.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "pixelyoursite 11.1.3 PixelYourSite.<.11,1,3..GDPR.Options.Update.via.CSRF MEDIUM" "pixelyoursite 11.1.2 Admin+.LFI LOW" "pixelyoursite 10.1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "pixelyoursite 10.0.2 Settings.Update.via.CSRF MEDIUM" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "proxy-vpn-blocker 3.5.4 Missing.Authorization MEDIUM" "pagerank-tools No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pagerank-tools No.known.fix Reflected.XSS HIGH" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "payday No.known.fix Missing.Authorization MEDIUM" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perfit-woocommerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Settings.Deletion MEDIUM" "product-configurator-for-woocommerce 1.5.0 Cross-Site.Request.Forgery MEDIUM" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "printus-cloud-printing-for-woocommerce 1.2.7 Missing.Authorization MEDIUM" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "printful-shipping-for-woocommerce 2.2.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "pepro-cf7-database No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "pepro-cf7-database 1.9.0 Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "popup-box 3.2.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popup-box 3.2.5 Cross-Site.Request.Forgery MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "product-code-for-woocommerce 1.5.1 Cross-Site.Request.Forgery.to.Database.Update MEDIUM" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "password-protect-plugin-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "postmarkapp-email-integrator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "postmarkapp-email-integrator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "postmarkapp-email-integrator No.known.fix Missing.Authorization MEDIUM" "picsmize No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "popping-content-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pullquote No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "picu 2.4.1 Missing.Authorization MEDIUM" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "post-read-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pro-watermark No.known.fix Authenticated.(Subscriber+).Path.Traversal MEDIUM" "pro-watermark No.known.fix Authenticated.(Subscriber+).Path.Traversal MEDIUM" "photo-gallery 1.8.37 Missing.Authorization.to.Unauthenticated.Arbitrary.Comment.Deletion MEDIUM" "photo-gallery 1.8.39 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.35 Photo.Gallery.by.10Web..Mobile-Friendly.Image.Gallery.<.1,8,35.Reflected.Cross-Site.Scripting.via.'image_id'.Parameter MEDIUM" "photo-gallery 1.8.34 Unauthenticated.Stored.XSS HIGH" "photo-gallery 1.8.33 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Admin+.Stored.XSS LOW" "photo-gallery 1.8.29 Admin+.Stored.XSS LOW" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "protected-wp-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photokit No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "personal-authors-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "posts-date-ranges No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.6.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "primary-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "paid-member-subscriptions 2.16.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "paid-member-subscriptions 2.16.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Member.Subscription.Auto.Renewal MEDIUM" "paid-member-subscriptions 2.16.0 Missing.Authorization MEDIUM" "paid-member-subscriptions 2.15.5 Unauthenticated.Local.File.Inclusion HIGH" "paid-member-subscriptions 2.15.2 Unauthenticated.SQL.Injection HIGH" "paid-member-subscriptions 2.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.13.8 Authentication.Bypass.via.pms_payment_id CRITICAL" "paid-member-subscriptions 2.13.5 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "paid-member-subscriptions 2.13.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "paid-member-subscriptions 2.12.9 Reflected.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "pe-easy-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.11 Cross-Site.Request.Forgery HIGH" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "post-custom-templates-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "post-custom-templates-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-or-post-clone 6.4 Authenticated.(Contributor+).SQL.Injection.via.'meta_key'.Parameter MEDIUM" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "productive-commerce No.known.fix Unauthenticated.SQL.Injection HIGH" "processingjs-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-designer 1.0.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "page-takeover 1.1.7 Admin+.Stored.XSS LOW" "post-expirator 4.9.4 Missing.Authorization MEDIUM" "post-expirator 4.9.4 Missing.Authorization.to.Authenticated.(Contributor+).Workflow.Manipulation MEDIUM" "post-expirator 4.9.3 Missing.Authorization.to.Authenticated.(Contributor+).Authors'.Emails.Exposure MEDIUM" "post-expirator 4.9.2 Authenticated.(Author+).Missing.Authorization.to.Post/Page.Status.Modification MEDIUM" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "print-invoices-packing-slip-labels-for-woocommerce 4.7.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "private-content No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "private-content No.known.fix Missing.Authorization MEDIUM" "private-content No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "private-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "pit-login-welcome No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "paytm-donation No.known.fix Admin+.Stored.XSS LOW" "paytm-donation 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "prayer-times-anywhere No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "paypal-express-checkout No.known.fix Cross-Site.Request.Forgery MEDIUM" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixfort-core 3.2.26 Reflected.Cross-Site.Scripting MEDIUM" "pixfort-core 3.2.26 Missing.Authorization MEDIUM" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "papercite No.known.fix Missing.Authorization MEDIUM" "personizely 0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.widgetId.Parameter MEDIUM" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pro-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plugin-update-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "pardakht-delkhah No.known.fix Cross-Site.Request.Forgery MEDIUM" "pardakht-delkhah 2.9.9 Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "personalize-woocommerce-cart-page 4.0 Missing.Authorization.to.Unuthenticated.Settings.Update MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "pricing-table-addon-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "peepso-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "page-keys 1.3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'page_key'.Parameter MEDIUM" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "popularis-extra No.known.fix Cross-Site.Request.Forgery MEDIUM" "popularis-extra 1.2.8 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "popularis-extra 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "product-lister-ebay No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.4 Cross-Site.Request.Forgery MEDIUM" "posti-shipping 3.10.4 Reflected.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.3 Full.Path.Disclosure MEDIUM" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "pdf-thumbnail-generator 1.5 Cross-Site.Request.Forgery MEDIUM" "pdf-thumbnail-generator 1.4 Reflected.Cross-Site.Scripting MEDIUM" "project-honey-pot-spam-trap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "paypal-forms No.known.fix Cross-Site.Request.Forgery MEDIUM" "pretty-url 1.5.5 Reflected.XSS MEDIUM" "pretty-url No.known.fix Cross-Site.Request.Forgery MEDIUM" "pretty-url 1.5.5 Admin+.Stored.XSS LOW" "ppv-live-webcams 7.3.21 Authenticated.(Author+).Privilege.Escalation HIGH" "ppv-live-webcams No.known.fix Admin+.Remote.Code.Execution HIGH" "ppv-live-webcams 7.3.12 Authentication.Bypass CRITICAL" "ppv-live-webcams 7.3.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "particle-background No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoshelter-official-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "points-and-rewards-for-woocommerce 2.9.6 Missing.Authorization MEDIUM" "photo-video-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-video-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "paypal-payments-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'buttom_image'.Shortcode.Attribute MEDIUM" "prime-addons-for-elementor 2.0.2 Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.pae_global_block.Shortcode MEDIUM" "penci-review No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-rating-and-review No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "pricer-ninja-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plethora-tabs-accordions 1.2 Contributor+.Stored.XSS MEDIUM" "plethora-tabs-accordions 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "precious-metals-chart-and-widgets 1.2.9 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "provesource 4.0.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photographers-galleries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 3.2.1 Cross-Site.Request.Forgery.to.Settings.Reset MEDIUM" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 3.2.5 Reflected.Cross-Site.Scripting HIGH" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pagopar-woocommerce-gateway 2.8.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pretix-widget 1.0.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "peters-date-countdown 2.0.1 Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "pta-member-directory 1.8.0 Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "private-google-calendars 20251128 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "posts-and-products-views 2.1.1 Contributor+.Stored.XSS MEDIUM" "paypal-responder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "podcast-feed-player-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "productdyno 1.0.25 Reflected.Cross-Site.Scripting.via.'res'.Parameter MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting HIGH" "premium-addons-for-elementor 4.11.64 Subscriber+.Settings.Update MEDIUM" "premium-addons-for-elementor 4.11.54 Arbitrary.Template.Creation.via.CSRF MEDIUM" "premium-addons-for-elementor 4.11.54 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.11.54 Unauthenticated.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.70 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.11.9 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.57 Missing.Authorization LOW" "premium-addons-for-elementor 4.10.61 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Video.Box.Widget MEDIUM" "premium-addons-for-elementor 4.10.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Media.Grid.Widget MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pretty-google-calendar 2.0.1 Missing.Authorization.to.Unauthenticated.Google.API.Key.Exposure MEDIUM" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "pure-wc-variations-swatches No.known.fix Unauthenticated.Settings.Update MEDIUM" "primer-mydata 4.2.9 Unauthenticated.Path.Traversal MEDIUM" "primer-mydata 4.2.6 Cross-Site.Request.Forgery MEDIUM" "primer-mydata 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "primer-mydata 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "payaza No.known.fix Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "portfolio-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "private-only No.known.fix CSRF.&.XSS HIGH" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "pitchprint 11.2.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "post-type-converter No.known.fix Cross-Site.Request.Forgery MEDIUM" "privy-crm-integration No.known.fix Missing.Authorization MEDIUM" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "planyo-online-reservation-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "pcloud-backup No.known.fix Missing.Authorization MEDIUM" "post-list-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-blocks-for-woocommerce 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postem-ipsum No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation.in.postem_ipsum_generate_users HIGH" "powerpack-addon-for-beaver-builder 1.3.1 Reflected.Cross-Site.Scripting.via.Navigate.Parameter MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "pre-party-browser-hints No.known.fix Authenticated.(Subscriber+).SQL.Injection.via.'hint_ids'.Parameter MEDIUM" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "pripre No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "pojo-forms 1.4.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.form_preview_shortcode MEDIUM" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pending-order-bot No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popcashnet-code-integration-tool 2.0 Missing.Authorization MEDIUM" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pinterest-verify-meta-tag No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "plugin-organizer 10.2.4 Subscriber+.SQLi HIGH" "pf-timer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixabay-images No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "psw-login-and-registration No.known.fix Unauthenticated.Account.Takeover/Privilege.Escalation CRITICAL" "psw-login-and-registration No.known.fix Authentication.Bypass CRITICAL" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "penci-recipe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "penci-recipe 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-notices-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "plugins-last-updated-column 0.1.4 Cache.Clear.via.CSRF MEDIUM" "pods 3.2.8.2 Admin+.SQL.Injection MEDIUM" "pods 3.2.8.1 Admin+.Stored.XSS LOW" "pods 3.2.7.1 Admin+.Stored.XSS LOW" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "penci-data-migrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "post-slider-and-carousel 3.2.10 Admin+.Stored.XSS LOW" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "premmerce-woocommerce-brands 1.2.14 Missing.Authorization.To.Authenticated.(Subscriber+).Brand.Permalink.Settings.Update MEDIUM" "premmerce-woocommerce-brands 1.2.14 Cross-Site.Request.Forgery MEDIUM" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "powies-uptime-robot No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pgs-core No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "pgs-core 5.9.0 Missing.Authorization.via.Multiple.Functions HIGH" "pgs-core 5.9.0 Unauthenticated.PHP.Object.Injection CRITICAL" "pgs-core 5.9.0 Unauthenticated.SQL.Injection HIGH" "pkt1-centro-de-envios 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "pojo-accessibility 4.1.0 Unauthenticated.SQLi.via.URL.Path HIGH" "pojo-accessibility 4.0.3 Missing.Authorization MEDIUM" "pojo-accessibility 3.8.1 Web.Accessibility.&.Usability.<.3.8.1.-.Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "pojo-accessibility 3.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "personal-favicon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "peters-custom-anti-spam-image 3.2.4 Cross-Site.Request.Forgery.via.cas_register_post.Function MEDIUM" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "projectlist No.known.fix Authenticated.(Editor+).SQL.Injection.via.'id'.Parameter MEDIUM" "projectlist No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "post-and-page-reactions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "penci-portfolio 3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profile-builder-pro No.known.fix Unauthenticated.SQL.Injection HIGH" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "pages-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "property 1.0.7 1.0.6.-.Missing.Authorization.to.Authenticated.(Author+).Privilege.Escalation.via.property_package_user_role.Metadata.in.PayPal.Registration HIGH" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pdf-creator-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "pgall-for-woocommerce 5.3.3 Cross-Site.Request.Forgery MEDIUM" "pgall-for-woocommerce 5.2.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pgall-for-woocommerce 5.2.3 Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "pgall-for-woocommerce 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.pafw_instant_payment.Shortcode MEDIUM" "passwordless-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.'pricing_plan_select_text_font_family'.Parameter MEDIUM" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "popular-posts-by-webline No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager No.known.fix Authentciated.(Admin+).Multisite.Privilege.Escalation HIGH" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "prime-listing-manager No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "pixelyoursite-pro 12.4.0.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "product-customizer-light No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "postcasa No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profitori No.known.fix Missing.Authorization MEDIUM" "profitori No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "profitori No.known.fix 2.1.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "prague-plugins 2.2.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "premium-addons-for-kingcomposer No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "picture-gallery 1.6.4 Unauthenticated.Stored.XSS HIGH" "picture-gallery 1.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videowhisper_picture_upload_guest.Shortcode MEDIUM" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "podamibe-twilio-private-call No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "profilepress-pro 4.11.2 Pro.<.4.11.2.-.Authentication.Bypass HIGH" "pegapoll No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "productive-style 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_productive_breadcrumb.Shortcode MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "post-duplicator 3.0.9 Missing.Authorization.to.Authenticated.(Contributor+).Protected.Post.Meta.Insertion.via.'customMetaData'.Parameter MEDIUM" "post-duplicator 2.36 Missing.Authorization MEDIUM" "post-duplicator 2.37 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "password-policy-manager 2.0.6 Missing.Authorization.to.Authenticated.(Subscriber+).Configuration.Log.Out MEDIUM" "password-policy-manager 2.0.5 Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "progress-bar 2.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "pondol-bbs No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "premium-seo-pack No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "premium-seo-pack 1.6.002 Authenticated.(Contributor+).SQL.Injection MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "philantro 5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.donate.Shortcode MEDIUM" "philantro 5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-in-page-for-elementor 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "powers-triggers-of-woo-to-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "polylang-supertext No.known.fix Stored.XSS.via.CSRF HIGH" "payment-form-for-paypal-pro 1.1.73 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.via.SQLi MEDIUM" "purchase-button No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "proof-factor-social-proof-notifications No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixnet No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-builder-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payment-gateway-pix-for-woocommerce 1.6.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "persian-woocommerce-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.1.0 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.3 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "push-notification-mobile-and-web-app 2.0.4 Missing.Authorization MEDIUM" "pdf-resume-parser No.known.fix Unauthenticated.Sensitive.Information.Disclosure.in.SMTP.Credentials MEDIUM" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "phastpress 3.8 Unauthenticated.Arbitrary.File.Read.via.Null.Byte.Injection HIGH" "phastpress 1.111 Open.Redirect MEDIUM" "property-hive-mortgage-calculator 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.price.Parameter MEDIUM" "popup-surveys No.known.fix Missing.Authorization MEDIUM" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "pdf-for-wpforms 6.3.1 Missing.Authorization MEDIUM" "pdf-for-wpforms 6.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-for-wpforms 6.5.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "pdf-for-wpforms 5.6.1 Missing.Authorization MEDIUM" "pdf-for-wpforms 5.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "pdf-for-wpforms 4.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.yeepdf_dotab.Shortcode MEDIUM" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion.via.post_type_ajax_handler() HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "photo-gallery-portfolio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pronamic-google-maps 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pronamic-google-maps 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pedalo-connector No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "pretty-link 3.6.16 Missing.Authorization MEDIUM" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "price-calc No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-generator-for-wp 1.5.5 Missing.Authorization MEDIUM" "pdf-generator-for-wp 1.5.4 Editor+.RCE HIGH" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "pricingtable No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "page-title-description-open-graph-updater No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Page.Title.Modification MEDIUM" "payflex-payment-gateway 2.6.2 Open.Redirect MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "premmerce-search 2.2.5 Unauthenticated.Local.File.Inclusion HIGH" "premmerce-search 2.2.5 Cross-Site.Request.Forgery MEDIUM" "premmerce-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plinks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "pop-up No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "page-builder-add No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pure-css-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popup-addon-for-ninja-forms 3.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-addon-for-ninja-forms 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "payos No.known.fix Cross-Site.Request.Forgery MEDIUM" "pw-woocommerce-on-sale 1.40 Missing.Authorization MEDIUM" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "product-subtitle-for-woocommerce 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htmlTag.Parameter MEDIUM" "porto-functionality 3.7.3 Functionality.<.3.7.3.-.Missing.Authorization MEDIUM" "porto-functionality 3.7.3 Functionality.<.3.7.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality 2.12.1 Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "porto-functionality 2.12.1 Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "payments-stripe-gateway No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "payhere-payment-gateway 2.4.0 Missing.Authorization.to.Unauthenticated.Order.Status.Modification MEDIUM" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "pie-forms-for-wp 1.5 Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "plationline 7.0.1 Missing.Authorization MEDIUM" "post-saint No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "podlove-subscribe-button 1.3.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "post-type-x 1.8.5 Cross-Site.Request.Forgery MEDIUM" "post-type-x 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-x 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-x 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_products.Shortcode MEDIUM" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "podclankova-inzerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "predict-when No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pj-news-ticker 1.9.6 Contributor+.Stored.XSS MEDIUM" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "personalization-by-flowcraft No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "print-button-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "planning-center-online-giving No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "pretty-simple-popup-builder 1.0.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.10 Admin+.Stored.XSS LOW" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "pollcaster-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "payment-qr-woo No.known.fix Missing.Authorization MEDIUM" "push-notification-for-post-and-buddypress 2.12 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "push-notification-for-post-and-buddypress 2.08 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "photographer-connections No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pluginpass-pro-plugintheme-licensing No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "parone 1.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "progress-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-and-post-restriction 1.3.7 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "page-list 5.9 Contributor+.Stored.XSS MEDIUM" "page-list 5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "post-types-carousel-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pressapps-knowledge-base No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "pakkelabels-for-woocommerce 5.0.4 Missing.Authorization.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "propertyshift No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pakke No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "pixter-image-digital-license No.known.fix Supply.Chain.Compromise HIGH" "posts-for-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "product-quantity-for-woocommerce 5.1.1 Cross-Site.Request.Forgery MEDIUM" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.8 .Unauthenticated.Arbitrary.Filter.Call HIGH" "profit-products-tables-for-woocommerce 1.0.6.7 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.woot_get_smth HIGH" "profit-products-tables-for-woocommerce 1.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.woot_button.Shortcode MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "product-addons No.known.fix Missing.Authorization MEDIUM" "popping-sidebars-and-widgets-light No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popping-sidebars-and-widgets-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "pepro-ultimate-invoice 2.2.6 Unauthenticated.Invoice.Archive.Download MEDIUM" "pepro-ultimate-invoice 2.1.0 Insecure.Direct.Object.Reference.to.Unauthenticated.Order.Information.Exposure MEDIUM" "pepro-ultimate-invoice 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "popup-builder-block 2.2.1 Missing.Authorization.to.Sensitive.Information.Disclosure.and.Data.Deletion MEDIUM" "popup-builder-block 2.2.1 Unauthenticated.SQL.Injection.via.Multiple.REST.API.Endpoints HIGH" "popup-builder-block 2.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Subscriber.Data.Deletion MEDIUM" "popup-builder-block No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "popup-builder-block 2.2.0 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "popup-builder-block 2.1.5 Unauthenticated.Server-Side.Request.Forgery HIGH" "popup-builder-block 2.1.4 Unauthenticated.SQL.Injection.via.'id' HIGH" "postaffiliatepro No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery.via.'Post.Affiliate.Pro.URL'.Field LOW" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "ps-ads-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "push-envoy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "pastebin-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "passbeemedia-web-push-notifications No.known.fix Reflected.XSS HIGH" "post-and-page-builder 1.27.10 Missing.Authorization MEDIUM" "post-and-page-builder 1.27.9 Authenticated.(Contributor+).Path.Traversal MEDIUM" "post-and-page-builder 1.27.9 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "post-and-page-builder 1.27.9 Cross-Site.Request.Forgery MEDIUM" "post-and-page-builder 1.27.7 Path.Traversal.to.Authenticated.(Contributor+).Arbitrary.File.Read.via.template_via_url.Function MEDIUM" "post-and-page-builder 1.27.6 Contributor+.Stored.XSS MEDIUM" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "ploxel 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "postpage-import-export-with-custom-fields-taxonomies 2.0.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "postpage-import-export-with-custom-fields-taxonomies 2.0.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "payform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "postie 1.9.74 Contributor+.Stored.XSS MEDIUM" "postie 1.9.71 Admin+.Stored.XSS LOW" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "posts-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plugins-on-steroids 4.4.0 Missing.Authorization MEDIUM" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "profile-builder 3.15.2 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "profile-builder 3.14.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "profile-builder 3.14.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.13.9 Unauthenticated.Content.Spoofing MEDIUM" "profile-builder 3.13.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.user_meta.and.compare.Shortcodes MEDIUM" "profile-builder 3.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "profile-builder 3.13.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "preserve-code-formatting 5.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "pricing-tables-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wdo_pricing_tables.Shortcode MEDIUM" "payment-forms-for-paystack 4.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payment-forms-for-paystack 4.0.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "payment-forms-for-paystack 4.0.0 Contributor+.Stored.XSS MEDIUM" "piwigopress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Via.'cursor_url' MEDIUM" "powerpack-lite-for-elementor 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.8.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "poll-wp No.known.fix Missing.Authorization MEDIUM" "poll-wp 2.4.7 Authenticated.(Administrator+).SQL.Injection.via.'s'.Parameter MEDIUM" "poll-wp 2.4.1 Admin+.SQLi MEDIUM" "poll-wp 2.4.0 Admin+.SQL.Injection MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "participants-database 2.7.7 Contributor+.Stored.XSS MEDIUM" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.5.1.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "plexx-elementor-extension 1.3.7 Contributor+.Stored.XSS MEDIUM" "postlists No.known.fix Reflected.XSS MEDIUM" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "portfolio No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "preloader-for-divi 1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pico No.known.fix Missing.Authorization MEDIUM" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "pie-register-premium 3.8.3.3 Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "pie-register-premium 3.8.3.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register-premium 3.8.3.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "poll-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "peepso-groups 6.4.6.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Group.Description HIGH" "product-delivery-date-for-woocommerce-lite 3.3.0 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.8.1 Lite.<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "posts-per-cat 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.2 Admin+.Stored.XSS LOW" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "postapanduri 2.1.4 Unauthenticated.SQL.Injection HIGH" "publishpress-authors 4.7.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "publishpress-authors 4.7.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "publishpress-authors 4.7.2 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.User.Email.Update.and.Account.Takeover HIGH" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "photospace-responsive No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "pdf-for-woocommerce 6.5.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "pdf-for-woocommerce 5.4.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "pdf-for-woocommerce 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-views-stats 1.5 Reflected.Cross-Site.Scripting.via.from.and.to HIGH" "pixelbeds-channel-manager-booking-engine No.known.fix Cross-Site.Request.Forgery MEDIUM" "purge-varnish No.known.fix Cross-Site.Request.Forgery MEDIUM" "performance-monitor No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'url'.Parameter HIGH" "performance-monitor No.known.fix Unauthenticated.Blind.SSRF MEDIUM" "portfolio-wp 2.2.2 Contributor+.DOM-Based.Stored.XSS.via.lightGallery.Library MEDIUM" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "page-specific-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-layouts No.known.fix Contributor+.Stored.XSS MEDIUM" "photo-block 1.6.0 Missing.Authorization MEDIUM" "post-timeline 2.3.10 Reflected.XSS HIGH" "post-timeline 2.3.10 Reflected.Cross-Site.Scripting MEDIUM" "post-timeline 2.2.6 Reflected.XSS HIGH" "polylang 3.7.4 Contributor+.PHP.Object.Injection MEDIUM" "post-connector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "post-snippets 4.0.12 Cross-Site.Request.Forgery MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "pdf-generator-addon-for-elementor-page-builder 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-generator-addon-for-elementor-page-builder 2.0.1 Unauthenticated.Arbitrary.File.Download HIGH" "pdf-generator-addon-for-elementor-page-builder 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plenigo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peachpay-for-woocommerce 1.119.9 Missing.Authorization.to.Unauthenticated.Order.Status.Modification MEDIUM" "peachpay-for-woocommerce 1.117.6 Authenticated.(Contributor+).SQL.Injection.via.order_by.Parameter MEDIUM" "peachpay-for-woocommerce 1.117.5 Missing.Authorization MEDIUM" "peachpay-for-woocommerce 1.113.0 Reflected.Cross-Site.Scripting MEDIUM" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "piotnet-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.33 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "piotnet-addons-for-elementor 2.4.32 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "piotnet-addons-for-elementor 2.4.32 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "payamito-sms-woocommerce No.known.fix Unauthenticated.Time-Based.Blind.SQL.Injection HIGH" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "point-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point-maker 0.1.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "paged-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "post-carousel-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ppo-call-to-actions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "product-notes-for-woocommerce 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "paymaya-checkout-for-woocommerce 1.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "prodigy-commerce 3.3.1 Unauthenticated.Local.File.Inclusion.via.parameters[template_name] CRITICAL" "prodigy-commerce 3.1.3 Missing.Authorization LOW" "prodigy-commerce 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpress 11.15.11 Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "powerpress 11.15.3 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'powerpress_edit_post' HIGH" "powerpress 11.14 Cross-Site.Request.Forgery MEDIUM" "powerpress 11.13.12 Contributor+.Server-Side.Request.Forgery MEDIUM" "powerpress 11.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "powerpress 11.12.6 Contributor+.Stored.XSS MEDIUM" "powerpress 11.12.7 Contributor+.SSRF LOW" "powerpress 11.9.18 Author+.XSS.via.Podcast.URL MEDIUM" "powerpress 11.9.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.skipto.Shortcode MEDIUM" "powerpress 11.9.18 Author+.XSS MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "pin-locations-on-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postbox-email-logs 1.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Export MEDIUM" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "popad No.known.fix Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "popad No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "publish-post-email-notification 1.0.2.4 Cross-Site.Request.Forgery MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "pootle-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "pipdisqus 1.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "plms No.known.fix Authenticated.(Salesman+).Arbitrary.File.Upload HIGH" "platformly 1.14 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "password-protected 2.7.12 Unauthenticated.Authorization.Bypass.via.IP.Address.Spoofing LOW" "password-protected 2.7.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "post-sync No.known.fix Reflected.XSS HIGH" "post-page-notes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-type-switcher 4.0.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Post.Type.Change MEDIUM" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pinterest-pinboard-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "poptics 1.0.21 Authenticated.(Contributor+).Information.Exposure MEDIUM" "post-lockdown 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Disclosure MEDIUM" "photoblocks-grid-gallery 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "pdpa-consent No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "preloader-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf2post No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "photo-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pz-linkcard 2.5.7 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "password-protect-page 1.9.11 Subscriber+.Access.Bypass.via.REST.API MEDIUM" "password-protect-page 1.9.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "pixobe-cartography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pixobe-cartography No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phplist-form-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "portfolio-elementor 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-elementor 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "persian-woocommerce-shipping 4.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "patreon-connect 1.9.2 Missing.Authorization MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "parallaxer-lite-parallax-effects-on-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-data-table 1.4.11 Missing.Authorization MEDIUM" "permalink-finder No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "playerzbr No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Meta.Field MEDIUM" "pw-bulk-edit 2.135 Cross-Site.Request.Forgery MEDIUM" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "playerjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "playerjs 2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "pressapps-accordion-faq No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "peer-publish No.known.fix Cross-Site.Request.Forgery MEDIUM" "proteccion-datos-rgpd 0.69 Missing.Authorization MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.30.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.30.0 Contributor+.Stored.XSS MEDIUM" "paypal-payment-button-by-vcita 3.20.0 CSRF.to.Stored.XSS.in.settings.page MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "prevent-file-access 2.6.1 Authenticated.(Subscriber+).Path.Traversal MEDIUM" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "podlove-web-player 5.9.2 Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "post-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "post-grid 2.3.18 Missing.Authorization MEDIUM" "post-grid 2.3.18 Missing.Authorization MEDIUM" "post-grid 2.3.12 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "post-grid 2.3.7 Unauthenticated.User.Information.Exposure MEDIUM" "post-grid 2.3.6 Unauthenticated.Paid.Order.Creation MEDIUM" "post-grid 2.3.4 2.3.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "post-grid 2.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.90 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.93 Contributor+.Stored.XSS MEDIUM" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "prdctfltr No.known.fix Shop.Manager+.Privilege.Escalation HIGH" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "page-and-post-lister No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "postman-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "parallax-image 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.position.Parameter MEDIUM" "parallax-image 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dd-parallax.Shortcode MEDIUM" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postmash-custom No.known.fix Unauthenticated.SQL.Injection CRITICAL" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "puzzleme 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "player-leaderboard 1.0.3 1.0.2.-.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "pixproof No.known.fix Missing.Authorization MEDIUM" "propertyhive 2.1.13 Missing.Authorization MEDIUM" "propertyhive 2.1.13 Missing.Authorization MEDIUM" "propertyhive 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.1.1 Reflected.XSS HIGH" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "photo-feed No.known.fix Reflected.XSS HIGH" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "pre-publish-post-checklist No.known.fix Missing.Authorization MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-like-dislike No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "plugversions 0.0.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "planetcalc No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.language.Parameter MEDIUM" "pixelstats No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-embedder-fay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paritypress 1.0.1 Admin+.Stored.XSS LOW" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posturinn 1.3.3 Reflected.XSS HIGH" "pcrecruiter-extensions 1.4.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "preloader-sws No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "progress-planner 1.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "premium-blocks-for-gutenberg 2.1.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pwa-for-wp 1.7.73 Missing.Authorization MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "pathomation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pathomation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "pardot 2.1.1 Missing.Authorization MEDIUM" "pixel-formbuilder 1.0.3 Unauthenticated.SQL.Injection HIGH" "pixel-formbuilder 1.0.4 Cross-Site.Request.Forgery MEDIUM" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "photo-gallery-builder No.known.fix Missing.Authorization MEDIUM" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quillforms 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "quiz-maker 6.7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "quiz-maker 6.7.0.89 Admin+.Stored.XSS LOW" "quiz-maker 6.7.0.83 Cross-Site.Request.Forgery MEDIUM" "quiz-maker 6.7.0.81 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "quiz-maker 6.7.0.66 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "quiz-maker 6.7.0.65 Cross-Site.Request.Forgery MEDIUM" "quiz-maker 6.7.0.57 Unauthenticated.SQL.Injection MEDIUM" "quiz-maker 6.6.8.8 Unauthenticated.SQL.Injection HIGH" "quiz-maker 8.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 21.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 31.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 31.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 8.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 21.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "qi-blocks 1.4.4 Missing.Authorization.to.Arbitrary.Attachment.Resize MEDIUM" "qi-blocks 1.4.4 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "qi-blocks 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.via.ToC.Block MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.via.Counter.Block MEDIUM" "qi-blocks 1.4 Contributor+.Stored.XSS.vi.Countdown.Block MEDIUM" "qi-blocks 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "questionpro-surveys No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quote-tweet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "qubely No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "qubely No.known.fix Missing.Authorization MEDIUM" "qubely 1.8.14 Contributor+.Sensitive.Information.Exposure LOW" "qubely 1.8.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'align'.and.'UniqueID' MEDIUM" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "qmean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quiz-cat 3.0.9 Missing.Authorization MEDIUM" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "quran-text-multilanguage 2.3.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quran-text-multilanguage 2.3.22 Reflected.Cross-Site.Scripting.via.sourate.and.lang.Parameters MEDIUM" "quran-gateway No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "quick-contact-form 8.2.7 Unauthenticated.Open.Mail.Relay MEDIUM" "quick-contact-form 8.2.6 Cross-Site.Request.Forgery MEDIUM" "quick-contact-form 8.2.2 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qubotchat 1.1.6 Qubotchat.<.1,1,6..Admin+.Stored.XSS LOW" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "quttera-web-malware-scanner 3.5.2.1 Authenticated.(Administrator+).Server-Side.Request.Forgery LOW" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "quietly-insights No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "qs-dark-mode No.known.fix Missing.Authorization MEDIUM" "qs-dark-mode 3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "quiz-organizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "qyrr-code 2.0.8 Authenticated.(Contributor+).Arbitrary.File.Upload MEDIUM" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "quform 2.21.0 WordPress.Form.Builder.<.2.21.0.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "quicq No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Afosto.Disconnect MEDIUM" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "qodeblock No.known.fix Missing.Authorization MEDIUM" "quick-featured-images 13.7.4 Authenticated.(Editor+).SQL.Injection.via.delete_orphaned MEDIUM" "quick-featured-images 13.7.3 Insecure.Direct.Object.Reference.to.Image.Manipulation MEDIUM" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-learn No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quick-favicon No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quantities-and-units-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "qr-code-tag-for-wc-from-goaskle-com No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "qr-code-tag-for-wc-from-goaskle-com No.known.fix Cross-Site.Request.Forgery MEDIUM" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "qards No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "quote-master No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-adsense-reloaded No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quick-adsense-reloaded 2.0.88 Missing.Authorization MEDIUM" "quick-adsense-reloaded 2.0.88 Unauthenticated.SQL.Injection HIGH" "quick-adsense-reloaded 2.0.85 Missing.Authorization MEDIUM" "questionar-elementor No.known.fix Missing.Authorization MEDIUM" "qi-addons-for-elementor 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TypeOut.Text.Widget MEDIUM" "qi-addons-for-elementor 1.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.1 Sensitive.Information.Exposure MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ql-cost-calculator 7.5 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ql-cost-calculator 7.5 Missing.Authorization MEDIUM" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "quotes-llama 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "qr-code-and-barcode-scanner-reader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quickcab No.known.fix Missing.Authorization MEDIUM" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "quick-license-manager 2.4.18 Reflected.Cross-Site.Scripting MEDIUM" "quizlord No.known.fix Admin+.Stored.XSS LOW" "quick-count No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "querywall No.known.fix Admin+.SQLi MEDIUM" "qode-wishlist-for-woocommerce 1.2.8 Unauthenticated.Insecure.Direct.Object.Reference.to.Wishlist.Update MEDIUM" "query-wrangler 1.5.55 Cross-Site.Request.Forgery MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "query-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "question-answer No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "question-answer 1.2.71 Reflected.Cross-Site.Scripting MEDIUM" "question-answer No.known.fix Missing.Authorization MEDIUM" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "qrmenu-lite No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qc-simple-link-directory 14.8.1 Reflected.Cross-Site.Scripting MEDIUM" "qc-simple-link-directory 14.8.1 Authentication.Bypass CRITICAL" "qc-simple-link-directory 14.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "qc-simple-link-directory 14.8.1 Missing.Authorization MEDIUM" "quick-restaurant-reservations No.known.fix Missing.Authorization MEDIUM" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "quadmenu 3.2.1 Cross-Site.Request.Forgery.to.Limited.User.Meta.Update MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quote-comments No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Settings.Update MEDIUM" "quote-comments No.known.fix Stored.XSS.via.CSRF HIGH" "quentn-wp No.known.fix Unauthenticated.SQL.Injection.via.'qntn_wp_access'.Cookie HIGH" "quentn-wp 1.2.9 Unauthenticated.SQL.Injection HIGH" "quentn-wp 1.2.9 Unauthenticated.Privilege.Escalation CRITICAL" "quick-event-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-event-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "qode-essential-addons 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "qr-master No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quizzin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quran-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "qwiz-online-quizzes-and-flashcards 3.95 Reflected.XSS HIGH" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "quote-post-type-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qnotsquiz No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.47 Cross-Site.Request.Forgery MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quick-interest-slider No.known.fix Missing.Authorization MEDIUM" "quick-interest-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-localization No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-me No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qzzr-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "quick-testimonials No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "qrcode-wprhe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotemedia-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quran-phrases-about-most-people-shortcodes 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quickcreator 0.1.18 0.1.17.-.Unauthenticated.API.Key.Exposure HIGH" "quiz-master-next 10.3.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "quiz-master-next 10.3.4 Missing.Authorization MEDIUM" "quiz-master-next 10.3.2 Missing.Authorization.to.Unpublished,.Private.And.Password-Protected.Quiz.Information.Disclosure.And.Image.Response.Uploads MEDIUM" "quiz-master-next 10.3.2 Authenticated.(Subscriber+).SQL.Injection.via.'is_linking'.Query.Parameter MEDIUM" "quiz-master-next 10.3.2 Subscriber+.Quiz.Results.Deletion MEDIUM" "quiz-master-next 10.3.3 Missing.Authorization MEDIUM" "quiz-master-next 10.2.6 Unauthenticated.PHP.Object.Injection HIGH" "quiz-master-next 10.2.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "quiz-master-next 10.2.3 Template.Creation.via.CSRF MEDIUM" "quiz-master-next 9.2.1 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.3 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "qa-heatmap-analytics 4.1.1.2 Unauthenticated.Settings.Update MEDIUM" "quickcal 1.0.16 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "quickcal 1.0.16 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "radslide No.known.fix Missing.Authorization MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "rsvpmaker-volunteer-roles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-google-maps 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "related-posts-thumbnails 4.3.3 Cross-Site.Request.Forgery MEDIUM" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "really-simple-ssl-pro-multisite 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "rebrand-fluent-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "reportattacks 2.33 Authenticated.(Admin+).SQL.Injection MEDIUM" "ragic-shortcode 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "recooty No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "rsv-360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "risk-free-cash-on-delivery-cod-woocommerce No.known.fix WooCommerce.<=.1.0.4.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "read-more-copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "recent-posts-widget-extended No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rpwe.Shortcode MEDIUM" "rh-frontend No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "real-estate-listing-realtyna-wpl 5.0.1 Unauthenticated.Local.File.Inclusion HIGH" "real-estate-listing-realtyna-wpl 4.14.14 Admin+.Arbitrary.File.Upload MEDIUM" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "reepay-checkout-gateway 1.8.3 Missing.Authorization MEDIUM" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "responsive-google-map No.known.fix Missing.Authorization MEDIUM" "rvcfdi-para-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rac 24.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "rac No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "redux-framework 4.5.9 Contributor+.Stored.XSS.via.data.Parameter MEDIUM" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "restful-syndication 1.6.0 1.5.0.-.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "reactflow-session-replay-heatmap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "realty-workstation No.known.fix Missing.Authorization MEDIUM" "realty-workstation No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "realty-workstation 1.0.15 Agent.SQLi HIGH" "rccp-free 1.7.0 1.6.8.-.Missing.ServerSide.Verification.to.Authentication.Bypass.via.ringcentral_admin_login_2fa_verify.Function CRITICAL" "rccp-free No.known.fix Stored.XSS.via.CSRF HIGH" "reuters-direct No.known.fix Missing.Authorization MEDIUM" "reuters-direct No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "reuters-direct No.known.fix Cross-Site.Request.Forgery.to.Settings.Reset MEDIUM" "reloadly-topup-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "rate-star-review 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.2.1 Missing.Authorization MEDIUM" "responsive-block-editor-addons 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.section_tag.Parameter MEDIUM" "responsive-block-editor-addons 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "runners-log No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rdp-ingroups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rabbit-hole No.known.fix Cross-Site.Request.Forgery.to.Settings.Reset MEDIUM" "right-click-disable-or-ban 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rating-bws No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-via-categories No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "remove-date-and-gravatar-under-comment No.known.fix Cross-Site.Request.Forgery MEDIUM" "rsv-google-maps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "rankology-seo-all-in-one-seo-analytics 2.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "related-posts-lite No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "related-posts-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "regallery No.known.fix Missing.Authorization MEDIUM" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "request-a-quote 2.5.4 Missing.Authorization MEDIUM" "request-a-quote 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "request-a-quote 2.5.3 Unauthenticated.Limited.Remote.Code.Execution HIGH" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "rsvp 2.7.15 Authenticated.(Administrator+).SQL.Injection MEDIUM" "rsvp 2.7.14 Missing.Authorization MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "rd-wapp No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "resads No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "resads No.known.fix Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "raisely-donation-form 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.raisely_donation_form.Shortcode MEDIUM" "real-cookie-banner 5.2.5 Authenticated.(Admin+).Server-Side.Request.Forgery.via.scan-without-login.Endpoint MEDIUM" "real-cookie-banner 5.1.6 Admin+.Stored.XSS LOW" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "real-estate-right-now 4.49 Missing.Authorization MEDIUM" "referral-link-tracker No.known.fix Missing.Authorization MEDIUM" "robo-maps No.known.fix Google.Maps.<=.1.0.6.-.Contributor+.Stored.XSS MEDIUM" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "revision-diet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rss-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-post-shortcode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "rss-feed-pro 1.1.9 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "real-cookie-banner-pro 5.1.6 Admin+.Stored.XSS LOW" "revisionary 3.5.16 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "revisionary 3.5.15 Reflected.Cross-Site.Scripting MEDIUM" "review-stars-count-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redirection-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "randomquotr No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "responsive-lightbox 2.7.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.Remote.Library.Image.Upload MEDIUM" "responsive-lightbox 2.6.1 Unauthenticated.Stored.XSS HIGH" "responsive-lightbox 2.5.4 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "responsive-lightbox 2.5.3 Unauthenticated.Stored-XSS.via.Comments HIGH" "responsive-lightbox 2.5.2 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox 2.5.1 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Author+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "random-image-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "related-posts-line-up-exactry-by-milliard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rps-include-content 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "restrict-elementor-widgets No.known.fix Missing.Authorization MEDIUM" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "related-products-manager-woocommerce 1.6.3 Contributor+.Stored.XSS MEDIUM" "radio-station 2.5.13 Cross-Site.Request.Forgery MEDIUM" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rs-wp-books-showcase No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "rs-wp-books-showcase No.known.fix Contributor+.Stored.XSS MEDIUM" "run-log 1.7.11 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "relentlosoftware No.known.fix Missing.Authorization MEDIUM" "rapidresult 1.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rootspersona No.known.fix Missing.Authorization MEDIUM" "rootspersona No.known.fix Cross-Site.Request.Forgery MEDIUM" "robcore-netatmo No.known.fix Authenticated.(Contributor+).SQL.Injection.via.robcore-netatmo.Shortcode MEDIUM" "realpress 1.1.1 Cross-Site.Request.Forgery MEDIUM" "realpress 1.1.0 Unauthenticated.Content.Creation/Email.Sending.via.REST MEDIUM" "remote-images-grabber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "relocate-upload No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-addons-for-elementor 2.0.9 Missing.Authorization MEDIUM" "responsive-addons-for-elementor 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "responsive-addons-for-elementor 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'rael_title_tag' MEDIUM" "responsive-addons-for-elementor 1.6.9 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-time-auto-find-and-replace 1.7.8 Authenticated.(Subscriber+).Limited.Code.Injection HIGH" "real-time-auto-find-and-replace 1.7.8 Missing.Authorization MEDIUM" "real-time-auto-find-and-replace 1.7.7 Admin+.Stored.XSS LOW" "real-time-auto-find-and-replace 1.6.8 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rsvp-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvp-me No.known.fix Unauthenticated.SQL.Injection HIGH" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "recently-viewed-most-viewed-and-sold-products-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "rightmessage No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "reformer-elementor No.known.fix Missing.Authorization MEDIUM" "reformer-elementor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "reading-progress-bar 1.3.1 Admin+.Stored.XSS LOW" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "rich-table-of-content 1.4.1 Missing.Authorization MEDIUM" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "responsive-filterable-portfolio 1.0.25 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "responsive-filterable-portfolio 1.0.9 Authenticated.(Admin+).SQL.Injection MEDIUM" "responsive-filterable-portfolio 1.0.23 Server-Side.Request.Forgery MEDIUM" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "realty-portal No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "rometheme-for-elementor 2.0.0 Reflected.Cross-Site.Scripting.via.'themebuilder'.Parameter MEDIUM" "rometheme-for-elementor 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Repeater.Block.Attribute MEDIUM" "rometheme-for-elementor 1.6.6 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "rometheme-for-elementor 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "rometheme-for-elementor 1.6.8 Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "rometheme-for-elementor 1.5.3 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.5.3 Contributor+.Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "rometheme-for-elementor 1.5.4 Missing.Authorization.in.save_options.and.reset_widgets MEDIUM" "rometheme-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rselements-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rover-idx 3.0.0.2906 Authenticated.(Subscriber+).Authentication.Bypass.to.Administrator HIGH" "rover-idx 3.0.0.2905 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "responsive-youtube-videos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "random-banner No.known.fix Contributor+.Stored.XSS MEDIUM" "random-banner No.known.fix Admin+.Stored.XSS LOW" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "read-more No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Read.More.Button.Deletion MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-and-swipe-slider No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "r-animated-icon No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "reftagger-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-my-post 4.2.5 Unauthenticated.Voting.On.Scheduled.Posts MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "real-wp-shop-lite No.known.fix Admin+.Stored.XSS LOW" "rss-news-scroller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rapid-cache No.known.fix Unauthenticated.Cache.Poisoning HIGH" "rollover-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radius-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.subHeadingTagName.Parameter MEDIUM" "radius-blocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "radius-blocks No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "radius-blocks 2.2.0 Cross-Site.Request.Forgery MEDIUM" "radius-blocks 2.2.0 Contributor+.Stored.XSS MEDIUM" "recipe-card-blocks-by-wpzoom 3.4.13 Contributor+.SQLi MEDIUM" "recipe-card-blocks-by-wpzoom 3.4.9 Incorrect.Authorization HIGH" "recipe-card-blocks-by-wpzoom 3.4.4 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Disclosure MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "revision-manager-tmc No.known.fix Cross-Site.Request.Forgery MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "rs-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "royal-core No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "reuse-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "robin-image-optimizer 2.0.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Alternative.Text.Field MEDIUM" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "responsive-accordion-slider No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Slider.Update.via.'resp_accordion_silder_save_images' MEDIUM" "related-posts 1.8.2 XSS MEDIUM" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "rimons-twitter-widget 1.3 XSS MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "repayment-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-featured-post-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "recent-backups No.known.fix Remote.File.Download HIGH" "rrssb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "related-posts-via-taxonomies No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "review-manager No.known.fix Missing.Authorization MEDIUM" "responsive-add-ons 3.4.3 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "responsive-add-ons 3.2.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "responsive-add-ons 3.2.1 Missing.Authorization MEDIUM" "responsive-add-ons 3.2.0 Missing.Authorization MEDIUM" "responsive-add-ons 3.1.5 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.remote_request MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "realbig-media No.known.fix Missing.Authorization MEDIUM" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redirect-to-welcome-or-landing-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "restricted-content 2.2.9 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rebuild-permalinks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "realty-portal-agent No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation.via.rp_user_profile().Function HIGH" "rtwwcfp-wordpress-contact-form-7-pdf 3.1.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "rdfa-breadcrumb No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revy No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "revy No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "revy No.known.fix Unauthenticated.SQL.Injection HIGH" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "restaurantconnect-reswidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rdp-linkedin-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "readme-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rss-feed-post-generator-echo 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "rss-feed-post-generator-echo 5.4.8.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rss-feed-post-generator-echo 5.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "robokassa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "robokassa 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "rescue-shortcodes 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rescue-shortcodes 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rescue_progressbar.Shortcode MEDIUM" "rescue-shortcodes 2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "relogo No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "rss-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "riovizual No.known.fix Missing.Authorization MEDIUM" "riovizual 2.3.2 Cross-Site.Request.Forgery MEDIUM" "recaptcha-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-client-logo-carousel-slider 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rafflepress 1.12.21 Cross-Site.Request.Forgery MEDIUM" "rafflepress 1.12.21 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.19 Missing.Authorization MEDIUM" "rafflepress 1.12.17 Admin+.Stored.XSS LOW" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "real-post-slider-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "review-schema 2.2.5 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "rtl-tester No.known.fix Cross-Site.Request.Forgery MEDIUM" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-posts-carousel-pro No.known.fix Missing.Authorization MEDIUM" "responsive-posts-carousel-pro No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "responsive-posts-carousel-pro 15.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-posts-carousel-pro 15.1 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "review-wave-google-places-reviews No.known.fix Cross-Site.Request.Forgery MEDIUM" "richtexteditor No.known.fix Missing.Authorization MEDIUM" "richtexteditor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "relevanssi 4.26.0 Contributor+.SQLi MEDIUM" "relevanssi 4.24.6 Unauthenticated.Stored.Cross-Site.Scripting.via.Excerpt.Highlights MEDIUM" "relevanssi 4.24.5 Unauthenticated.SQL.Injection HIGH" "relevanssi 4.24.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Search.Highlights MEDIUM" "relevanssi 4.23.1 Contributor+.Stored.XSS MEDIUM" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "ratemyagent-official 1.5.0 Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "responsive-gallery-grid 2.3.15 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "reflector-plugins 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "responder 4.4.0 Cross-Site.Request.Forgery MEDIUM" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "rest-api-to-miniprogram No.known.fix Subscriber+.Insecure.Direct.Object.Reference.via.'userid' MEDIUM" "rest-api-to-miniprogram No.known.fix Cross-Site.Request.Forgery MEDIUM" "rest-api-to-miniprogram 4.7.6 Unauthenticated.Arbitrary.User.Email.Update.and.Privilege.Escalation.via.Account.Takeover CRITICAL" "rest-api-to-miniprogram No.known.fix Unauthenticated.SQL.Injection HIGH" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "related-posts-by-taxonomy 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'related_posts_by_tax'.Shortcode MEDIUM" "rocket-media-library-mime-type No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "roi-calculator 1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reloaded-rezdy No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "responsivity No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rss-digest No.known.fix Cross-Site.Request.Forgery MEDIUM" "recras 6.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'recrasname'.Shortcode.Attribute MEDIUM" "revslider 6.7.38 Contributor+.Arbitrary.File.Read MEDIUM" "revslider 6.7.37 Authenticated.(Contributor+).Arbitrary.File.Read.via.'used_svg'.and.'used_images' MEDIUM" "revslider 6.7.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "raphicon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "referrer-detector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revenue 2.1.4 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "revenue 1.2.14 Missing.Authorization MEDIUM" "realtycandy-idx-broker-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "revolut-gateway-for-woocommerce 4.17.4 Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "rizzi-guestbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rentsyst 2.0.101 Reflected.Cross-Site.Scripting MEDIUM" "rentsyst 2.0.93 Stored.XSS.via.CSRF HIGH" "rucy No.known.fix CSRF.Bypass MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "rays-grid No.known.fix Cross-Site.Request.Forgery MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "rsv-pdf-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-control 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.6.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rio-photo-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rewardsystem No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "raise-the-money No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rt18-extensions 2.5 Unauthenticated.Local.File.Inclusion CRITICAL" "rss-feed-widget 3.0.3 Missing.Authorization MEDIUM" "rss-feed-widget 3.0.0 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.1 Reflected.XSS MEDIUM" "rss-feed-widget 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rfw-youtube-videos.Shortcode MEDIUM" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "really-simple-ssl-pro 9.5.4.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "really-simple-ssl-pro 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "reviews-sorted No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'space'.Shortcode.Attribute MEDIUM" "rss-in-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "recipepress-reloaded No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "reaction-buttons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recently 3.0.5 Authenticated.Code.Injection HIGH" "rupantorpay No.known.fix Missing.Authorization.to.Unauthenticated.Order.Status.Modification MEDIUM" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "rewrite No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "range-slider-addon-for-gravity-forms 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsvpmaker 11.5.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvpmaker 11.6.8 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 11.4.6 Missing.Authorization MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "rio-video-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rewp 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "realhomes-crm 1.0.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "restrict-file-access No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "restrict-file-access No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "recaptcha-for-all 2.27 Cross-Site.Request.Forgery MEDIUM" "recaptcha-for-all 2.23 Cross-Site.Request.Forgery MEDIUM" "rename-author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reactive-mortgage-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-iframe-googlemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "real3d-flipbook-lite 4.19.2 Missing.Authorization MEDIUM" "real3d-flipbook-lite 4.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 4.8.5 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "ronneby-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ronneby-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ra-qrcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "really-simple-under-construction No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "rocket-wp-mobile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reciply No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "relevanssi-premium 2.29.0 Contributor+.SQLi MEDIUM" "relevanssi-premium 2.27.7 Unauthenticated.Stored.Cross-Site.Scripting.via.Excerpt.Highlights MEDIUM" "relevanssi-premium 2.27.5 Unauthenticated.SQL.Injection HIGH" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "responsive-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rezgo 4.17.1 Unauthenticated.Local.File.Inclusion HIGH" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.23 Contributor+.Stored.XSS MEDIUM" "robo-gallery 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.24 Admin+.Stored.XSS LOW" "robo-gallery 3.2.22 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Gallery.Title.Disclosure MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "restrict-taxonomies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "registrations-for-the-events-calendar 2.13.4 Admin+.Stored.XSS LOW" "registrations-for-the-events-calendar 2.12.4 Unauthenticated.Stored.XSS HIGH" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "responsive-flipbook No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "report-broken-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "report-broken-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "random-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "reservit-hotel 3.0 Admin+.Stored.XSS LOW" "rs-members No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "reset 1.7 Cross-Site.Request.Forgery.to.Database.Reset HIGH" "recapture-for-woocommerce 1.0.44 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "restaurant-reservations 2.7.9 Arbitrary.Bookings.Deletion.via.CSRF MEDIUM" "restaurant-reservations 2.7.5 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "restaurant-reservations 2.7.9 Cross-Site.Request.Forgery MEDIUM" "restaurant-reservations 2.7.7 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "restaurant-reservations 2.6.30 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "replace No.known.fix Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.7.1050 Unauthenticated.Custom.Post.Type.Contents.Exposure MEDIUM" "royal-elementor-addons 1.7.1050 Author+.Arbitrary.File.Upload HIGH" "royal-elementor-addons No.known.fix Missing.Authorization MEDIUM" "royal-elementor-addons 1.7.1037 Unauthenticated.Media.File.Upload MEDIUM" "royal-elementor-addons 1.7.1032 Contributor+.DOM-Based.Stored.XSS.via.lightGallery.Library MEDIUM" "royal-elementor-addons 1.7.1037 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1025 Contributor+.Stored.DOM-Based.XSS.via.Multiple.Widgets MEDIUM" "royal-elementor-addons 1.7.1021 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1018 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1018 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.3.979 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1013 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1007 Admin+.SSRF LOW" "royal-elementor-addons 1.7.1013 Contributor+.DOM-Based.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1008 Reflected.XSS HIGH" "royal-elementor-addons 1.7.1007 Stored.XSS.via.CSRF HIGH" "royal-elementor-addons 1.7.1002 Missing.Authorization LOW" "royal-elementor-addons 1.7.1002 Reflected.Cross-Site.Scripting HIGH" "royal-elementor-addons 1.7.1 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1004 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Google.Maps.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Author+).External.Entity.Injection MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Subscriber+).Private.Post.Disclosure MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "riode-core 1.6.27 Unauthenticated.SQL.Injection HIGH" "revechat No.known.fix Stored.XSS.via.CSRF HIGH" "rss-icon-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "read-more-login No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "rentfetch 0.32.7 Unauthenticated.Stored.Cross-Site.Scripting.via.'keyword'.Parameter HIGH" "recently-purchased-products-for-woo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.view.Parameter MEDIUM" "rng-refresh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "rest-api-fns No.known.fix Privilege.Escalation CRITICAL" "rest-api-fns No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "randomtext No.known.fix Subscriber+.SQLi HIGH" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "random-posts-mp3-player-sharebutton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restrict-anonymous-access 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "residential-address-detection 2.5.10 Missing.Authorization MEDIUM" "residential-address-detection 2.5.5 Missing.Authorization MEDIUM" "residential-address-detection 2.5.5 Unauthenticated.Arbitrary.Options.Update CRITICAL" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "romancart-on-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-data-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rencontre 3.13.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rencontre 3.13.8 Cross-Site.Request.Forgery MEDIUM" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "recipes-writer No.known.fix XSS MEDIUM" "replymail No.known.fix Cross-Site.Request.Forgery MEDIUM" "razorpay-payment-button-elementor 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "rife-elementor-extensions 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Shortcode MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "robotstxt-rewrite No.known.fix Cross-Site.Request.Forgery MEDIUM" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "rsfirewall 1.1.43 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "ryviu No.known.fix Missing.Authorization MEDIUM" "rollbar 3.0.0 Cross-Site.Request.Forgery MEDIUM" "ravelry-designs-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sb_ravelry_designs'.Shortcode.'layout'.Attribute MEDIUM" "realty 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "responsive-jquery-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rankchecker-io-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rajce No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ris-version-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "recover-wc-abandoned-cart No.known.fix Unauthenticated.SQL.Injection HIGH" "recover-wc-abandoned-cart 2.3 Cross-Site.Request.Forgery MEDIUM" "registration-login-with-mobile-phone-number 1.3.2 Authentication.Bypass CRITICAL" "registration-login-with-mobile-phone-number 1.3.2 Missing.Authorization MEDIUM" "rduplicator No.known.fix Contributor+.SQLi HIGH" "rock-form-builder 2.5 Privilege.Escalation HIGH" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "refund-request-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Refund.Status.Update MEDIUM" "razorpay-payment-button 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "rig-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "responsive-sidebar No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "replace-default-words No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "responsive-flickr-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 25.0513 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.1015 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "review-disclaimer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "razorpay-subscription-button-elementor 1.0.4 Reflected.Cross-Site.Scripting.via.add_query_arg.and.remove_query_arg.Functions MEDIUM" "rws-enquiry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "remove-post-type-slug No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "restore-permanently-delete-post-or-page-data No.known.fix Cross-Site.Request.Forgery MEDIUM" "restrict-user-registration No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "restrict-user-registration No.known.fix Restrict.User.Registration.<=.1,0,1..Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewstap 1.1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "risk-warning-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "radio-player No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.85 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.79 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewx 2.3.0 Unauthenticated.Limited.Remote.Code.Execution HIGH" "reviewx 2.3.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "reviewx 2.2.12 Unauthenticated.Information.Exposure.and.Data.Manipulation MEDIUM" "reviewx 2.3.0 Unauthenticated.Sensitive.Information.Exposure.to.Data.Export MEDIUM" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "r3w-instafeed No.known.fix Reflected.XSS HIGH" "request-call-back No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ravpage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ravpage 2.33 PHP.Object.Injection CRITICAL" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "responsive-mobile-friendly-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "real-time-validation-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "real-time-validation-for-gravity-forms No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "real-time-validation-for-gravity-forms No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider-responsive No.known.fix Cross-Site.Request.Forgery MEDIUM" "root-cookie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.21.1 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-owl-carousel No.known.fix Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "rankology-seo-and-analytics-tool 2.5 Editor+.Header.&.Footer.Code.Creation LOW" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "really-simple-ssl 9.5.8 Missing.Authorization MEDIUM" "really-simple-ssl 9.2.0 Cross-Site.Request.Forgery MEDIUM" "really-simple-ssl 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "regpack No.known.fix Admin+.Stored.XSS LOW" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "real-estate-pro No.known.fix Missing.Authorization MEDIUM" "real-estate-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "rate-own-post No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "raychat No.known.fix Cross-Site.Request.Forgery MEDIUM" "raychat 2.2.0 Missing.Authorization MEDIUM" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "related-post 2.0.60 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-post 2.0.59 Sensitive.Information.Exposure MEDIUM" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "responsive-header No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Settings.Parameters MEDIUM" "restropress 3.2.8 Missing.Authorization MEDIUM" "restropress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.2.3.6 Missing.Authorization MEDIUM" "restropress 3.2.2 Unauthenticated.Information.Exposure.to.Authentication.Bypass.via.Forged.JWT CRITICAL" "restropress No.known.fix Reflected.Cross-Site.Scripting HIGH" "restropress No.known.fix Missing.Authorization MEDIUM" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "revenueflex-easy-ads 1.5.1 Missing.Authorization.to.Authenticated.(Editor+).Settings.Update LOW" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "rock-convert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "rdp-wiki-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "responsify-wp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "responsive-flipbooks No.known.fix Missing.Authorization MEDIUM" "responsive-iframe No.known.fix Contributor+.Stored.XSS HIGH" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "recent-posts-from-each-category No.known.fix Cross-Site.Request.Forgery MEDIUM" "rich-web-share-button No.known.fix Unauthenticated.SQL.Injection CRITICAL" "rich-web-share-button No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "restrict-content 3.2.25 Unvalidated.Redirect.in.Password.Reset.Flow MEDIUM" "restrict-content 3.2.21 Unauthenticated.Privilege.Escalation.via.'rcp_level' HIGH" "restrict-content 3.2.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Invoice.Settings MEDIUM" "restrict-content 3.2.17 Missing.Authentication.to.Insecure.Direct.Object.Reference.and.Sensitive.Information.Exposure HIGH" "restrict-content 3.2.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "restrict-content 3.2.14 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "ruven-themes-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reoon-email-verifier 2.1.1 Missing.Authorization MEDIUM" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "responsive-contact-form No.known.fix Missing.Authorization MEDIUM" "real-estate-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-estate-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "real-estate-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "real-estate-manager No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "real-estate-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "real-estate-manager No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "real-estate-manager No.known.fix CAPTCHA.Bypass MEDIUM" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "realtyna-provisioning 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "responsive-accordion-tabs 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "reveal-listing 3.4 Unauthenticated.Privilege.Escalation CRITICAL" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "recaptcha-jetpack No.known.fix Cross-Site.Request.Forgery MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "revi-io-customer-and-product-reviews 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "revinsite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "rsvpmaker-for-toastmasters 6.2.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rise-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Identity.Block.Attributes MEDIUM" "rise-blocks 3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TitleTag.Parameter MEDIUM" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "recurring-donation 1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "registration-password 2.0.1 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "real-estate-manager-pro 12.7.4 Reflected.Cross-Site.Scripting MEDIUM" "related-videos-for-jw-player 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "redux-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revive-so 2.0.7 Missing.Authorization MEDIUM" "revive-so 2.0.4 Missing.Authorization MEDIUM" "realteo 1.2.9 Real.Estate.Plugin.by.Purethemes.<.1.2.9.-.Authentication.Bypass.via.'do_register_user' CRITICAL" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-food-and-drink-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_pdf_menus.Shortcode MEDIUM" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "resideo-plugin No.known.fix Real.Estate.WordPress.Theme.<=.2.5.4.-.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference.to.Privilege.Escalation.via.Account.Takeover HIGH" "review-stream 1.6.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "reverbnation-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "registered-user-sync-activecampaign No.known.fix Missing.Authorization MEDIUM" "rehub-framework 19.9.9.6 Missing.Authorization MEDIUM" "rehub-framework 19.9.9.4 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "rehub-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "related-posts-list-grid-and-slider-all-in-one No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "relais-2fa No.known.fix Authentication.Bypass CRITICAL" "rlm-elementor-widgets-pack 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-for-discount 1.0.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.WooCommerce.Coupon.Creation HIGH" "rumbletalk-chat-a-chat-with-themes 6.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "revampcrm-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svgator 1.3.3 Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "simple-sitemap 3.6.1 Missing.Authorization MEDIUM" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stockdio-historical-chart 2.8.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "soj-soundslides No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "story-chief 1.0.43 Unauthenticated.Arbitrary.File.Upload CRITICAL" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "style-manager No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "site-checkup 1.48 Unauthenticated.Log.File.Poisoning MEDIUM" "shopwarden 1.0.12 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "scheduler-widget No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.Event.Modification MEDIUM" "skyboot-portfolio-gallery 1.0.6 Contributor+.Stored.XSS MEDIUM" "save-as-pdf-by-pdfcrowd 4.5.6 Reflected.Cross-Site.Scripting.via.options MEDIUM" "save-as-pdf-by-pdfcrowd 4.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.4.1 Unauthenticated.PHP.Object.Injection HIGH" "save-as-pdf-by-pdfcrowd 4.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "sakolawp-lite No.known.fix Cross-Site.Request.Forgery.to.Exam.Setting.Manipulation MEDIUM" "sakolawp-lite No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "svegliat-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortlinkspro 1.0.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "scriptless-social-sharing 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "simple-job-board 2.13.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "semantic-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sello-channelconnector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "singsong No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "superstorefinder-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "superstorefinder-wp 7.7 Reflected.Cross-Site.Scripting HIGH" "superstorefinder-wp 7.6 Unauthenticated.SQL.Injection HIGH" "superstorefinder-wp 7.8 Unauthenticated.Local.File.Inclusion HIGH" "superstorefinder-wp 7.5 Unauthenticated.SQL.Injection HIGH" "superstorefinder-wp 7.1 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-locker-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shipment-tracker-for-woocommerce 1.4.23.1 Reflected.Cross-Site.Scripting MEDIUM" "showeblogin-facebook-page-like-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sailthru-triggermail No.known.fix Subscriber+.Stored.XSS HIGH" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "sendpulse-web-push 1.3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "smart-grid-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "simple-baseball-scoreboard No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "same-but-different No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplistic-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stock-ticker 3.26.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Template MEDIUM" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "simple-user-capabilities No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation CRITICAL" "simple-user-capabilities No.known.fix Missing.Authorization.to.Unauthenticated.Capability.Reset MEDIUM" "show-youtube-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'id'.Shortcode.Attribute MEDIUM" "soundrise-music 1.7.1 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "stax-buddy-builder 1.8.0 Contributor+.Post.Disclosure MEDIUM" "simple-user-profile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sportspress-tv No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "smart-manager-for-wp-e-commerce 8.53.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-manager-for-wp-e-commerce 8.46.0 Missing.Authorization MEDIUM" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "simpleform-contact-form-submissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "smcountdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snillrik-restaurant-menu 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'menu_style'.Shortcode.Attribute MEDIUM" "super-interactive-maps No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "seo-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "streamweasels-twitch-integration 1.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-twitch-embed.Shortcode MEDIUM" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "syndicate-out No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sopa-blackout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "seo-meta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sync-feedly No.known.fix Cross-Site.Request.Forgery.to.Sync.Trigger MEDIUM" "smart-marketing-for-wp 5.0.5 Missing.Authorization MEDIUM" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-plyr No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'poster'.Shortcode.Attribute MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "surbma-font-awesome 3.1 Contributor+.Stored.XSS MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Reflected.Cross-Site.Scripting.via.monthly_sales_current_year.Parameter MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update./.Data.Access MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "sliderspack-all-in-one-image-sliders 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sticky-social-icons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-social-icons No.known.fix Admin+.Stored.XSS LOW" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "sheetdb 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.4.6 Admin+.SSRF MEDIUM" "shortcodes-ultimate 7.4.3 Author+.Stored.XSS.via.Image.Title.and.Slide.Link MEDIUM" "shortcodes-ultimate 7.4.3 Arbitrary.Shortcode.Execution.via.CSRF MEDIUM" "shortcodes-ultimate 7.4.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.4.1 Contributor+.Stored.XSS.via.'data-url'.Attribute MEDIUM" "shortcodes-ultimate 7.3.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.4.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.3.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.3.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "subscriptions-renewal-reminders 1.4.2 Notice.Dismissal.via.CSRF MEDIUM" "smart-auto-upload-images 1.2.1 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "saaspricing 1.2.5 Contributor+.Stored.XSS MEDIUM" "service-boxs 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spice-starter-sites No.known.fix Missing.Authorization.to.Unauthenticated.Demo.Content.Import MEDIUM" "spice-starter-sites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "slippy-slider-responsive-touch-navigation-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-jwt-login 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "salvador-ai-image-generator No.known.fix Missing.Authorization MEDIUM" "simple-bike-rental 1.0.7 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Booking.Data.Exposure MEDIUM" "stencies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sitekit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitekit 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitekit 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "shopperapproved-reviews 2.2 2.1.-..Subscriber+.Arbitrary.Options.Update HIGH" "subscribe-to-unlock-lite 1.3.1 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "subscribe-to-unlock-lite 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "simple-image-sizes 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-header-effects-for-elementor 2.1.3 Missing.Authorization MEDIUM" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-lightbox-gallery No.known.fix Author+.Stored.XSS MEDIUM" "simple-lightbox-gallery 1.10.0 .Contributor+.PHP.Object.Injection MEDIUM" "scrollup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smsify 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-gallery-with-filter 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-post-meta-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "suretriggers 1.0.83 Unauthenticated.Privilege.Escalation CRITICAL" "suretriggers 1.0.79 Unauthenticated.Admin.User.Creation HIGH" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "short-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Administration.Settings.Page MEDIUM" "simple-feed-stats 20250820 Cross-Site.Request.Forgery MEDIUM" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "siteground-email-marketing 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slope-widgets 4.2.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-icons No.known.fix Missing.Authorization MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "survey-maker 5.1.9.5 Missing.Authorization MEDIUM" "survey-maker 5.1.9.5 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "survey-maker 5.1.9.5 Missing.Authorization.to.Unauthenticated.Limited.Option.Update MEDIUM" "survey-maker 5.1.8.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 5.1.8.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 5.1.6.4 Unauthenticated.Authorization.Bypass MEDIUM" "survey-maker 5.1.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 5.1.3.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Survey.Question MEDIUM" "survey-maker 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.9.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-locator 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "semalt No.known.fix Admin+.Stored.XSS LOW" "show-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'Additional.Classes.to.Wrap.Posts'.Widget.Setting MEDIUM" "show-posts 1.8.1 Admin+.PHP.Object.Injection LOW" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "simple-login-log 2.0.0 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "signup-page No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "sogrid 1.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "sogrid 1.5.7 Unauthenticated.Local.File.Inclusion CRITICAL" "sogrid 1.5.7 Authenticated.(Admin+).Local.File.Inclusion HIGH" "slider-wd 1.2.62 Contributor+.Stored.XSS MEDIUM" "slider-wd 1.2.62 Admin+.Stored.XSS.via.Widget LOW" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "sheet2site No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "smart-wishlist-for-more-convert 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "smart-wishlist-for-more-convert 1.9.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-wishlist-for-more-convert 1.8.8 Unauthenticated.Wishlist.Disclosure.via.download_pdf_file.Function HIGH" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "simple-blog-stats 20250423 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-pull-quote 1.6.4 Contributor+.Stored.XSS MEDIUM" "social-profilr-display-social-network-profile No.known.fix Cross-Site.Request.Forgery MEDIUM" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "shmapper-by-teplitsa 1.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sastra-essential-addons-for-elementor 1.0.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "sastra-essential-addons-for-elementor 1.0.15 Missing.Authorization.to.Spexo.Theme.Install MEDIUM" "sastra-essential-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-future No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "set-bulk-post-categories No.known.fix Cross-Site.Request.Forgery.to.Bulk.Post.Category.Update MEDIUM" "shiftnav-responsive-mobile-menu 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "save-as-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.restpackpdfbutton.Shortcode MEDIUM" "simple-link-list-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "supersaas-appointment-scheduling 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.after.Parameter MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "svg-shortcode No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "staff-directory-pro No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "staff-directory-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "smart-countdown-fx No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-excel-pricelist-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "spider-contacts No.known.fix Reflected.XSS HIGH" "simple-user-meta-editor No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.User.Meta.Value.Field MEDIUM" "spice-blocks 2.0.7.5 Unauthenticated.Arbitrary.File.Download HIGH" "spice-blocks No.known.fix Missing.Authorization MEDIUM" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "simple-pricing-tables-vc-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "store-credit-for-woocommerce 1.0.49.47 Reflected.Cross-Site.Scripting MEDIUM" "spendeonline 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-photo-feed 1.4.1 Missing.Authorization MEDIUM" "simple-bible-verse-via-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "surveyfunnel-lite No.known.fix Unauthenticated.Information.Exposure MEDIUM" "surveyfunnel-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shalom-world-media-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-rocket No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "social-rocket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "style-tweaker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "shopsite-plugin 1.5.11 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortpixel-adaptive-images 3.10.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.API.URL MEDIUM" "shortpixel-adaptive-images 3.10.1 Missing.Authorization MEDIUM" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "swiss-toolkit-for-wp No.known.fix Missing.Authorization MEDIUM" "swiss-toolkit-for-wp 1.4.1 Missing.Authorization MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "simplified-content 1.0.1 XSS MEDIUM" "slider-path No.known.fix Missing.Authorization MEDIUM" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-crowd No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "sunshine-photo-cart 3.5.7.1 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.5.7.3 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.5.7.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.5.4 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.4.12 Subscriber.Privilege.Escalation HIGH" "sunshine-photo-cart 3.4.11 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.2.11 Open.Redirect MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.9 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "sphere-manager No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting.via.'width'.Shortcode.Attribute MEDIUM" "subscribe-to-download 2.1.0 Missing.Authorization MEDIUM" "subscribe-to-download 2.1.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "subscribe-to-download 2.1.0 Unauthenticated.PHP.Object.Injection HIGH" "share-buttons No.known.fix Admin+.Stored.XSS LOW" "share-buttons No.known.fix Unauthenticated.Image.Upload.&.Path.Traversal MEDIUM" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "simple-download-counter 2.2.3 Authenticated.(Administrator+).Arbitrary.File.Read.via.Path.Traversal MEDIUM" "simple-download-counter 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-download-counter 2.1 Authenticated.(Author+).Arbitrary.File.Read MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "shortcode-support-for-elementor-templates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "school-management-system 4.2 Admin+.SQLi MEDIUM" "sportspress 2.7.27 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "scw-bus-seat-reservation No.known.fix Unauthenticated.SQL.Injection HIGH" "simple-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.19.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.19.0 Missing.Authorization MEDIUM" "stackable-ultimate-gutenberg-blocks 3.19.0 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.7 Unauthenticated.CSS.Injection MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sv100-companion No.known.fix Missing.Authorization.to.Unuathenticated.Arbitrary.Options.Update CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sitelock 5.0.3 Missing.Authorization MEDIUM" "sitelock 5.0.2 Missing.Authorization MEDIUM" "soumettre-fr 2.1.6 Unauthenticated.Soumettre.Posts.Creation/Modification/Deletion LOW" "soumettre-fr 2.1.4 Missing.Authorization MEDIUM" "show-visitor-ip-address No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surferseo 1.6.5.584 Missing.Authorization MEDIUM" "surferseo 1.6.0.523 Authenticated.(Administrator+).SQL.Injection MEDIUM" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "simple-testimonials-showcase No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "stop-registration-spam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-registration-spam 1.24 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "shabat-keeper No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "shiptimize-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "shiptimize-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-metrics-helper 1.0.16 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "subscribe2 10.45 Missing.Authorization MEDIUM" "subscribe2 10.44 Unauthenticated.Stored.Cross-Site.Scripting.via.IP.Parameter HIGH" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "slick-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "specia-companion No.known.fix Missing.Authorization MEDIUM" "sweepwidget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stylish-google-sheet-reader 4.1 Reflected.XSS HIGH" "stylish-google-sheet-reader 4.1 Reflected.Cross-Site.Scripting HIGH" "simple-wp-events 1.9.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simple-wp-events 1.9.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-wp-events 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "staticpress No.known.fix Missing.Authorization MEDIUM" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "social-login-wp No.known.fix CSRF MEDIUM" "simple-membership 4.7.1 Unauthenticated.Improper.Handling.of.Missing.Values MEDIUM" "simple-membership 4.6.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-membership 4.5.6 Exposure.of.Private.Personal.Information.to.an.Unauthorized.Actor MEDIUM" "simple-membership 4.5.4 Unauthenticated.Open.Redirect MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "support-svg 1.1.1 .Authenticated.(Author+).Stored.Cross-site.Scripting.via.SVG.File.Upload MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "stepbyteservice-openstreetmap No.known.fix Contributor+.Stored.XSS MEDIUM" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "syntaxhighlighter 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "salesforce-wordpress-to-candidate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smartlink-dinamic-urls 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sidebar-manager-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "sidebar-manager-light No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-header-and-footer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-code-insert-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "simple-stripe-checkout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "soccer-live-scores No.known.fix Cross-Site.Request.Forgery MEDIUM" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "super-block-slider 2.8 Missing.Authorization MEDIUM" "seo-wordpress 4.0.16 Author+.Stored.XSS MEDIUM" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "semrush-contentshake 1.1.33 Cross-Site.Request.Forgery MEDIUM" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "spam-stopper No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sharebang No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sms-alert 3.8.9 Missing.Authorization MEDIUM" "sms-alert 3.8.6 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_verify.Shortcode MEDIUM" "sms-alert 3.8.2 Authenticated.(Subscriber+).Privilege.Escalation.via.handleWpLoginCreateUserAction.Function HIGH" "sms-alert 3.8.2 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.8.0 Unauthenticated.Account.Takeover/Privilege.Escalation CRITICAL" "sms-alert 3.7.9 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "sms-alert 3.7.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "sms-alert 3.7.6 WooCommerce.<.3.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_subscribe.Shortcode MEDIUM" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications..WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "slightly-troublesome-permalink No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "speedsize-ai-image-optimizer 1.5.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simply-rets No.known.fix Reflected.Cross-Site.Scripting HIGH" "simply-rets 3.1.0 Cross-Site.Request.Forgery MEDIUM" "simply-rets 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "social-testimonials-and-reviews-widget 5.30 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.22 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "site-offline No.known.fix Missing.Authorization MEDIUM" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "sola-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplegmaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-google-static-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "simple-trackback-disabler No.known.fix Cross-Site.Request.Forgery MEDIUM" "saoshyant-slider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "sc-simple-zazzle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-folio 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Client.name'.and.'Link'.Meta.Fields MEDIUM" "simple-folio 1.1.1 Cross-Site.Request.Forgery MEDIUM" "simple-folio 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ssl-wireless-sms-notification 3.6.0 Unauthenticated.SQL.Injection HIGH" "ssl-wireless-sms-notification 3.7.0 Unauthenticated.Privilege.Escalation CRITICAL" "swiftninjapro-inspect-element-console-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "shop-assistant-for-woocommerce-jarvis 2.9.2 Missing.Authorization MEDIUM" "sugar-calendar-lite No.known.fix Missing.Authorization MEDIUM" "sugar-calendar-lite 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "save-import-image-from-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "surerank 1.4.0 Unauthenticated.Stored.XSS HIGH" "shabbos-and-yom-tov No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "srs-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "service No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "supreme-modules-for-divi 2.5.63 Author+.Arbitrary.File.Upload.via.JSON.Upload.Bypass MEDIUM" "supreme-modules-for-divi 2.5.53 Contributor+.Stored.XSS MEDIUM" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "swift-performance-lite 2.3.7.2 Unauthenticated.Local.PHP.File.Inclusion.via.'ajaxify' HIGH" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "seo-help No.known.fix Admin+.SSRF MEDIUM" "seo-help No.known.fix Missing.Authorization MEDIUM" "seo-help 6.1.4 Reflected.Cross-Site.Scripting MEDIUM" "shortpixel-image-optimiser 6.4.3 Authenticated.(Editor+).Arbitrary.File.Read.via.'loadFile'.Parameter MEDIUM" "shortpixel-image-optimiser 6.3.5 Authenticated.(Contributor+).Settings.Import/Export MEDIUM" "shortpixel-image-optimiser 5.6.4 Authenticated.(Editor+).SQL.Injection MEDIUM" "shortpixel-image-optimiser 5.6.4 Missing.Authorization MEDIUM" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "simple-project-managment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "srbtranslatin No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "simple-sales-tax 8.4.0 Missing.Authorization MEDIUM" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "small-package-quotes-unishippers-edition 2.4.10 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-unishippers-edition 2.4.10 Missing.Authorization MEDIUM" "small-package-quotes-unishippers-edition 2.4.9 Unauthenticated.SQL.Injection HIGH" "slick-engagement 3.0.0 Cross-Site.Request.Forgery MEDIUM" "slick-engagement 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slick-grid.Shortcode MEDIUM" "swoop-password-free-authentication No.known.fix Authentication.Bypass CRITICAL" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "stagtools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "slider-templates No.known.fix Missing.Authorization MEDIUM" "slider-templates No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "saragna-social-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "side-menu-lite 5.3.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spolecznosciowa-6-pl-2013 No.known.fix Cross-Site.Request.Forgery MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simple-theme-changer No.known.fix Missing.Authorization.to.Plugin.Settings.Update.via.AJAX.Actions MEDIUM" "simple-theme-changer No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Theme.Switcher.Configuration.Update MEDIUM" "ss-font-awesome-icon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-calendar-for-elementor 1.6.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Calendar.Entry.Deletion MEDIUM" "simple-calendar-for-elementor 1.6.6 Cross-Site.Request.Forgery MEDIUM" "simple-calendar-for-elementor 1.6.5 Cross-Site.Request.Forgery MEDIUM" "scroll-rss-excerpt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-custom-post-order 2.5.8 Missing.Authorization MEDIUM" "storecontrl-wp-connection 4.1.4 Unauthenticated.Arbitrary.File.Download HIGH" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "seo-meta-description-updater No.known.fix Missing.Authorization MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-restaurant-menu No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "stock-sync-with-google-sheet-for-woocommerce 3.13.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "small-package-quotes-usps-edition 1.3.10 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "small-package-quotes-usps-edition 1.3.6 Unauthenticated.SQL.Injection HIGH" "sermon-manager-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sermon-manager-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sermon-manager-for-wordpress No.known.fix Missing.Authorization MEDIUM" "sticky-menu-block 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slingblocks 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slingblocks 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sensly-online-presence No.known.fix Admin+.Stored.XSS LOW" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "spotbot No.known.fix Reflected.XSS HIGH" "searcher-elementor No.known.fix Missing.Authorization MEDIUM" "send-e-mail No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "smartcrawl-seo 3.14.4 Missing.Authorization MEDIUM" "smartcrawl-seo 3.14.4 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "subscribe-to-comments 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "samandehi-logo-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "svg-map-by-saedi No.known.fix Cross-Site.Request.Forgery.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "shipyaari-shipping-managment No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-facebook-plugin 2.0.0 Missing.Authorization MEDIUM" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-presenter 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "sr-partner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "solutions-ad-manager No.known.fix Unauthenticated.Open.Redirect.via.'sam-redirect-to'.Parameter MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "so-widgets-bundle 1.71.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "so-widgets-bundle 1.69.0 Contributor+.Stored.XSS.via.'data-url'.DOM.Element.Attribute MEDIUM" "so-widgets-bundle 1.64.1 Missing.Authorization LOW" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "super-simple-contact-form No.known.fix Reflected.Cross-Site.Scripting.via.'sscf_name'.Parameter HIGH" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "seo-bulk-editor No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "support-ticket-system-for-woocommerce 2.1.2 Missing.Authorization MEDIUM" "support-ticket-system-for-woocommerce No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "sneeit-framework 8.4 Unauthenticated.Remote.Code.Execution.in.sneeit_articles_pagination_callback CRITICAL" "smoove-elementor 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "saksh-escrow-system No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "shockingly-big-ie6-warning No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shopp-arrange No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "sql-chart-builder 2.3.8 Unauthenticated.SQL.Injection HIGH" "sql-chart-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sql-chart-builder 2.3.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "stripe-manager No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "socialsnap 1.4 Admin+.Stored.XSS LOW" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "show-pages-list No.known.fix Cross-Site.Request.Forgery MEDIUM" "spiffy-calendar 5.0.8 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.13 Authenticated.(Admin+).SQL.Injection MEDIUM" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "s2member 260215 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "s2member 260101 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "s2member 251005 Unauthenticated.Remote.Code.Execution CRITICAL" "s2member 250905 Unauthenticated.PHP.Object.Injection HIGH" "s2member 250424 Administrator+.Local.File.Inclusion MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 241216 Authenticated.(Contributor+).Sensitive.Information.Exposure HIGH" "s2member 241216 Unauthenticated.Remote.Code.Execution HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "side-slide-responsive-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-finance-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sight 1.1.3 Missing.Authorization.to.Sensitive.Information.Exposure.in.handler_post_title MEDIUM" "system-dashboard 2.8.21 Cross-Site.Request.Forgery MEDIUM" "system-dashboard 2.8.19 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "system-dashboard 2.8.18 Reflected.Cross-Site.Scripting.via.Filename.Parameter MEDIUM" "system-dashboard 2.8.15 Unauthenticated.Stored.XSS HIGH" "system-dashboard 2.8.15 Admin+.Path.Traversal MEDIUM" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "simple-matomo-tracking-code 1.1.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-streams No.known.fix Subscriber+.Privilege.Escalation HIGH" "scheduled No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-post-series No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcode-for-redirection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "spotify-play-button-for-wordpress 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spotifyplaybutton.Shortcode MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "smooth-dynamic-slider No.known.fix Reflected.Cross-Site.Scriptign MEDIUM" "safe-ai-malware-protection-for-wp No.known.fix Missing.Authorization MEDIUM" "safe-ai-malware-protection-for-wp 1.0.18 Missing.Authorization.to.Unauthenticated.Database.Export HIGH" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "simple-contact-forms No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "simple-contact-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sticky-social-link No.known.fix Admin+.Stored.XSS LOW" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "smoothscroller 1.1.0 Admin+.Stored.XSS LOW" "subscribe-to-unlock No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "subscribe-to-unlock No.known.fix Missing.Authorization MEDIUM" "scan-external-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "silvasoft-boekhouden No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "silvasoft-boekhouden No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "shortcode-cleaner-lite No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Export MEDIUM" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "sell-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopbuilder 3.2.2 Reflected.XSS HIGH" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "sksdev-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shared-files 1.7.58 Contributor+.Arbitrary.File.Download MEDIUM" "shared-files 1.7.49 Unauthenticated.Stored.Cross-Site.Scripting.via.sanitize_file.Function HIGH" "shared-files 1.7.43 Limited.Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "site-notify No.known.fix Missing.Authorization MEDIUM" "soundy-audio-playlist No.known.fix XSS MEDIUM" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "seraphinite-discount-for-woocommerce 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "subscriptiondna 2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20250114 Admin+.Stored.XSS LOW" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "seo-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "ssp-debugging No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-post-expiration No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 6.0.0 Admin+.Stored.XSS LOW" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "sponsered-link 6.0 Reflected.Cross-Site.Scripting MEDIUM" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "solace-extra 1.3.3 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "solace-extra 1.3.2 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "solace-extra 1.3.2 Subscriber+.Arbitrary.File.Upload HIGH" "solace-extra 1.3.1 Subscriber+.Arbitrary.File.Upload HIGH" "staging-cdn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spin-wheel 2.1.1 Unauthenticated.Client-Side.Prize.Manipulation MEDIUM" "swiftxr-3darvr-viewer No.known.fix Cross-Site.Request.Forgery MEDIUM" "ship-per-product No.known.fix Missing.Authorization MEDIUM" "speakout 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "support-chat 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-chat 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsaio_snapchat.Shortcode MEDIUM" "search-logger No.known.fix Admin+.SQLi MEDIUM" "schema-and-structured-data-for-wp 1.54.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.User.Custom.Schema MEDIUM" "schema-and-structured-data-for-wp 1.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.50 Unauthenticated.Stored-XSS HIGH" "schema-and-structured-data-for-wp 1.36 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "shopengine 4.8.6 Cross-Site.Request.Forgery.to.Wishlist.Manipulation MEDIUM" "shopengine 4.8.5 Incorrect.Authorization.to.Authenticated.(Editor+).License.Status.Update LOW" "shopengine 4.8.4 Insufficient.Authorization.to.Authenticated.(Editor+).Settings.Update LOW" "shopengine 4.1.2 CSRF MEDIUM" "series No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sendpulse-email-marketing-newsletter 2.2.2 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "sendpulse-email-marketing-newsletter 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sendpulse-email-marketing-newsletter 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subscribe-to-download-lite 1.3.0 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "subscribe-to-download-lite 1.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "search-google No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-polls-by-opinionstage 19.12.1 Missing.Authorization MEDIUM" "social-polls-by-opinionstage 19.12.1 Cross-Site.Request.Forgery.to.Account.Disconnection MEDIUM" "social-polls-by-opinionstage 19.11.1 Unauthenticated.Local.File.Inclusion HIGH" "social-polls-by-opinionstage 19.10.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "sticky-header-on-scroll No.known.fix Missing.Authorization MEDIUM" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "simple-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slideshow.Parameter MEDIUM" "suki-sites-import No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "simple-google-icalendar-widget 2.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-bootstrap-visuals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skimlinks No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "skimlinks 1.3.1 Missing.Authorization MEDIUM" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sticky-add-to-cart-woo No.known.fix Missing.Authorization MEDIUM" "smoothness-slider-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "svgplus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sitespeaker-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-counter 2.1 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "spotify-embed-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "search-cloud-one No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "shortcode-ajax No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.via.'code'.Parameter MEDIUM" "skt-templates 6.15 Reflected.Cross-Site.Scripting MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shopper 3.2.6 Unauthenticated.SQL.Injection HIGH" "sb-random-posts-widget 1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "smooth-page-scroll-updown-buttons 1.4.1 Authenticated.Stored.XSS.via.psb_positioning LOW" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seraphinite-accelerator-ext 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "stafflist 3.2.7 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "stafflist No.known.fix Missing.Authorization MEDIUM" "stafflist No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "stafflist 3.2.4 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "svg-complete No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "scroll-triggered-animations 3.0.17 Cross-Site.Request.Forgery MEDIUM" "scroll-triggered-animations 3.0.16 Reflected.Cross-Site.Scripting HIGH" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "scroller No.known.fix Missing.Authorization MEDIUM" "simple-custom-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "shopready-elementor-addon No.known.fix Contributor+.Local.File.Inclusion MEDIUM" "spider-elements 1.6.7 Missing.Authorization MEDIUM" "spider-elements 1.6.6 Contributor+.Stored.XSS MEDIUM" "shopcred No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-product-gallery-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "sync-posts No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "seo-automatic-seo-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-automatic-seo-tools No.known.fix Reflected.XSS HIGH" "spacer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Information.Disclosure LOW" "spacer 3.0.7 Admin+.Stored.XSS LOW" "spiderdisplay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "support-x 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "support-x 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-x 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "social-connect No.known.fix Authentication.Bypass CRITICAL" "sensei-lms 4.24.5 Missing.Authorization MEDIUM" "sensei-lms 4.24.4 Unauthenticated.sensei_email/sensei_message.Disclosure MEDIUM" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "stylish-internal-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slazzer-background-changer No.known.fix Missing.Authorization MEDIUM" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "search-exclude 2.5.8 Search.Exclude.<.2,5,8..Missing.Authorization.to.Authenticated.(Contributor+).Search.Settings.Modification.via.REST.API MEDIUM" "search-exclude 2.5.0 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Modification MEDIUM" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "style-admin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seguro-viagem 3.0.0 Stored.XSS.via.CSRF HIGH" "search-order-by-product-sku-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "slick-google-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "simple-payment 2.4.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-payment 2.4.7 Unauthenticated.Local.File.Inclusion HIGH" "simple-payment 2.3.9 2.3.8.-.Authentication.Bypass.to.Admin CRITICAL" "simple-payment 2.3.8 Reflected.Cross-Site.Scripting MEDIUM" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-google-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "skt-paypal-for-woocommerce 1.5 Unauthenticated.Payment.Bypass HIGH" "simplyconvert No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'simplyconvert_hash'.Option MEDIUM" "simpleschema-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sepa-girocode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "spiderpowa-embed-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "suremails 1.9.1 Unauthenticated.Arbitrary.File.Upload HIGH" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "simple-website-logo No.known.fix Missing.Authorization MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcode-collection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "sitepact-klaviyo-contact-form-7 3.0.0 Unauthenticated.SQL.Injection HIGH" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcode-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "smooth-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-poll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "stm-motors-events No.known.fix Events.<=.1.4.7.-.Unauthenticated.Local.File.Inclusion CRITICAL" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-bar No.known.fix Cross-Site.Request.Forgery MEDIUM" "sb-breadcrumbs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcoder 6.5.2 Contributor+.Stored.XSS MEDIUM" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "showbizpro No.known.fix Shell.Upload CRITICAL" "streamtube-core 4.79 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "s2member-pro 250419 Authenticated.(Contributor+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode HIGH" "s2member-pro 250214 Unauthenticated.PHP.Object.Injection CRITICAL" "social-web-suite 4.1.12 Directory.Traversal.to.Arbitrary.File.Download HIGH" "sosh-share-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-notification No.known.fix Missing.Authorization MEDIUM" "short-tax-post No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Password.Update HIGH" "short-tax-post No.known.fix Unauthorized.User.Registration MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'nxs_fbembed'.Shortcode MEDIUM" "social-networks-auto-poster-facebook-twitter-g No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "sw-contact-form No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "slidedeck2 2.3.5 Unspecified.File.Inclusion CRITICAL" "suremembers 1.10.7 Sensitive.Information.Exposure MEDIUM" "subscriptions-for-woocommerce 1.9.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Subscription.Cancellation MEDIUM" "subscriptions-for-woocommerce 1.9.0 Missing.Authorization MEDIUM" "sh-contextual-help No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sms4wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-and-social-locker-arsocial No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-and-social-locker-arsocial No.known.fix Unauthenticated.SQL.Injection HIGH" "social-share-and-social-locker-arsocial 1.4.2 Admin+.Stored.XSS LOW" "site-info-dashboard-widget No.known.fix Authenticated.(Editor+).Information.Exposure LOW" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-premium-wp 10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-variables 4.1.7 Authenticated.(Subscriber+).Shortcode.Deletion MEDIUM" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "store-locator-widget 2025r3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "store-locator-widget 2025r2 Contributor+.Stored.XSS MEDIUM" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "shortcodes-anywhere No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "simple-business-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-membership-custom-messages 2.5 Reflected.Cross-Site.Scripting MEDIUM" "siteseo 1.3.3 Authenticated.Settings.Reset MEDIUM" "siteseo 1.3.3 Sensitive.Post.Meta.Disclosure.via.IDOR MEDIUM" "siteseo 1.3.2 Author+.Plugin.Settings.Update MEDIUM" "siteseo 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Broken.Regex.Expression MEDIUM" "sign-up-sheets 2.3.3 Unauthenticated.PHP.Object.Injection HIGH" "sign-up-sheets 2.3.3.1 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.3.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "stop-user-enumeration 1.7.3 Protection.Bypass MEDIUM" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "saphali-liqpay-for-donate 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-seo-content-cloner 1.0.2 Missing.Authorization MEDIUM" "sirv 7.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sirv 7.3.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Option.Deletion HIGH" "sirv 7.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "sliper-elementor No.known.fix Missing.Authorization MEDIUM" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "sorttable-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "supreme-addons-for-beaver-builder-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.auto_qrcodesabb.Shortcode MEDIUM" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-meta-tags No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stream 4.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "subscription 1.8.11 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "script-compressor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-shortcode-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.36.1 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.36.0 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-pug 1.34.4 Admin+.Stored.XSS LOW" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "super-static-cache No.known.fix Cross-Site.Request.Forgery MEDIUM" "steel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn.Shortcode MEDIUM" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "smart-appointment-booking 1.0.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.saab_save_form_data.AJAX.Action MEDIUM" "simple-amazon-affiliate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer 2.1.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "skillbars 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-business-data No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-bookmarking-reloaded No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-audioplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "squirrly-seo 12.4.15 Missing.Authorization.to.Authenticated.(Subscriber+).Cloud.Service.Disconnection MEDIUM" "squirrly-seo 12.4.06 Authenticated.(Contributor+).SQL.Injection MEDIUM" "squirrly-seo 12.4.06 Authenticated.(Subscriber+).SQL.Injection.via.search.Parameter MEDIUM" "squirrly-seo 12.4.08 Missing.Authorization MEDIUM" "squirrly-seo 12.3.21 Editor+.Stored.XSS LOW" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "soundst-seo-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stm-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "simple-youtube-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shrinktheweb-website-preview-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "stock-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "shouty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shouty.Shortcode.Attributes MEDIUM" "site-launcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-vertical-timeline No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soundslides No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.soundslides.Shortcode MEDIUM" "structured-content 1.7.0 Contributor.Stored.XSS MEDIUM" "structured-content 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_fs_local_business.Shortcode MEDIUM" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_fs_local_business.Shortcode MEDIUM" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "site-mailer 1.2.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "salient-core 3.0.9 Missing.Authorization MEDIUM" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subaccounts-for-woocommerce 1.6.7 Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "subaccounts-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting HIGH" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "smartarget-popup No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "super-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "super-simple-subscriptions No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-membership-wp-user-import 1.9.2 Cross-Site.Request.Forgery MEDIUM" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "show-notice-or-message-on-admin-area No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "small-package-quotes-ups-edition 4.5.17 Unauthenticated.SQL.Injection HIGH" "simple-add-pages-or-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "stars-testimonials-with-slider-and-masonry-grid 3.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stars-testimonials-with-slider-and-masonry-grid 3.3.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stars_testimonials.Shortcode MEDIUM" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "sibs-woocommerce No.known.fix WooCommerce.<=.2.2.0.-.Authenticated.(Admin+).SQL.Injection.via.'referencedId'.Parameter MEDIUM" "sticky-action-buttons No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "social-media-sharing No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "svg-block 1.1.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "social-share-with-floating-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "stylish-cost-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stylish-cost-calculator 8.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "simple-download-monitor 4.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "simple-download-monitor 3.9.34 Simple.Download.Monitor.<.3.9.34..Authenticated.(Contributor+).SQL.Injection.via.order.parameter.in.Log.Export.functionality MEDIUM" "simple-download-monitor 3.9.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.9.26 Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "softdiscover-db-file-manager 1.6.2 Unauthenticated.Information.Exposure MEDIUM" "softdiscover-db-file-manager 1.5.0 Authenticated.(Admin+).Path.Traversal.to.Arbitrary.File.Download MEDIUM" "syntax-highlighter-compress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-wp-colorfull-accordion No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting.via.'title'.Shortcode.Attribute MEDIUM" "sina-extension-for-elementor 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Fancy.Text.Widget'.And.'Countdown.Widget' MEDIUM" "sina-extension-for-elementor 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Sina.Posts',.'Sina.Blog.Post'.and.'Sina.Table'.Widgets MEDIUM" "sina-extension-for-elementor 3.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text,.Countdown.Widget,.and.Login.Form.Shortcodes MEDIUM" "sina-extension-for-elementor 3.6.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Sina.Image.Differ MEDIUM" "sina-extension-for-elementor 3.5.8 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Sina.Modal.Box.Widget.Elementor.Template MEDIUM" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "splitit-installment-payments 4.2.9 Missing.Authorization.to.Multiple.Administrative.Actions MEDIUM" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sequential-order-numbers-for-woocommerce 3.6.3 Cross-Site.Request.Forgery MEDIUM" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "smart-maintenance-mode 1.5.3 Reflected.Cross-Site.Scripting.via.setstatus.Parameter MEDIUM" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "stratum 1.6.2 Missing.Authorization MEDIUM" "stratum 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Google.Maps.and.Image.Hotspot.Widgets MEDIUM" "stratum 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Vulnerability.via.Image.Hotspot.Widget MEDIUM" "stratum 1.4.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "safety-exit 1.8.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "soundcloud-ultimate No.known.fix Cross-Site.Request.Forgery MEDIUM" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "simpler-checkout 1.2.0 1.1.9.-.Authentication.Bypass CRITICAL" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "sticky-buttons 4.1.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "simple-image-popup 2.5.3 Admin+.Stored.XSS LOW" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "simple-tags 3.42.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Tag.Modification MEDIUM" "simple-tags 3.41.0 Authenticated.(Contributor+).SQL.Injection.via.ORDER.BY.Clause MEDIUM" "simple-tags 3.41.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Taxonomy.Term.Manipulation MEDIUM" "simple-tags 3.41.0 Authenticated.(Contributor+).SQL.Injection MEDIUM" "simple-tags 3.40.1 Authenticated.(Editor+).SQL.Injection MEDIUM" "simple-tags 3.37.3 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "simple-tags 3.30.0 Admin+.Stored.XSS LOW" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "surveyanyplace No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sg-helper No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sp-blog-designer No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "sp-blog-designer No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "site-chat-on-telegram 1.0.6 Unauthenticated.PHP.Object.Injection HIGH" "sweet-energy-efficiency 1.0.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Graph.Deletion MEDIUM" "sweet-energy-efficiency 1.0.9 Cross-Site.Request.Forgery MEDIUM" "scw-seat-reservation No.known.fix Unauthenticated.SQL.Injection HIGH" "scw-seat-reservation 3.4 Unauthenticated.SQL.Injection HIGH" "savyour-affiliate-partner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-maintenance-countdown No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "sumomemberships 7.8.0 Cross-Site.Request.Forgery MEDIUM" "sumomemberships 7.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "sumomemberships No.known.fix Subscriber+.Privilege.Escalation HIGH" "stray-quotes No.known.fix Reflected.XSS HIGH" "stray-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-logo-carousel 1.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "simple-popup-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "serverbuddy-by-pluginbuddy No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-gdpr-cookie-compliance 2.0.1 Missing.Authorization MEDIUM" "shapepress-dsgvo 3.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'lw_content_block'.Shortcode MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "sidebartabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "skt-addons-for-elementor 3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 3.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "skt-addons-for-elementor 3.2 Contributor+.Stored.XSS MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "spreadr-for-woocomerce 1.0.5 Missing.Authorization.to.Arbitrary.Content.Deletion HIGH" "spreadr-for-woocomerce 1.0.5 Missing.Authorization MEDIUM" "stock-message No.known.fix Cross-Site.Request.Forgery MEDIUM" "showtime-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "scratch-win-giveaways-for-website-facebook 2.9.0 Missing.Authorization.to.Unauthenticated.Coupon.Creation MEDIUM" "scratch-win-giveaways-for-website-facebook 2.8.0 Cross-Site.Request.Forgery.via.reset_installation.Function MEDIUM" "scratch-win-giveaways-for-website-facebook 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stumble-for-wordpress No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "simple-certain-time-to-show-content 1.3.1 Reflected.XSS HIGH" "stylebidet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "storeengine 1.5.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "storeengine 1.5.1 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "ship-depot No.known.fix Missing.Authorization MEDIUM" "select-core 2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "select-core 2.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "sovratec-case-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "smtp2go 1.12.2 Missing.Authorization MEDIUM" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "sensitive-chinese-words-scanner No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "smartpay No.known.fix 2.7.13.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "smartpay 2.8.0 Authenticated.(Subscriber+).Account.Takeover HIGH" "smartpay 2.8.0 2.7.13.-.Authenticated.(Subscriber+).Information.Exposure MEDIUM" "sensorpress-uptime-monitoring No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-link-groups No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "spiraclethemes-site-library 1.5.5 Contributor+.Stored.XSS MEDIUM" "stageshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor.Parameter MEDIUM" "stageshow 10.0 Reflected.Cross-Site.Scripting MEDIUM" "seopress-for-mainwp 1.5 Unauthenticated.Local.File.Inclusion HIGH" "sticky-social-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-org-chart 2.3.5 Settings.Update.via.CSRF MEDIUM" "simple-org-chart 2.3.5 Unauthenticated.Tree.Settings.Update MEDIUM" "step-by-step No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sk-wp-settings-backup No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "shopelement 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "slidedeck-lite-for-wordpress No.known.fix Reflected.XSS HIGH" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "smartemailing 2.2.6 Reflected.Cross-Site.Scripting MEDIUM" "secure-captcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "shortcodes-for-amp-web-stories-and-elementor-widget 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "super-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-images-widget No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Settings.Deletion MEDIUM" "send-booking-invites-to-friends No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "stopbadbots 11.59 Insufficient.Authorization.to.Unauthenticated.Blocklist.Bypass MEDIUM" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sitepress-multilingual-cms 4.7.4 4.7.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpml_language_switcher.Shortcode MEDIUM" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "streamweasels-youtube-integration 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-youtube-embed.Shortcode MEDIUM" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "searchwiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title MEDIUM" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "surly No.known.fix Missing.Authorization MEDIUM" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "squeeze 1.6.1 Authenticated.(Admin+).Full.Path.Disclosure LOW" "squeeze 1.6.1 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "seo-links-interlinking 1.7.9.9.2 Reflected.Cross-Site.Scripting.via.'google_error'.Parameter MEDIUM" "starfish-reviews No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "starfish-reviews No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "slider-pro-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-history 5.8.2 Admin+.Sensitive.Information.Exposure.via.Detective.Mode MEDIUM" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "simple-catalogue No.known.fix Reflected.XSS HIGH" "service-provider-profile-cpt No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-sticky-footer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "schema-scalpel 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.in.JSON-LD.Schema MEDIUM" "snap-pixel 1.6.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel 1.5.8 Admin+.Stored.XSS LOW" "superior-faq No.known.fix CSRF MEDIUM" "surbma-minicrm-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simcast No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "site-editor-google-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slide No.known.fix Missing.Authorization.to.Content.Injection MEDIUM" "slide No.known.fix Missing.Authorization MEDIUM" "slide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-banner 3.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-banner 3.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-banner 3.0.4 Admin+.Stored.XSS LOW" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "showhide-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scss-library No.known.fix Cross-Site.Request.Forgery MEDIUM" "siteguard No.known.fix Missing.Authorization MEDIUM" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "simple-stripe No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "site-reviews 7.2.5 Unauthenticated.Stored.XSS HIGH" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "starter-templates No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "starter-templates No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "sema-api 5.30 Reflected.Cross-Site.Scripting.via.catid.Parameter MEDIUM" "sema-api 4.02 Unauthenticated.SQLi HIGH" "spoiler-block No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-icons-widget-by-wpzoom 4.5.9 Missing.Authorization.to.Authenticated.(Subscriber+).Sharing.Configuration.Creation MEDIUM" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "socialmark No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "styler-for-ninja-forms-lite No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Deletion.via.deactivate_license MEDIUM" "simplified 1.0.12 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "simplified 1.0.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "service-updates-for-customers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "storyform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spotlightr 0.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saasplate-core No.known.fix Unauthenticated.SQL.Injection HIGH" "social-feed-gallery-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'id'.Shortcode.Attribute MEDIUM" "svt-simple No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "stylish-price-list 7.2.3 Missing.Authorization MEDIUM" "stylish-price-list 7.1.12 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "spam-byebye No.known.fix Cross-Site.Request.Forgery MEDIUM" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-product-viewer No.known.fix Missing.Authorization MEDIUM" "shipengine-shipping-quotes 1.0.8 Unauthenticated.SQL.Injection HIGH" "salert 1.2.2 Reflected.XSS HIGH" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "seo-blogger-to-wordpress-301-redirector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "st-category-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sinking-dropdowns No.known.fix Cross-Site.Request.Forgery HIGH" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "starred-review No.known.fix Reflected.Cross-Site.Scripting.via.PHP_SELF.Variable MEDIUM" "simple-event-attendance No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Event.Deletion MEDIUM" "serial-codes-generator-and-validator 2.8.3 Missing.Authorization MEDIUM" "serial-codes-generator-and-validator 2.7.8 Cross-Site.Request.Forgery.via.[placeholder] MEDIUM" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "selar-co-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "smart-blocks 2.5 Missing.Authorization MEDIUM" "smart-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smartsupp-live-chat 3.9.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "searchazon No.known.fix Cross-Site.Request.Forgery MEDIUM" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "simple-csv-table 1.0.2 Directory.Traversal.to.Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "seo-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "social-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secure-passkeys 1.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Passkey.Exposure.and.Deletion MEDIUM" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "scroll-to-top-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spirit-framework 1.2.15 Account.Takeover.and.Privilege.Escalation CRITICAL" "spirit-framework No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "spirit-framework No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "seznam-webmaster 1.4.8 Cross-Site.Request.Forgery MEDIUM" "same-category-posts 1.1.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Widget.Title.Placeholder MEDIUM" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "simple-text-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.1.24 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "smart-mockups No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snow-monkey-forms 12.0.4 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "sharable-password-protected-posts 1.1.1 Unauthenticated.Password.Protect.Post.Access HIGH" "strong-testimonials 3.2.19 Missing.Authorization.to.Authenticated.(Contributor+).Rating.Meta.Update MEDIUM" "strong-testimonials 3.2.21 Missing.Authorization MEDIUM" "strong-testimonials 3.2.17 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "strong-testimonials 3.2.12 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Custom.Fields MEDIUM" "strong-testimonials 3.2.4 Missing.Authorization MEDIUM" "strong-testimonials 3.1.17 Missing.Authorization MEDIUM" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "search-filter-pro 2.5.20 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Meta.Exposure MEDIUM" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "shipping-rate-by-cities 2.0.1 Unauthenticated.SQL.Injection.via.'city'.Parameter HIGH" "smdp-affiliate-platform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stylish-order-form-builder No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'product_name'.Parameter MEDIUM" "simplemodal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-table-manager 1.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "security-force No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "school-management No.known.fix Unauthenticated.SQL.Injection HIGH" "school-management No.known.fix Authenticated.(Student+).Arbitrary.File.Upload HIGH" "school-management No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "school-management No.known.fix Authenticated.(Support.staff+).SQL.Injection MEDIUM" "school-management No.known.fix Missing.Authorization MEDIUM" "school-management 1.93.1 (02-07-2025) Authenticated.(Subscriber+).Local.File.Inclusion.to.Privilege.Escalation.via.Password.Update HIGH" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management No.known.fix Authenticated.(Student+).Local.File.Inclusion HIGH" "school-management No.known.fix Unauthenticated.SQL.Injection HIGH" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management 93.0.0 Authenticated.(Student+).SQL.Injection.via.'view-attendance' MEDIUM" "school-management 93.0.0 Authenticated.(Subscriber+).SQL.Injection.via.'mj_smgt_show_event_task' MEDIUM" "school-management No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "school-management No.known.fix Student+.Account.Takeover.and.Privilege.Escalation HIGH" "school-management 92.0.0 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "school-management 92.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "single-user-chat No.known.fix Authenticated.(Subscriber+).Limited.Options.Update HIGH" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "send-from 2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "subpage-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "sb-core No.known.fix Authentication.Bypass CRITICAL" "setsail-membership 1.1 Authentication.Bypass CRITICAL" "secure-copy-content-protection 5.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attribute MEDIUM" "secure-copy-content-protection 4.9.9 Unauthenticated.Stored.Cross-Site.Scripting.via.X-Forwarded-For.Header HIGH" "secure-copy-content-protection 4.9.3 Unauthenticated.Sensitive.Information.Exposure.via.Exposed.CSV.Export.File MEDIUM" "secure-copy-content-protection 4.9.3 Cross-Site.Request.Forgery.to.Data.Export MEDIUM" "secure-copy-content-protection 4.5.6 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.4.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "secure-copy-content-protection 4.4.8 Missing.Authorization.to.Unauthenticated.User.Email.Retrieval.via.ays_sccp_reports_user_search.Function MEDIUM" "secure-copy-content-protection 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "synergy-project-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sky-elementor-addons 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "sky-elementor-addons 3.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.6.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Cross-Site.Request.Forgery.to.Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Switcher.Widget.Elementor.Template MEDIUM" "sky-elementor-addons 2.5.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "s3bubble-amazon-web-services-oembed-media-streaming-support No.known.fix Reflected.XSS HIGH" "social-photo-feed-widget No.known.fix Missing.Authorization MEDIUM" "scss-wp-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "simple-lightbox 2.9.4 Contributor+.Stored.XSS MEDIUM" "sticky-chat-button No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smartifw No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "serped-net 4.7 Unauthenticated.Local.File.Inclusion HIGH" "serped-net 4.7 Reflected.Cross-Site.Scripting MEDIUM" "serped-net 4.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "social-proof-testimonials-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spslider-block.Shortcode MEDIUM" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "smart-app-banners No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'size'.and.'verticalalign'.Shortcode.Attributes MEDIUM" "simple-news No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.news.Shortcode MEDIUM" "simplelightbox No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.SimpleLightbox.JavaScript.Library MEDIUM" "smm-api No.known.fix Missing.Authorization MEDIUM" "smm-api No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sermonaudio-widgets No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "simply-gallery-block 3.3.1 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Modification MEDIUM" "simply-gallery-block 3.3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.6 Contributor+.Stored.XSS MEDIUM" "simply-gallery-block 3.2.4.3 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-keyword-to-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-keyword-to-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-booster No.known.fix Missing.Authorization MEDIUM" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "shortcodes-bootstrap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-crypto-shortcodes No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.7 Cross-Site.Request.Forgery MEDIUM" "searchiq 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "search-filter 1.2.18 Cross-Site.Request.Forgery MEDIUM" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "seo-nutrition-and-print-for-recipes-by-edamam No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "simple-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "skt-builder 5.0 Missing.Authorization MEDIUM" "skt-builder 4.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "secudeal-payments-for-ecommerce No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "statify-widget 1.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "scroll-styler No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sequel 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "social-stream-design No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "sync-wc-google 9.0 Unauthenticated.SQL.Injection HIGH" "sync-wc-google 9.0 Cross-Site.Request.Forgery MEDIUM" "slotti-ajanvaraus 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "securesubmit No.known.fix Missing.Authorization MEDIUM" "securesubmit No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "simple-social-share-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiceforms-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "sumup-payment-gateway-for-woocommerce 2.7.10 Missing.Authorization MEDIUM" "saoshyant-page-builder No.known.fix Missing.Authorization MEDIUM" "superlogoshowcase-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "suggestion-toolkit No.known.fix Missing.Authorization MEDIUM" "spotlight-social-photo-feeds-premium 1.7.2 Social.Media.Feeds.(Premium).<.1.7.2.-.Unauthenticated.Information.Exposure MEDIUM" "slide-puzzle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortcodehub No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.author_link_target.Parameter MEDIUM" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-al-slider No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "simple-al-slider No.known.fix Reflected.XSS HIGH" "shorten-url No.known.fix Subscriber+.SQLi HIGH" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "stockie-extra 1.2.12 Cross-Site.Request.Forgery MEDIUM" "stockie-extra 1.2.12 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "splash-connector 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "sleekplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-ldap-login 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "saoshyant-element No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-spoiler 1.5 Contributor+.Stored.XSS MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "spark-gf-failed-submissions 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "simple-archive-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-archive-generator No.known.fix Cross-Site.Request.Forgery MEDIUM" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "simple-google-maps-short-code 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stopwords-for-comments No.known.fix Missing.Authorization.to.Cross-Site.Request.Forgery MEDIUM" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "super-socializer 7.14.1 Unauthenticated.Limited.SQL.Injection.via.'SuperSocializerKey' MEDIUM" "super-socializer 7.14 Authentication.Bypass HIGH" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "social-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "skt-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.7 Contributor+.Stored.XSS MEDIUM" "simple-donate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-auto-tag No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sertifier-certificates-open-badges 1.20 Settings.Update.via.CSRF MEDIUM" "sertifier-certificates-open-badges No.known.fix Missing.Authorization MEDIUM" "shiprocket No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "scroll-top-advanced No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "smart-dofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.10.2 Unauthenticated.SQL.Injection.via.'fields'.Parameter HIGH" "simply-schedule-appointments 1.6.10.0 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure.via.Settings.REST.API.Endpoint HIGH" "simply-schedule-appointments 1.6.10.0 Insecure.Direct.Object.Reference.to.Authenticated.(Staff+).Sensitive.Information.Exposure MEDIUM" "simply-schedule-appointments 1.6.9.29 Unauthenticated.SQL.Injection.via.'append_where_sql'.Parameter HIGH" "simply-schedule-appointments 1.6.9.17 Missing.Authorization MEDIUM" "simply-schedule-appointments 1.6.9.13 Unauthenticated.SQL.Injection.via.'order'.and.'append_where_sql'.Parameters HIGH" "simply-schedule-appointments 1.6.9.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simply-schedule-appointments 1.6.9.17 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simply-schedule-appointments 1.6.8.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "simply-schedule-appointments 1.6.8.7 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simply-schedule-appointments 1.6.8.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "stockholm-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stockholm-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress 1.24.8.19 Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "smartseo No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "surveyjs No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "surveyjs 2.5.3 Cross-Site.Request.Forgery.to.Survey.Cloning MEDIUM" "surveyjs 2.5.3 Cross-Site.Request.Forgery.to.Survey.Renaming MEDIUM" "surveyjs 2.5.3 Cross-Site.Request.Forgery.to.Survey.Creation MEDIUM" "surveyjs 1.20.27 Cross-Site.Request.Forgery.to.Survey.Deletion MEDIUM" "surveyjs 1.12.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "surveyjs 1.12.57 Contributor+.Stored.XSS MEDIUM" "surveyjs 1.12.57 Missing.Authorization MEDIUM" "surveyjs 1.12.18 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.SurveyJS_DeleteFile HIGH" "surveyjs 1.12.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "sidebar-content-from-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "shown-connector No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "store-manager-connector 1.3.0 Unauthenticated.Arbitrary.File.Upload.via.set_image() CRITICAL" "store-manager-connector 1.3.0 Unauthenticated.Arbitrary.File.Read MEDIUM" "store-manager-connector 1.3.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "store-manager-connector 1.3.0 Unauthenticated.Arbitrary.File.Upload.via.set_file() HIGH" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "social-media-auto-publish 3.6.6 Reflected.Cross-Site.Scripting.via.PostMessage MEDIUM" "shoutcast-icecast-html5-radio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shelf-planner 2.8.2 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "shelf-planner 2.8.2 Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "squirrels-auto-inventory No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "station-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.and.height.Parameters MEDIUM" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "streamweasels-kick-integration 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vodsChannel.Parameter MEDIUM" "streamweasels-kick-integration 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-kick-integration 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.status-classic-offline-text.Parameter MEDIUM" "streamweasels-kick-integration 1.1.2 Blocks.and.Shortcodes.for.Embedding.Kick.Streams.<.1.1.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-kick-embed.Shortcode MEDIUM" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sell-media-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "salient-shortcodes 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sell-btc-by-hayyatapps 1.6 Cryptocurrency.Selling.Calculator.<.1.6.-.Unauthenticated.Stored.Cross-Site.Scripting.via.'orderform_data'.AJAX.Action HIGH" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "simple-dashboard No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "smartarget-contact-us No.known.fix Subscriber+.Stored.XSS HIGH" "sprout-invoices 20.8.9 Missing.Authorization MEDIUM" "sprout-invoices 20.8.8 Missing.Authorization MEDIUM" "sprout-invoices 20.8.8 Unauthenticated.PHP.Object.Injection HIGH" "sprout-invoices 20.8.2 Missing.Authorization MEDIUM" "sprout-invoices 20.8.1 Insecure.Direct.Object.Reference MEDIUM" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "show-me-the-cookies No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "smart-wetransfer No.known.fix Missing.Authorization MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "small-package-quotes-wwe-edition 5.2.20 Missing.Authorization MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Unauthenticated.SQL.Injection HIGH" "small-package-quotes-wwe-edition 5.2.18 Unauthenticated.SQL.Injection HIGH" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "simple-file-list 6.1.16 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "simple-file-list No.known.fix Missing.Authorization MEDIUM" "simple-file-list 6.1.15 Unauthenticated.Arbitrary.File.Download MEDIUM" "simple-file-list 6.1.14 Missing.Authorization.to.Unauthenticated.Minor.Settings.Update MEDIUM" "simple-file-list 6.1.13 Reflected.Cross-Site.Scripting HIGH" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "seo-automated-link-building 3.0.2 Cross-Site.Request.Forgery MEDIUM" "seo-automated-link-building 2.5.3 Missing.Authorization MEDIUM" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "skt-nurcaptcha 3.6.0 Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "smtp-sendgrid 1.5.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smtp-sendgrid 1.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-meta-tags No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "shortcode-in-comment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slim-seo 4.5.5 Authenticated.(Administrator+).SQL.Injection MEDIUM" "slim-seo 4.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slim_seo_breadcrumbs.Shortcode MEDIUM" "simplepress 6.11.6 Missing.Authorization MEDIUM" "simplepress 6.10.13 Cross-Site.Request.Forgery.to.Unauthorized.Post.Editing MEDIUM" "simplepress 6.10.11 Reflected.XSS HIGH" "simplepress 6.10.12 Reflected.Cross-Site.Scripting MEDIUM" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "supportcandy 3.4.5 Authenticated.(Subscriber+).SQL.Injection.via.Number.Field.Filter MEDIUM" "supportcandy 3.4.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "supportcandy 3.4.2 Cross-Site.Request.Forgery MEDIUM" "supportcandy 3.3.8 Authentication.Bypass.to.Support.Session.Takeover MEDIUM" "supportcandy 3.3.1 Support.Ticket.Attachments.Download.via.IDOR MEDIUM" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "seo-for-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "swatchly 1.4.1 1.4.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-stage-wp 1.0.2 Unauthenticated.PHP.Object.Injection MEDIUM" "sexy-contact-form No.known.fix Cross-Site.Request.Forgery MEDIUM" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "standard-box-sizes 1.6.14 Missing.Authorization MEDIUM" "speakpipe-voicemail-for-websites No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-retail-menus No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ssv-events No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "selling-commander-connector No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "seo-search-permalink No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "secupress 2.3.10 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation MEDIUM" "secupress 2.2.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secupress 2.3 Missing.Authorization MEDIUM" "secupress 2.3 Contributor+.Stored.XSS MEDIUM" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "safetymails-forms No.known.fix Cross-Site.Request.Forgery HIGH" "suredash 1.2.0 Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "suredash 1.1.0 Subscriber+.Privilege.Escalation HIGH" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "sf-booking 6.1 Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "sf-booking 6.1 Authenticated.(Subscriber+).Privilege.Escalation.via.change_candidate_password HIGH" "sf-booking No.known.fix Unauthenticated.Privilege.Escalation.via.claim_business CRITICAL" "sf-booking 6.1 Authentication.Bypass.via.User.Switch.Cookie CRITICAL" "sf-booking No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "sf-booking 6.0 Unauthenticated.Privilege.Escalation.via.'nsl_registration_store_extra_input' CRITICAL" "sf-booking 5.1 Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-goods No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-job-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "scottcart No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "sailing 4.4.6 Missing.Authorization MEDIUM" "sign-in-with-google No.known.fix Authentication.Bypass.in.authenticate_user CRITICAL" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "sip-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seur 2.2.24 Unauthenticated.Local.File.Inclusion CRITICAL" "seur 2.2.12 Reflected.Cross-Site.Scripting MEDIUM" "seur 2.2.11 Unauthenticated.SQL.Injection HIGH" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "sola-support-tickets No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "stock-locations-for-woocommerce 2.8.7 Missing.Authorization MEDIUM" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "software-issue-manager 5.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.noaccess_msg.Parameter MEDIUM" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "stickeasy-protected-contact-form 1.0.2 Unauthenticated.Information.Disclosure MEDIUM" "seekxl-snapr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-signup-form No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "smart-custom-fields 5.0.1 Contributor+.Stored.XSS MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "smart-table-builder 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "slider-bws 1.1.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "show-all-comments-in-one-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "support-genix-lite 1.4.24 Missing.Authorization MEDIUM" "support-genix-lite 1.4.12 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "snow-storm 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "snow-storm 1.4.7 Admin+.Stored.XSS LOW" "slider-for-writers No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spoki No.known.fix Admin+.Stored.XSS LOW" "spoki 2.15.16 Contributor+.Stored.XSS MEDIUM" "salavat-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'image_url'.Parameter MEDIUM" "salavat-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "schema-app-structured-data-for-schemaorg 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "smio-push-notification No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smio-push-notification No.known.fix Unauthenticated.SQL.Injection HIGH" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-embed-code 2.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Fields MEDIUM" "simple-embed-code 2.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "simple-embed-code 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "simple-booking-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "sliced-invoices No.known.fix Missing.Authorization MEDIUM" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.11 Reflected.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "spostarbust 1.2.04.25 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "site-suggest No.known.fix Missing.Authorization MEDIUM" "sharespine-woocommerce-connector 4.8.56 Missing.Authorization MEDIUM" "supermalink No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-provenexpert No.known.fix Cross-Site.Request.Forgery MEDIUM" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "staggs 2.12.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "staggs 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "snipe-nginx-cache No.known.fix Missing.Authorization MEDIUM" "seo-landing-page-generator 1.66.3 Reflected.Cross-Site.Scripting MEDIUM" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simpleform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-responsive-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slidorion No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Slidorion.Settings MEDIUM" "service-booking-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "smart-shopify-product No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "siteorigin-panels 2.34.0 Contributor+.Local.File.Inclusion HIGH" "siteorigin-panels 2.31.5 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.31.1 Contributor+.Stored.XSS.via.Row.Label.Parameter MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "super-blank 1.3.0 Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "svg-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "surbma-salesautopilot-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subitem-al-slider No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "simple-restrict 1.2.8 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "smartcat-wpml 3.1.73 Authenticated.(Author+).SQL.Injection.via.orderby.Parameter MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "selection-lite 1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shoutout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "shopmagic-for-woocommerce 4.7.3 Missing.Authorization MEDIUM" "shopmagic-for-woocommerce 4.5.7 Unauthenticated.Information.Exposure MEDIUM" "seriously-simple-podcasting 3.14.2 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "seriously-simple-podcasting 3.14.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.14.0 Cross-Site.Request.Forgery MEDIUM" "seriously-simple-podcasting 3.14.0 Missing.Authorization MEDIUM" "seriously-simple-podcasting 3.14.0 Unauthenticated.Information.Exposure MEDIUM" "seriously-simple-podcasting 3.12.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.14.0 Missing.Authorization MEDIUM" "seriously-simple-podcasting 3.10.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.6.0 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-warfare 4.5.6 Contributor+.Stored.XSS MEDIUM" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "smart-agreements 1.0.4 Unauthenticated.Local.File.Inclusion CRITICAL" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "spatialmatch-free-lifestyle-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spatialmatch-free-lifestyle-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sided No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "security-malware-firewall 2.169 Unauthenticated.Stored.Cross-Site.Scripting.via.Page.URL HIGH" "security-malware-firewall 2.150 Unauthenticated.Arbitrary.File.Upload CRITICAL" "security-malware-firewall 2.145.1 Authorization.Bypass.via.Reverse.DNS.Spoofing.to.Unauthenticated.SQL.Injection HIGH" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "supportboard 3.8.7 Reflected.Cross-Site.Scripting MEDIUM" "supportboard 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "supportboard 3.8.1 Unauthenticated.Local.File.Inclusion HIGH" "supportboard 3.8.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "supportboard 3.8.1 Unauthenticated.Authorization.Bypass.due.to.Use.of.Default.Secret.Key CRITICAL" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "share-this-image 2.10 Missing.Authorization MEDIUM" "share-this-image 2.02 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "simple-draft-list 2.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'display_name'.Parameter MEDIUM" "simple-draft-list 2.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-draft-list 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20260301 Unauthenticated.Stored.Cross-Site.Scripting.via.'c' MEDIUM" "simple-ajax-chat 20260217 Unauthenticated.Information.Exposure MEDIUM" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "ssquiz No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-link-directory 8.8.4 Cross-Site.Request.Forgery MEDIUM" "simple-link-directory 8.8.4 Missing.Authorization MEDIUM" "simple-link-directory 8.4.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "security-ninja 5.243 5.242.-.Admin+.Arbitrary.File.Read MEDIUM" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stonehenge-em-osm No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "share-print-pdf-woocommerce No.known.fix Missing.Authorization MEDIUM" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "simple-post-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "social-media-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sandbox No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sandbox.Download MEDIUM" "sandbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sheets-to-wp-table-live-sync 3.19.2 Admin+.Stored.XSS LOW" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sh-email-alert No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "studiocart No.known.fix Reflected.XSS HIGH" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-contact-info-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "services-section 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.67 Reflected.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.65 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "sureforms 2.2.1 Unauthenticated.Stored.XSS HIGH" "sureforms 1.13.2 Cross-Site.Request.Forgery.Protection.Bypass.via.Improper.Nonce.Distribution MEDIUM" "sureforms 1.13.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "sureforms 1.12.2 Missing.Authorization.to.Authenticated.(Contributor+).Information.Disclosure MEDIUM" "sureforms 1.12.1 Missing.Authorization.to.Authenticated.(Contributor+).Form.Creation MEDIUM" "sureforms 1.9.1 Admin+.Stored.XSS LOW" "sureforms 1.7.2 Reflected.XSS MEDIUM" "sureforms 1.3.2 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 1.4.5 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 1.5.1 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 1.7.4 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 1.6.5 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 0.0.14 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 1.0.7 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 1.2.5 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 1.3.2 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 1.4.5 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 1.5.1 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 1.7.4 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 1.6.5 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 0.0.14 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 1.0.7 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 1.1.2 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "sureforms 1.2.5 Unauthenticated.PHP.Object.Injection HIGH" "sureforms 1.4.4 Admin+.Stored.XSS LOW" "sureforms 1.4.4 Admin+.Stored.XSS LOW" "sureforms 1.4.4 Contributor+.Settings.Update MEDIUM" "sureforms 1.2.3 Missing.Authorization.to.Unauthenticated.Protected.Post.Disclosure MEDIUM" "smaily-for-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "smaily-for-wp 3.1.6 Contributor+.Stored.XSS MEDIUM" "square-thumbnails 1.1.2 Missing.Authorization MEDIUM" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting.via.page.Parameter MEDIUM" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sessions 3.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "star-review-manager No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "simple-email-subscriber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-tableau-viz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "stklcode-liveticker 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "syncfields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "support-ticket No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "slicko-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subscriptions-memberships-for-paypal 1.1.8 Missing.Authorization MEDIUM" "subscriptions-memberships-for-paypal 1.1.8 Unauthenticated.Fake.Payment.Creation MEDIUM" "subscriptions-memberships-for-paypal 1.1.7 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "sports-rankings-lists No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "songkick-concerts-and-festivals 0.10.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-media-shortcodes 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-media-shortcodes 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sfwd-lms 4.20.0.3 Missing.Authorization MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sell-downloads 1.2.0 Missing.Authorization MEDIUM" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "sheetlink No.known.fix Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "shortcode-redirect 1.0.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ssv-mailchimp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "s2b-ai-assistant 1.7.9 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "stop-spammer-registrations-plugin 2026.2 Cross-Site.Request.Forgery.via.Email.Allowlist MEDIUM" "stop-spammer-registrations-plugin 2025 Multiple.Administrative.Actions.via.CSRF MEDIUM" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smsa-shipping-official 2.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-backlink-monitor No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "seo-backlink-monitor No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "sell-with-razorpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "salesforce-wordpress-to-lead No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-travel-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "spendino No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "sensitive-tag-cloud No.known.fix Cross-Site.Request.Forgery MEDIUM" "share-button 1.20 Reflected.Cross-Site.Scripting MEDIUM" "seo-monster No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "snapwidget-wp-instagram-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snapwidget-wp-instagram-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "swp-portfolio No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "show-google-analytics-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "schedula-smart-appointment-booking 1.1 Missing.Authorization MEDIUM" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "share-to-google-classroom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.share_to_google.Shortcode MEDIUM" "site-pin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "sellsy 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-select-all-text-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "safe-svg 2.2.6 Author+.SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "skyword-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skyword-plugin 2.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shipdeo-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "sitemap-index No.known.fix Admin+.XSS LOW" "sa-post-author-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supervisor 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "sexbundle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-fedex-edition 4.3.2 Unauthenticated.SQL.Injection HIGH" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "simple-nivo-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-gallery-odihost No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-gallery-odihost No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "so-called-air-quotes No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "smooth-gallery-replacement No.known.fix CSRF.to.Stored.XSS HIGH" "setup-default-feature-image 1.3 Missing.Authorization MEDIUM" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "seo-by-rank-math 1.0.253 Missing.Authorization MEDIUM" "seo-by-rank-math 1.0.253 Subscriber+.Information.Exposure MEDIUM" "seo-by-rank-math 1.0.236 Contributor+.Arbitrary.Schema.Deletion LOW" "seo-by-rank-math 1.0.236 Contributor+.Stored.XSS.via.Rank.Math.API MEDIUM" "seo-by-rank-math 1.0.232 Admin+.Remote.Code.Execution MEDIUM" "seo-by-rank-math 1.0.229 Admin+.PHP.Object.Injection MEDIUM" "seo-by-rank-math 1.0.229 Unauthenticated.User.and.Term.Metadata.Insert/Update/Deletion MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "showpass 4.0.4 Contributor+.Stored.XSS MEDIUM" "simple-rating No.known.fix Cross-Site.Request.Forgery MEDIUM" "social2blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "search-with-typesense 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "search-with-typesense 2.0.9 Authenticated.(Admin+).Path.Traversal LOW" "solidres No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "solidres No.known.fix Reflected.XSS HIGH" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "solidres No.known.fix Admin+.Stored.XSS LOW" "searchpro 2.2.54 Missing.Authorization MEDIUM" "searchpro 2.2.44 Unauthenticated.Arbitrary.File.Upload HIGH" "searchpro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "smtp-amazon-ses 1.9.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smtp-amazon-ses 1.9 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "smtp-amazon-ses 1.9 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "sassy-social-share 3.3.76 Reflected.Cross-Site.Scripting.via.'heateor_mastodon_share'.Parameter MEDIUM" "sassy-social-share 3.3.74 Open.Redirect MEDIUM" "sassy-social-share 3.3.70 Reflected.Cross-Site.Scripting.via.heateor_mastodon_share.Parameter MEDIUM" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "shine-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "seo-keywords No.known.fix Reflected.Cross-Site.Scripting.via.google_error.Parameter MEDIUM" "small-package-quotes-purolator-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "sapo-feed 2.4.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shopkeeper-extender 7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopkeeper-extender 3.7 Contributor+.Stored.XSS MEDIUM" "shipworks-e-commerce-bridge 5.2.6 Cross-Site.Request.Forgery.to.Service.Password/Username.Update MEDIUM" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-on-diaspora 0.7.2 XSS MEDIUM" "simple-colorbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "smart-slider-3 3.5.1.29 Admin+.SQL.Injection MEDIUM" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "skip-to-timestamp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "s-dev-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-responsive-slideshow No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "surbma-recent-comments-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "simple-content-construction-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-support 2.5.9 Stored.Cross-Site.Scripting.via.Vulnerability.Dependency MEDIUM" "svg-support 2.5.11 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "solar-wizard-lite 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-google-photos-grid 1.6 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "salon-booking-system 10.30.4 Authenticated.(Subscriber+).Information.Exposure LOW" "salon-booking-system 10.30.4 Cross-Site.Request.Forgery MEDIUM" "salon-booking-system 10.24 Missing.Authorization.to.Unauthenticated.AJAX.Actions.Execution MEDIUM" "salon-booking-system 10.17 Cross-Site.Request.Forgery.to.Arbitrary.Post/Page.Deletion MEDIUM" "salon-booking-system No.known.fix Missing.Authorization MEDIUM" "salon-booking-system 10.15 Authenticated.Privilege.Escalation HIGH" "salon-booking-system 10.9.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "salon-booking-system 1.9.4 Admin+.Stored.XSS LOW" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "simple-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "slideshow-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sswp-slide'.Shortcode.'sswpid'.Attribute MEDIUM" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.7 Unauthenticated.PHP.Object.Injection HIGH" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "simple-nested-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "suevafree-essential-kit 1.1.4 Contributor+.Stored.XSS MEDIUM" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "super-testimonial 4.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "super-testimonial 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "section-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-widget No.known.fix Unauthenticated.Path.Traversal MEDIUM" "st-gallery-wp No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "softtemplates-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-docs No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "smart-docs 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-xml-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "stock-snapshot-for-woocommerce 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sb-chart-block 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "storekeeper-for-woocommerce 14.4.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "storekeeper-for-woocommerce 14.4.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "salon-booking-plugin-pro-cc No.known.fix Missing.Authorization MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "simple-price-calculator-basic No.known.fix Missing.Authorization MEDIUM" "sitewide-notice-wp 2.4.2 Missing.Authorization MEDIUM" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sg-security 1.5.9 Missing.Authorization MEDIUM" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "shayanweb-admin-fontchanger 1.10 Stored.XSS.via.CSRF HIGH" "seedprod-coming-soon-pro-5 6.18.14 Authenticated.(Editor+).Remote.Code.Execution HIGH" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Editor+).SQL.Injection MEDIUM" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-downloads-list 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simple-downloads-list 1.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "search-meter 2.13.3 CSV.Injection MEDIUM" "seraphinite-accelerator 2.28.15 Authenticated.(Subscriber+).Exposure.of.Sensitive.Information.to.an.Unauthorized.Actor MEDIUM" "seraphinite-accelerator 2.28.15 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Clearing MEDIUM" "seraphinite-accelerator 2.27.22 Cross-Site.Request.Forgery.to.Multiple.Administrative.Actions MEDIUM" "seraphinite-accelerator 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "seo-local-rank No.known.fix Cross-Site.Request.Forgery.to.Unauthorized.True.Ranker.Disconnection MEDIUM" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-nav-archives No.known.fix Settings.Update.via.CSRF MEDIUM" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "social-pug-author-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-comment-spam 0.5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scancircle 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Arbitrary.Plugin.Installation HIGH" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Arbitrary.Plugin.Activation HIGH" "site-mode No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "sourceplay-navermap No.known.fix Missing.Authorization MEDIUM" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "simple-membership-after-login-redirection 1.7 Open.Redirect MEDIUM" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "simple-video-management-system No.known.fix Admin+.Stored.XSS LOW" "simple-video-management-system No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "split-test-for-elementor 1.8.4 Editor+.SQLi MEDIUM" "split-test-for-elementor No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "scand-multi-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scand-multi-mailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-post-listing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "smart-id 4.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "sh-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shuffle No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "send-to-twitter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortcode-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smtp-mail No.known.fix Cross-Site.Request.Forgery MEDIUM" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail 1.3.43 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "spotlight-social-photo-feeds 1.7.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slide-banners No.known.fix Missing.Authorization MEDIUM" "simpul-events-by-esotech No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-local-avatars 2.8.5 Missing.Authorization.to.Authenticated.(Subscriber+).Avatar.Migration MEDIUM" "simple-local-avatars 2.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Cache.Clearing MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "social-auto-poster 5.3.16 Cross-Site.Request.Forgery MEDIUM" "social-auto-poster 5.3.16 Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "stedb-forms No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "schedule No.known.fix Unauthenticated.SQL.Injection HIGH" "schedule No.known.fix Reflected.XSS HIGH" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "shortcode-elementor 1.0.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "simple-page-access-restriction 1.0.33 Cross-Site.Request.Forgery MEDIUM" "simple-page-access-restriction 1.0.32 Cross-Site.Request.Forgery.via.Multiple.Parameters MEDIUM" "simple-page-access-restriction 1.0.30 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "skip-to No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "screenshot-machine-shortcode 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snippy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "statpresscn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seatreg 1.56.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "strx-magic-floating-sidebar-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "specific-content-for-mobile 0.5.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "specific-content-for-mobile 0.5.4 Missing.Authorization MEDIUM" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-comment-editing 3.2.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "simple-comment-editing 3.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-pyramid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "salesmanago 3.9.1 Missing.Authorization MEDIUM" "salesmanago 3.8.2 Cross-Site.Request.Forgery MEDIUM" "salesmanago 3.8.2 Missing.Authorization MEDIUM" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "smooth-streaming-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scrollbar-by-webxapp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smtp-sendinblue 1.3.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smtp-sendinblue 1.3 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "seofy-core 1.6.11 Unauthenticated.Local.File.Inclusion CRITICAL" "site-table-of-contents No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seriously-simple-stats 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "smart-forms No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Campaign.Data.Exposure MEDIUM" "smart-forms 2.6.99 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "skt-skill-bar 2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-pricing-table No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-search-360 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "site-search-360 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "simple-business-directory-pro 15.6.9 Unauthenticated.Privilege.Escalation CRITICAL" "simple-business-directory-pro 15.5.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-business-directory-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "simple-side-tab 2.2.0 Admin+.Stored.XSS LOW" "smallerik-file-browser No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "scalenut No.known.fix Missing.Authorization MEDIUM" "sticky-side-buttons 2.0.0 Admin+.Stored.XSS LOW" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simasicher-dsgvo-cookie No.known.fix Cross-Site.Request.Forgery MEDIUM" "simasicher-dsgvo-cookie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sales-page-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "stacks-mobile-app-builder No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "stacks-mobile-app-builder No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stacks-mobile-app-builder No.known.fix Authentication.Bypass CRITICAL" "scroll-to-up No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sigmize 0.0.10 Cross-Site.Request.Forgery MEDIUM" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sendy No.known.fix Missing.Authorization MEDIUM" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "simple-proxy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-media-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "stream-status-for-twitch 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spoter-elementor No.known.fix Missing.Authorization MEDIUM" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "szechenyi-2020-logo 1.2 Unauthenticated.Local.File.Inclusion CRITICAL" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "seo-beginner-auto-post No.known.fix Missing.Authorization.to.File.Overwrite/Upload.(Remote.Code.Execution) CRITICAL" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "teachpress No.known.fix Cross-Site.Request.Forgery MEDIUM" "teachpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "teachpress 9.0.12 Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress 9.0.10 Cross-Site.Request.Forgery.to.Import.Delete MEDIUM" "teachpress 9.0.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "tiger-form 2.1.0 Reflected.XSS HIGH" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "typer-core No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "tz-plus-gallery No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "tz-plus-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "tour-operator 2.0.0 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "target-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twigify No.known.fix Vulnerable.Twig.Package MEDIUM" "table-of-contents No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tc-ecommerce 1.4.0 Unauthenticated.SQLi HIGH" "tc-ecommerce 1.4.0 Insecure.Direct.Object.Reference.to.Password.Change/Account.Takeover/Privilege.Escalation CRITICAL" "theme-per-user 1.0.2 Unauthenticated.PHP.Object.Injection HIGH" "trackserver 5.1.1 Contributor+.Stored.XSS MEDIUM" "trackserver 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themes4wp-youtube-external-subtitles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "themify-audio-dock 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-audio-dock 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "trust-payments-gateway-3ds2 1.3.7 Cross-Site.Request.Forgery MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "themesflat-elementor No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "themesflat-addons-for-elementor 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Information.Exposure LOW" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "the-pack-addon 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Typing.Letter.Widget MEDIUM" "the-pack-addon 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "time-sheets No.known.fix Use.of.Known.Vulnerable.Component HIGH" "time-sheets No.known.fix Cross-Site.Request.Forgery MEDIUM" "time-sheets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "transportersio 2.1.2 Stored.XSS.via.CSRF HIGH" "talkjs 0.1.16 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'welcomeMessage'.Parameter MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "transients-manager 2.0.7 Cross-Site.Request.Forgery MEDIUM" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "tablepress 3.2.5 Contributor+.Stored.XSS MEDIUM" "tablepress 3.2.1 Contributor+.Stored.XSS MEDIUM" "tablepress 3.1.3 Contributor+.DOM-Based.Stored.XSS.via.Multiple.Parameters MEDIUM" "tablepress 3.1 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 XXE.Injection MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "terms-popup-on-user-login 2.0.9 Admin+.Stored.XSS LOW" "task-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "task-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.'task_id'.Parameter MEDIUM" "task-manager No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "tockify-events-calendar 2.3.0 Contributor+.Stored.XSS MEDIUM" "twinklesmtp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Sender.Settings MEDIUM" "theme-blvd-sliders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tripadvisor-shortcode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tplayer-html5-audio-player-with-playlist No.known.fix Unauthenticated.SQL.Injection HIGH" "th-variation-swatches 1.3.3 1.3.2.-.Cross-Site.Request.Forgery.to.Plugin.Settings.Reset MEDIUM" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tnc-toolbox 2.0.5 Missing.Authorization MEDIUM" "tnc-toolbox 2.0.0 Unauthenticated.Privilege.Escalation/cPanel.Account.Takeover CRITICAL" "timeslot 1.4.8 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "timeslot 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tax-switch-for-woocommerce 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class-name.Parameter MEDIUM" "the-plus-addons-for-elementor-page-builder 6.4.8 Unauthenticated.Email.Relay MEDIUM" "the-plus-addons-for-elementor-page-builder 6.4.8 Incorrect.Authorization.to.Authenticated.(Author+).Arbitrary.Draft.Post.Creation.via.'post_type' MEDIUM" "the-plus-addons-for-elementor-page-builder 6.3.16 Author+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 6.3.14 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 6.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.4 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.content_template MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "timezonecalculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "truebooker-appointment-booking 1.1.1 Missing.Authorization MEDIUM" "truebooker-appointment-booking 1.0.8 Cross-Site.Request.Forgery MEDIUM" "truebooker-appointment-booking 1.0.3 Settings.Update.via.CSRF MEDIUM" "truebooker-appointment-booking 1.0.3 Multiple.Unauthenticated.SQLi HIGH" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Stored.XSS.via.Shortcode HIGH" "table-of-contents-plus 2411.1 Admin+.Stored.XSS LOW" "table-of-contents-plus 2411 Cross-Site.Request.Forgery MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 11.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "toret-manager 1.3.0 Authenticated.(Subscriber+).Arbitrary.Options.Update.via.AJAX.actions HIGH" "twb-woocommerce-reviews 1.7.8 Cross-Site.Request.Forgery MEDIUM" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "travelers-map 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "travel-light No.known.fix CSRF.Bypass MEDIUM" "tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop 2.4.8 Missing.Authorization.to.Authenticated.(Subscriber+).Contract.Address.Update MEDIUM" "tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop 2.4.8 Unauthenticated.Presale.Counter.Update MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "tb-testimonials No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "terms-and-conditions-per-product 1.2.16 Missing.Authorization MEDIUM" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "td-cloud-library 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "the-plus-addons-for-block-editor 4.6.4 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "the-plus-addons-for-block-editor 4.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "the-plus-addons-for-block-editor 4.5.5 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 4.0.8 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 4.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-moneytizer 10.0.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typebot 3.6.1 Contributor+.Stored.XSS MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "telegram-bot 4.1.1 Unauthenticated.Stored.Cross-Site.Scripting.via.Telegram.Username HIGH" "telegram-bot 4.0.1 Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "transcoder 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "twitter-card-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "twchat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twchat 3.1.5 Multiple.CSRF MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "torod 2.0 Cross-Site.Request.Forgery.To.Plugin's.Settings.Modification MEDIUM" "torod No.known.fix Unauthenticated.SQL.Injection HIGH" "torod 1.8 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "tabs-pro 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "tinymce-advanced-qtranslate-fix-editor-problems No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tablemaster-for-elementor 1.3.7 Authenticated.(Author+).Server-Side.Request.Forgery.via.'csv_url'.Parameter HIGH" "themeshark-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tablesome-premium No.known.fix Missing.Authorization MEDIUM" "tweet-old-post 9.3.4 Missing.Authorization MEDIUM" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "the-guardian-news-feed No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "taskbot 6.5 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "templates-and-addons-for-wpbakery-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "telegram-for-wp No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "th-wishlist 1.1.4 Insecure.Direct.Object.Reference.to.Unauthenticated.Wishlist.Manipulation MEDIUM" "trinity-audio 5.24 Missing.Authorization MEDIUM" "trinity-audio 5.22.0 Unauthenticated.Information.Exposure MEDIUM" "trinity-audio 5.21.0 Reflected.Cross-Site.Scripting MEDIUM" "trinity-audio 5.21.0 Cross-Site.Request.Forgery MEDIUM" "trinity-audio 5.20.1 Missing.Authorization MEDIUM" "toocheke-companion 1.167 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "trusona No.known.fix Missing.Authorization MEDIUM" "thegem-elements-elementor 5.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thegem-elements-elementor 5.11.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "thegem-elements-elementor 5.10.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "thegem-elements-elementor 5.10.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "tabs-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themefuse-maintenance-mode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "turbo-addons-elementor 1.7.8 Contributor+.Stored.XSS MEDIUM" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "triplea-cryptocurrency-payment-gateway-for-woocommerce 2.0.26 Missing.Authorization.to.Unauthenticated.Tracking.Status.Update MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "themedy-toolbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themedy-toolbox 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "tripplan 2.0.0 Contributor+.Stored.XSS MEDIUM" "tablesome 1.2.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tablesome 1.2.2 1.2.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Information.Exposure.and.Privilege.Escalation HIGH" "tablesome No.known.fix Missing.Authorization MEDIUM" "tablesome 1.1.35.2 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "tablesome 1.1.35.2 Missing.Authorization MEDIUM" "tablesome 1.1.35.1 Missing.Authorization MEDIUM" "tablesome 1.3.33 Unauthenticated.Arbitrary.File.Upload CRITICAL" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "textbuilder 1.2.0 1.1.1.-.Cross-Site.Request.Forgery.to.Privilege.Escalation.via.Account.Takeover HIGH" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "threewp-broadcast 51.02 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.8 Missing.Authorization MEDIUM" "themify-builder 7.6.6 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-builder 7.6.6 Contributor+.Stored.XSS MEDIUM" "themify-builder 7.6.3 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "ts-tree No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "time-clock 1.3.2 Authenticated.(Custom+).Stored.Cross-Site.Scripting MEDIUM" "time-clock 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "time-clock 1.2.3 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "tweetthis-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theatre 0.19.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "theatre 0.19.1 Missing.Authorization MEDIUM" "theatre 0.19 Missing.Authorization MEDIUM" "theatre 0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theatre 0.18.8 Missing.Authorization MEDIUM" "theatre 0.18.7 Reflected.Cross-Site.Scripting MEDIUM" "theatre 0.18.4 Admin+.Stored.XSS LOW" "thim-core No.known.fix Cross-Site.Request.Forgery MEDIUM" "thim-core No.known.fix Missing.Authorization MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "top-position-google-finance No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taketin-to-wp-membership No.known.fix Subscriber+.PHP.Object.Injection HIGH" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "tiny-compress-images 3.4.4 Cross-Site.Request.Forgery MEDIUM" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tasty-recipes-lite 1.1.6 Missing.Authorization MEDIUM" "tasty-recipes-lite 1.1.6 Missing.Authorization MEDIUM" "themarketer 1.4.8 Stored.XSS.via.CSRF HIGH" "tm-islamic-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tock-widget 1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "travelpayouts No.known.fix Missing.Authorization MEDIUM" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "trust-reviews No.known.fix Cross-Site.Request.Forgery MEDIUM" "tutor-lms-elementor-addons 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Installation MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "total-donations No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "twitscription No.known.fix Reflected.Cross-Site.Scripting.via.admin.php.PATH_INFO MEDIUM" "tapfiliate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "textboxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "taeggie-feed 0.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.name.Attribute MEDIUM" "taeggie-feed 0.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "timeline-event-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-event-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-event-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "testimonial-slider-showcase-pro No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "testimonial-slider-showcase-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "team-showcase-ultimate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trail-manager No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "tier-management-petfinder 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.kwm-petfinder.Shortcode MEDIUM" "tagesteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-builder-for-elementor 1.2.4 Cross-Site.Request.Forgery MEDIUM" "theme-builder-for-elementor 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "team-showcase 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "tw-image-hover-share No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tab-my-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tpg-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "task-scheduler No.known.fix Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "task-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "traveler-layout-essential-for-elementor 1.4 Unauthenticated.Server-Side.Request.Forgery HIGH" "tgg-wp-optimizer No.known.fix Admin+.Stored.XSS LOW" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "themify-store-locator 1.2.0 Cross-Site.Request.Forgery MEDIUM" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tayori No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "traffic-monitor 3.2.3 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "tidekey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabbed-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "todo-custom-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "testimonial-master No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "twwc-protein No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'Header'.Setting MEDIUM" "the-tech-tribe 1.3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "the-tech-tribe 1.3.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "tune-library 1.6.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "tune-library 1.5.5 SQL.Injection HIGH" "thumbnail-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "theme-editor 3.1 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "twitter-posts-to-blog No.known.fix Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "tlp-team 5.0.11 Unauthenticated.SQLi HIGH" "tlp-team 5.0.7 Missing.Authorization MEDIUM" "tlp-team 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "tlp-team 4.4.2 Editor+.Stored.XSS LOW" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "tagmaker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "twitch-tv-embed-suite No.known.fix Cross-Site.Request.Forgery MEDIUM" "team-showcase-cm 25.05.13 Reflected.Cross-Site.Scripting MEDIUM" "team-showcase-cm 25.05.13 Missing.Authorization MEDIUM" "team-showcase-cm 25.05.13 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "tochat-be No.known.fix Cross-Site.Request.Forgery MEDIUM" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tm-replace-howdy No.known.fix Cross-Site.Request.Forgery MEDIUM" "thegem-elements 5.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thegem-elements 5.10.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thegem-elements 5.10.5.2 Unauthenticated.Local.File.Inclusion HIGH" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "themehunk-megamenu-plus No.known.fix Missing.Authorization MEDIUM" "themehunk-megamenu-plus 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.0 .Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "ts-comfort-database No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-block-block 1.3.4 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Private.Timeline.Exposure.via.Shortcode.Attribute MEDIUM" "timeline-block-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themeisle-companion 3.0.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Post.Taxonomy MEDIUM" "themeisle-companion 3.0.2 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themeisle-companion 2.10.45 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "translator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tutor 3.9.7 Unauthenticated.SQL.Injection.via.coupon_code HIGH" "tutor 3.9.6 Missing.Authorization MEDIUM" "tutor 3.9.6 Authenticated.(Subscriber+).Information.Disclosure.in.Coupon.Details.via.'tutor_coupon_details'.AJAX.Action MEDIUM" "tutor 3.9.6 Instructor+.Arbitrary.Course.Modification.and.Deletion.via.IDOR MEDIUM" "tutor 3.9.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Attachment.Deletion MEDIUM" "tutor 3.9.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Coupon.Modification MEDIUM" "tutor 3.9.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Course.Completion MEDIUM" "tutor 3.9.4 Missing.Authorization.to.Authenticated.(Subscriber+).Course.Enrollment.Bypass MEDIUM" "tutor 3.9.4 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.tutor_order_details MEDIUM" "tutor 3.9.5 Authenticated.(Instructor+).Insecure.Direct.Object.Reference MEDIUM" "tutor 3.9.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "tutor 3.9.0 Missing.Authorization.to.Unauthenticated.Payment.Status.Update MEDIUM" "tutor 3.8.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "tutor 3.4.1 Subscriber+.HTML.Injection MEDIUM" "tutor 2.7.7 Unauthenticated.SQL.Injection.via.rating_filter HIGH" "tutor 2.7.7 User.Registration.Setting.Bypass.to.Unauthorized.User.Registration MEDIUM" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS..eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "terminal-africa No.known.fix Reflected.Cross-Site.Scripting HIGH" "tournament-bracket-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bracket.Shortcode MEDIUM" "tigris-flexplatform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-free 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "tida-url-screenshot 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "text-selection-color No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "theme-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "tumult-hype-animations 1.9.16 Authenticated.(Author+).Arbitrary.File.Upload.via.hypeanimations_panel.Function CRITICAL" "tumult-hype-animations 1.9.15 Missing.Authorization MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "tinynav No.known.fix Cross-Site.Request.Forgery MEDIUM" "two-factor-2fa-via-email 1.9.9 Two-Factor.Authentication.Bypass.via.token MEDIUM" "tubepressnet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tz-zoomifywp-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'filename'.Shortcode.Attribute MEDIUM" "turitop-booking-system No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "turitop-booking-system No.known.fix Missing.Authorization MEDIUM" "team-118group-agent No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "term-taxonomy-converter 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "taggator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "translation-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "top-friends No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "translatepress-multilingual 2.10.3 Unauthenticated.PHP.Object.Injection HIGH" "translatepress-multilingual 2.9.7 Admin+.PHP.Object.Injection MEDIUM" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "telecash-ricaricaweb No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "the-bucketlister No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Bucket.List.Modification MEDIUM" "the-bucketlister No.known.fix Authenticated.(Contributor+).SQL.Injection.via.'category'.and.'id'.Shortcode.Attributes MEDIUM" "theme-my-ontraport-smartform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tiny-bootstrap-elements-light No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "topbar No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "testimonials-creator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "turisbook-booking-system No.known.fix Contributor+.Stored.XSS MEDIUM" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "theme-my-login 7.1.13 Missing.Authorization MEDIUM" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ts-demo-importer No.known.fix Missing.Authorization MEDIUM" "thoughtful-comments 0.3.6 Missing.Authorization LOW" "temporarily-hidden-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-world No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "tennis-court-bookings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Admin.Settings.and.Calendar.Parameters MEDIUM" "tennis-court-bookings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "terms-of-service-and-privacy-policy No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "time-clock-pro 1.1.5 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "themify-popup 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templazee No.known.fix Missing.Authorization MEDIUM" "tags-to-meta-keywords 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "themeruby-multi-authors 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'before'.and.'after'.Shortcode.Attributes MEDIUM" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tailored-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonials-showcase 1.9.18 Reflected.Cross-Site.Scripting MEDIUM" "testimonials-showcase 1.9.18 Missing.Authorization MEDIUM" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "templines-helper-core 2.8 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "tlitl-auto-twitter-poster No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "the-grid 2.8.0 Missing.Authorization MEDIUM" "tp2wp-importer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'Watched.domains'.Textarea MEDIUM" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "the-events-calendar-shortcode 3.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "the-events-calendar-shortcode 3.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ticket-help-desk-system-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tutor-pro 3.9.6 Authentication.Bypass.via.Social.Login CRITICAL" "tutor-pro No.known.fix Unauthenticated.SQL.Injection HIGH" "tutor-pro 3.9.0 Subscriber+.Other.Assignments.Access/Edit.via.IDOR MEDIUM" "tutor-pro 3.7.1 Authenticated.(Tutor.Instructor+).SQL.Injection HIGH" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "totalcontest-lite No.known.fix Authenticated.(Author+).PHP.Object.Injection MEDIUM" "totalcontest-lite 2.9.0 Reflected.XSS HIGH" "the-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "tailpress No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tp-woocommerce-product-gallery 2.0.0 Contributor+.DOM-Based.Stored.XSS.via.lightGallery.Library MEDIUM" "trackship-for-woocommerce 1.9.2 Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "thesis-openhook No.known.fix Cross-Site.Request.Forgery MEDIUM" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "toggle-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "translate-this-google-translate-web-element-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "translate-this-google-translate-web-element-shortcode No.known.fix Google.Translate.Web.Element.Shortcode.<=.1.0.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.base_lang.Parameter MEDIUM" "tsb-occasion-editor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tabgarb No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tealium 2.1.21 Admin+.Stored.XSS LOW" "tw-whatsapp-chat-rotator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tripetto 8.0.10 Cross-Site.Request.Forgery.to.Arbitrary.Results.Deletion MEDIUM" "tripetto 8.0.10 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto 8.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tripetto 8.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto No.known.fix Unauthentiated.Stored.Cross-Site.Scripting.via.Form.File.Upload HIGH" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "terms-before-download No.known.fix Contributor+.Stored.XSS MEDIUM" "trash-duplicate-and-301-redirect No.known.fix Missing.Authorization MEDIUM" "trash-duplicate-and-301-redirect 1.9.1 Unauthenticated.Arbitrary.Post.Deletion HIGH" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "token-login No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "texteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 6.15.17.1 Author+.Arbitrary.File.Read MEDIUM" "the-events-calendar 6.15.16.1 Contributor+.Event/Organizer/Venue.Update/Trash.via.REST.API LOW" "the-events-calendar 6.15.13.1 Subscriber+.Data.Migration.Control MEDIUM" "the-events-calendar 6.15.13 Missing.Authorization MEDIUM" "the-events-calendar 6.15.10 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.15.10 6.15.9.-.Unauthenticated.SQL.Injection.via.s HIGH" "the-events-calendar 6.15.10 Subscriber+.Draft.Event.Title/QR.Code.Exposure MEDIUM" "the-events-calendar 6.15.3 Unauthenticated.Password-Protected.Information.Disclosure MEDIUM" "the-events-calendar 6.15.1.1 .Unauthenticated.SQL.Injection HIGH" "the-events-calendar 6.13.2.1 Contributor+.DOM-Based.Stored.XSS MEDIUM" "the-events-calendar 6.12.0 Subscriber+.Import.Creation MEDIUM" "the-events-calendar 6.9.1 Contributor+.Stored.XSS MEDIUM" "the-events-calendar 6.8.2.1 Unauthenticated.Password.Protected.Event.Disclosure MEDIUM" "the-events-calendar 6.7.1 Trashed.Events.Restoration.via.CSRF MEDIUM" "the-events-calendar 6.6.4.1 Unauthenticated.SQL.Injection MEDIUM" "the-events-calendar 6.6.4 Admin+.Stored.XSS LOW" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "timber-library 1.23.3 Use.of.a.Vulnerable.Dependency MEDIUM" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "ticket-spot 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "toast-responsive-menu 1.0.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "templatera 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "taxonomy-chain-menu 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pn_chain_menu.Shortcode MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "tangible-loops-and-logic 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "truepush-free-web-push-notifications No.known.fix Missing.Authorization MEDIUM" "the-visitor-counter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "totalprocessing-card-payments 7.1.8 Shop.Manager+.Arbitrary.File.Download MEDIUM" "totalprocessing-card-payments 7.1.7 Reflected.Cross-Site.Scripting MEDIUM" "totalprocessing-card-payments 7.1.6 Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "team-rosters 4.8 Reflected.Cross-Site.Scripting HIGH" "team-rosters 4.8 Reflected.Cross-Site.Scripting.via.'tab' HIGH" "team-rosters No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "thebooking No.known.fix Missing.Authorization MEDIUM" "twispay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "time-based-greeting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "transmail 3.3.2 Cross-Site.Request.Forgery MEDIUM" "tabs-shortcode No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "twitter-anywhere-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "terms-dictionary No.known.fix Reflected.Cross-Site.Scripting HIGH" "theme-switcher-reloaded No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "transfinanz No.known.fix Reflected.XSS HIGH" "tube-video-ads-lite No.known.fix Reflected.XSS HIGH" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "trustmary 1.0.10 Contributor+.Stored.XSS MEDIUM" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "this-or-that No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tito No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tinymce-extended-config No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "techlife-cpt No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "taxonomy-discounts-woocommerce 5.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "top-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "the-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.clientId.Parameter MEDIUM" "termageddon-usercentrics 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "trusty-woo-products-filter No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "truelysell-core 1.8.8 Unauthenticated.Privilege.Escalation.via.Registration CRITICAL" "truelysell-core 1.8.7 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "twitter-news-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tamara-checkout 1.9.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tuturn 3.6 Unauthenticated.Missing.Authorization MEDIUM" "tuturn 3.6 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "twitter-auto-publish 1.7.5 Reflected.Cross-Site.Scripting.via.PostMessage MEDIUM" "talkback-secure-linkback-protocol No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-changer 1.5 Cross-Site.Request.Forgery MEDIUM" "tour-booking-manager 1.8.8 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "tour-booking-manager 1.8.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tour-booking-manager 1.8.6 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "tc-logo-slider No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "topper-pack No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "terms-of-use-2 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "trust-payments-hosted-payment-pages-integration 2.0.0 Unauthenticated.SQL.Injection HIGH" "tweeple No.known.fix Reflected.XSS HIGH" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tf-woo-product-grid No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "track-logins No.known.fix Admin+.SQL.Injection MEDIUM" "theme-options-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "trustmate-io-integration-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "terms-descriptions 3.4.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "terms-descriptions No.known.fix Unauthenticated.Information.Exposure HIGH" "terms-descriptions 3.4.9 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "terms-descriptions 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "terms-descriptions 2.4.8 Admin+.Stored.XSS LOW" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "team-showcase-supreme 7.5 Editor+.Local.File.Inclusion HIGH" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "thumbnail-grid 6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "teleadmin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "translit-it No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.3.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.5.6.5 Missing.Authorization.to.Authenticated.(Subscriber+).Event/Post.Status.Update MEDIUM" "tickera-event-ticketing-system 3.5.6.3 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.6.5 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.5.8 Cross-Site.Request.Forgery MEDIUM" "tickera-event-ticketing-system 3.5.5.3 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.4.9 Unauthenticated.Customer.Data.Exposure MEDIUM" "tickera-event-ticketing-system 3.5.4.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "tlp-food-menu 5.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ttv-easy-embed-player No.known.fix Missing.Authorization MEDIUM" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "the-permalinker 1.9.0 Contributor+.Stored.XSS MEDIUM" "tax-report-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "teleport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "tc-testimonial No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "taskbuilder 5.0.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'Block.Emails'.Field MEDIUM" "taskbuilder 5.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Project/Task.Comment.Creation MEDIUM" "taskbuilder 5.0.3 Authenticated.(Subscriber+).SQL.Injection.via.'order'.and.'sort_by'.Parameters MEDIUM" "taskbuilder 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "taskbuilder 4.0.8 Missing.Authorization MEDIUM" "taskbuilder 4.0.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wppm_tasks.Shortcode MEDIUM" "taskbuilder 3.0.5 Admin+.SQL.Injection MEDIUM" "taskbuilder 3.0.9 Admin+.SQL.Injection MEDIUM" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "tips-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-add No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "testimonial No.known.fix Missing.Authorization MEDIUM" "testimonial No.known.fix Missing.Authorization MEDIUM" "testimonial 2.0.14 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "themify-event-post 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-event-post 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tag-groups 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 2.0.4 Missing.Authorization.to.Information.Exposure MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "ticketsource-events 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "title-animator No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "tabby-checkout 5.9.1 Unauthenticated.Information.Exposure MEDIUM" "thai-lottery-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "theme-importer No.known.fix Cross-Site.Request.Forgery MEDIUM" "top-10 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "ttt-crop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thesography No.known.fix Admin+.Stored.XSS LOW" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "td-subscription 1.7.1 Authenticated.(Subscriber+).SQL.Injection.via.subscriptionCouponId.Parameter MEDIUM" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "table-creator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "typing-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tp-gallery-slider No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "theasys No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "third-party-cookie-eraser No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tariffuxx 1.5 Authenticated.(Contributor+).SQL.Injection.via.tariffuxx_configurator.Shortcode MEDIUM" "themebeez-toolkit No.known.fix Missing.Authorization MEDIUM" "team-display No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-display No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "themify-icons 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "the-casengo-chat-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "toggle-the-title No.known.fix XSS MEDIUM" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "themify-wc-product-filter 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "table-of-contents-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themeegg-toolkit No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "tabulate No.known.fix Reflected.XSS HIGH" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tubepress 1.6.5 XSS MEDIUM" "track-everything No.known.fix Cross-Site.Request.Forgery MEDIUM" "thegem-importer 5.10.5.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "td-composer 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "td-composer 5.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "td-composer 5.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "td-composer 5.4.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "td-composer 5.4 Reflected.Cross-Site.Scripting.via.'data' MEDIUM" "td-composer 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "td-composer 5.4 Unauthenticated.Arbitrary.PHP.Object.Instantiation CRITICAL" "td-composer 5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "td-composer 5.4 Reflected.Cross-Site.Scripting.via.'account_id'.and.'account_username' MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "tainacan 1.0.2 Missing.Authorization.to.Unauthenticated.Arbitrary.Metadata.Section.Creation MEDIUM" "tainacan 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 1.0.1 Unauthenticated.Information.Exposure MEDIUM" "tainacan 0.21.15 Unauthenticated.Arbitrary.File.Deletion MEDIUM" "tainacan 0.21.13 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.11 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 0.21.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "tidy-up No.known.fix Cross-Site.Request.Forgery MEDIUM" "tr-timthumb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "tenweb-speed-optimizer 2.32.11 Subscriber+.Arbitrary.Folder.Deletion HIGH" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "tutor-lms-bunnynet-integration 1.0.1 Authenticated.(Tutor.instructor+).Stored.Cross-Site.Scripting MEDIUM" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "the-logo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "termin-kalender 1.00.04 Missing.Authorization.to.Authenticated.(Subscriber+) MEDIUM" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "team-section 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Network.Link MEDIUM" "team-section 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "the-permalinks-cascade No.known.fix Missing.Authorization.To.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "theme-blvd-widget-areas No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "theperfectweddingnl-widget 2.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "timetics 1.0.52 Unauthenticated.Payment/Booking.Status.Update MEDIUM" "timetics 1.0.37 Missing.Authorization.to.Unauthenticated.Booking.Details.View.And.Modification MEDIUM" "timetics 1.0.48 Incorrect.Authorization.to.Authenticated.(Timetics.Customer+).User.Creation MEDIUM" "timetics 1.0.45 Missing.Authorization MEDIUM" "timetics 1.0.30 Missing.Authorization MEDIUM" "timetics 1.0.28 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.28.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "timetics 1.0.26 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.26.-.Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.User.Password/Email.Reset/Account.Takeover CRITICAL" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "typekit No.known.fix Cross-Site.Request.Forgery MEDIUM" "twitter-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "threepress 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "toggles-shortcode-and-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "thim-blocks 1.0.2 Authenticated.(Contributor+).Arbitrary.File.Read.via.'iconSVG'.Parameter MEDIUM" "testimonial-post-type No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.auto_play.Parameter MEDIUM" "tarteaucitronjs 1.9.5 Contributor+.Stored.XSS MEDIUM" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "twitter-follow 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tribute-testimonial-gridslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "team 1.22.26 Reflected.Cross-Site.Scripting HIGH" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 PHP.Object.Injection HIGH" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "tcbd-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-real-time-search-scrolling No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "text-to-audio 1.9.31 Missing.Authorization MEDIUM" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "text-advertisements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "themerain-core No.known.fix Missing.Authorization MEDIUM" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tcbd-popover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-bar-notification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "trustist-reviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tableberg 0.6.10 Missing.Authorization MEDIUM" "tableberg 0.6.12 Contributor+.Stored.XSS MEDIUM" "track-page-scroll No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "tcbd-auto-refresher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[placeholder] MEDIUM" "twitterpost No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "team-members-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tournamatch 4.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tournamatch No.known.fix Reflected.Cross-Site.Scripting HIGH" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "the-loops No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taboola 2.0.2 CSRF MEDIUM" "travelfic-toolkit 1.3.4 Missing.Authorization MEDIUM" "travelfic-toolkit 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templately 3.4.9 Unauthenticated.Limited.Arbitrary.JSON.File.Write MEDIUM" "templately 3.2.8 Authenticated.(Author+).Information.Disclosure MEDIUM" "templately 3.1.6 Missing.Authorization MEDIUM" "templately 3.1.6 Missing.Authorization.via.AJAX.actions MEDIUM" "templately 3.1.3 Missing.Authorization MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "todays-date-inserter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tagregator No.known.fix Stored.XSS MEDIUM" "thim-elementor-kit 1.3.8 Missing.Authorization.to.Unauthenticated.Private.Course.Disclosure MEDIUM" "thim-elementor-kit 1.3.4 Authenticated.(Contributor+).Insecure.Direct.Object.Reference MEDIUM" "thim-elementor-kit 1.2.9 Missing.Authorization MEDIUM" "thim-elementor-kit 1.2.9.1 Contributor+.Stored.XSS MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "traderunner No.known.fix Cross-Site.Request.Forgery MEDIUM" "timeline-awesome No.known.fix Missing.Authorization MEDIUM" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "testimonial-slider-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "taobaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.4.0 Contributor+.Stored.XSS MEDIUM" "tracking-code-manager 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "the-total-book-project 1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Book.Manipulation MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "tourfic 2.15.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "tourfic 2.15.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "thebing-snippet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "textme-sms-integration 1.9.2 Missing.Authorization MEDIUM" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "thirstyaffiliates 3.11.10 Cross-Site.Request.Forgery MEDIUM" "thirstyaffiliates 3.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "themeloom-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "tablesearch No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tube-video-curator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-junkie-team-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-holiday-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "travelmap-blog 1.0.4 Cross-Site.Request.Forgery MEDIUM" "tiare-membership 1.3 Unauthenticated.Privilege.Escalation CRITICAL" "tarteaucitron-wp 0.3.0 Author+.Stored.XSS MEDIUM" "tarteaucitron-wp 0.3.0 Stored.XSS.via.CSRF HIGH" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "trademe-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "truefy-embed No.known.fix Cross-Site.Request.Forgery.to.'truefy_embed_options_update'.Settings.Update MEDIUM" "twitter-posts No.known.fix Settings.Update.via.CSRF MEDIUM" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-post-grid 7.7.18 Contributor+.Local.File.Inclusion HIGH" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "training No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "timeline-designer 1.4.1 Admin+.SQL.Injection MEDIUM" "topbar-id-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-switcha 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "trusty-whistleblowing-solution No.known.fix Missing.Authorization MEDIUM" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "tours 1.0.1 Missing.Authorization MEDIUM" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "trendy-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "traveler-code 3.1.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "traveler-code 3.1.2 Unauthenticated.Arbitrary.SQL.Injection HIGH" "tidyro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "two-factor-login-telegram 3.1 Two-Factor.Authentication.Bypass MEDIUM" "two-factor-login-telegram 3.1 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "team-members 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "tinycode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trustpilot-reviews 3.6.0 Missing.Authorization MEDIUM" "t-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "truenorth-srcset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "ti-woocommerce-wishlist 2.11.0 Unauthenticated.HTML.Injection MEDIUM" "ti-woocommerce-wishlist 2.11.0 Missing.Authorization MEDIUM" "ti-woocommerce-wishlist 2.11.0 Missing.Authorization MEDIUM" "ti-woocommerce-wishlist 2.10.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ti-woocommerce-wishlist 2.10.0 Contributor+.Stored.XSS MEDIUM" "ti-woocommerce-wishlist 2.9.2 Unauthenticated.Plugin.Setup.Wizard.Access HIGH" "ti-woocommerce-wishlist 2.9.1 Unauthenticated.SQL.Injection.via.lang.parameters HIGH" "ti-woocommerce-wishlist 2.9.0 Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "time-tracker 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Limited.Data.Deletion HIGH" "timer-countdown No.known.fix Reflected.XSS HIGH" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "thememove-core No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "tourmaster 5.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "tourmaster 5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "tourmaster 5.3.8 Tour.Booking,.Travel,.Hotel.<.5.3.8.-.Authenticated.(Subscriber+).SQL.Injection.via.review_id.Parameter MEDIUM" "tourmaster 5.3.5 Reflected.XSS HIGH" "tourmaster 5.3.4 Unauthenticated.Stored.XSS.via.Room.Booking HIGH" "try-on-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "utech-world-time-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "utilities-for-mtg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "urbango-membership 1.1 Unauthenticated.Privilege.Escalation CRITICAL" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "user-registration-using-contact-form-7 2.6 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "user-registration-using-contact-form-7 2.5 Cross-Site.Request.Forgery MEDIUM" "user-importer-and-generator No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation.via.Arbitrary.Administrator.Account.Creation HIGH" "uptime-robot-monitor No.known.fix Cross-Site.Request.Forgery MEDIUM" "uptime-robot-monitor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uptime-robot-monitor No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blogroll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "user-toolkit 1.2.4 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "unlimited-timeline 1.6.1 Missing.Authorization MEDIUM" "unsafe-mimetypes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-watermark 1.1.1 Missing.Authorization MEDIUM" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-location-and-ip 2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ungrabber No.known.fix Missing.Authorization MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "unify 3.4.10 Missing.Authorization.to.Unauthenticated.Option.Deletion.via.'unify_plugin_downgrade'.Parameter MEDIUM" "unify 3.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.unify_checkout.Shortcode MEDIUM" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "userpro-messaging No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro-messaging No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "ux-sniff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Setting.Exposure MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Playlist/Video.Deletion MEDIUM" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "ultimate-bar No.known.fix Missing.Authorization MEDIUM" "uptodown-apk-download-widget 0.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "universal-analytics-injector No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "user-avatar 1.4.12 Reflected.XSS HIGH" "uicore-elements 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uicore-elements 1.3.1 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "uicore-elements 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "user-private-files 2.1.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "unique-ux No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ulimate-client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "uber-classic 2.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "user-submitted-posts 20260217 Incorrect.Authorization.to.Unauthenticated.Category.Restriction.Bypass.via.'user-submitted-category'.Parameter MEDIUM" "user-submitted-posts 20260110 Unauthenticated.Stored.Cross-Site.Scripting.via.Custom.Field HIGH" "user-submitted-posts 20260113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'usp_access'.Shortcode MEDIUM" "user-submitted-posts 20251210 Unauthenticated.Open.Redirect MEDIUM" "user-submitted-posts 20250327 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "ukrainian-currency No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-session-synchronizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "upmenu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'upmenu-menu'.Shortcode.'lang'.Attribute MEDIUM" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "ultraembed-advanced-iframe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via._wpnonce MEDIUM" "ultimate-shortcodes-creator 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "universal-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "universal-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-counter No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.19.18 Unauthenticated.Information.Disclosure.in.Sensitive.Data MEDIUM" "ultimate-addons-for-gutenberg 2.19.18 Missing.Authorization MEDIUM" "ultimate-addons-for-gutenberg 2.19.15 Contributor+.Stored.XSS.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.19.1 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.16.3 Contributor+.Stored.XSS.via.Team.Widget MEDIUM" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-page-sidebars 0.2.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor-premium 2.0.1 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "ultimate-push-notifications No.known.fix Missing.Authorization MEDIUM" "ultimate-push-notifications No.known.fix Reflected.Cross-Site.Scripting HIGH" "ultimate-push-notifications No.known.fix Subscriber+.SQL.Injection HIGH" "ultimate-blocks 3.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultimate-blocks 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "ultimate-blocks 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.4 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-ajax-login No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultimate-faqs 2.4.4 Cross-Site.Request.Forgery MEDIUM" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "updownupdown-postcomment-voting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "universam-demo No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "universam-demo 8.59 Reflected.Cross-Site.Scripting MEDIUM" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "userback No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin's.Configuration.Exposure MEDIUM" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "urdu-formatter-shamil No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "ultimate-bootstrap-elements-for-elementor 1.4.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "user-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-management 1.2 Subscriber+.Arbitrary.File.Upload HIGH" "ultimate-coming-soon 1.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-coming-soon 1.1.0 Subscriber+.Template.Name.Update MEDIUM" "ultimate-coming-soon 1.1.0 Unauthenticated.Template.Activation MEDIUM" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "ultra-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "use-your-drive 3.3.2 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Metadata HIGH" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-tinymce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-password-reset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-classified-listings 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-classified-listings No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "ultimate-classified-listings 1.5 Ultimate.Classified.Listings.<.1,5.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Title.Parameter MEDIUM" "ultimate-classified-listings 1.6 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "ultimate-classified-listings No.known.fix Subscriber+.Stored.XSS HIGH" "ultimate-classified-listings No.known.fix Contributor+.Local.File.Inclusion HIGH" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-viral-quiz No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "url-shortify 1.12.4 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "url-shortify 1.12.2 Unauthenticated.Open.Redirect.via.'redirect_to'.Parameter MEDIUM" "url-shortify 1.11.3 Reflected.XSS HIGH" "url-shortify 1.11.4 Reflected.XSS HIGH" "url-shortify 1.10.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "uix-shortcodes 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uix-shortcodes 2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "uix-shortcodes 2.0.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "urlyar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-roles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "umich-oidc-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "upcoming-for-calendly 1.2.5 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "uncanny-automator 7.1.0 Authenticated.(Administrator+).Server-Side.Request.Forgery.to.Arbitrary.File.Upload HIGH" "uncanny-automator 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "uncanny-automator 6.10.0 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "uncanny-automator 6.8.0 Missing.Authorization MEDIUM" "uncanny-automator 6.5.0 Missing.Authorization MEDIUM" "uncanny-automator 6.4.0.2 Unauthenticated.PHP.Object.Injection.in.automator_api_decode_message.Function CRITICAL" "uncanny-automator 6.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "uncanny-automator 6.4.0 Subscriber+.Privilege.Escalation HIGH" "uncanny-automator 6.3 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "user-meta No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "user-meta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-meta No.known.fix Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "user-registration 5.1.3 Unauthenticated.Privilege.Escalation.via.Membership.Registration CRITICAL" "user-registration 5.1.3 Insecure.Direct.Object.Reference.to.Unauthenticated.Limited.User.Deletion MEDIUM" "user-registration 5.1.3 Authentication.Bypass HIGH" "user-registration 4.4.7 Missing.Authorization MEDIUM" "user-registration 4.4.9 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "user-registration 5.0 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "user-registration 4.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "user-registration 4.4.0 Authenticated.(Admin+).SQL.Injection MEDIUM" "user-registration 4.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.urcr_restrict.Shortcode MEDIUM" "user-registration 4.2.2 Insecure.Direct.Object.Reference.to.Unauthenticated.Limited.User.Deletion MEDIUM" "user-registration 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 4.1.4 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Password.Update MEDIUM" "user-registration 4.1.4 Insecure.Direct.Object.Reference.to.Unauthenticated.Membership.Modification MEDIUM" "user-registration 4.1.3 Authentication.Bypass HIGH" "user-registration 4.0.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-registration 4.1.2 Unauthenticated.Privilege.Escalation HIGH" "user-registration 4.1.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "uncode-core 2.9.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "uncode-core 2.9.1.7 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.in.uncode_get_medias MEDIUM" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uroan-core No.known.fix Unauthenticated.SQL.Injection HIGH" "user-referral-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unlimited-theme-addons 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "ultimate-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 2.0.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Border.Hero.Widget MEDIUM" "unlimited-elements-for-elementor 2.0.1 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.143 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.141 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Transparent.Split.Hero.Widget MEDIUM" "unlimited-elements-for-elementor 1.5.136 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "unlimited-elements-for-elementor 1.5.127 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.122 Authenticated.(Editor+).Remote.Code.Execution HIGH" "unlimited-elements-for-elementor 1.5.122 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection MEDIUM" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "userbase-access-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "universal-video-player-and-bg No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "utw-importer No.known.fix Cross-Site.Request.Forgery MEDIUM" "unlock-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "userplus No.known.fix Privilege.Escalation CRITICAL" "userplus No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "userplus No.known.fix Editor+.Registration.Form.Update.to.Privilege.Escalation HIGH" "userplus No.known.fix Missing.Authorization.via.Multiple.Functions MEDIUM" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "ulp-duplicate-post-sql-timebased 3.9.1 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "upstream No.known.fix Missing.Authorization MEDIUM" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "ut-shortcodes 5.1.7 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.5.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.5.35 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.5.34 Missing.Authorization.to.Authenticated.(Subscriber+).to.Generate.Form.Submission.PDF MEDIUM" "ultimate-addons-for-contact-form-7 3.5.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.UACF7_CUSTOM_FIELDS.Shortcode MEDIUM" "ultimate-addons-for-contact-form-7 3.5.20 3.5.19.-.Unauthenticated.Stored.Cross-Site.Scripting.via.Database.module HIGH" "ultimate-addons-for-contact-form-7 3.5.13 Authenticated.(Administrator+).Arbitrary.File.Upload.via.'save_options' HIGH" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "user-sync 1.0.3 Cross-Site.Request.Forgery.to.Plugin.Deactivation MEDIUM" "uw-freelancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-messages No.known.fix Reflected.XSS HIGH" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "u-design-core 4.14.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "u-design-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "u-design-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "u-design-core No.known.fix Missing.Authorization MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "uichemy 4.4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "uichemy 4.0.1 Missing.Authorization MEDIUM" "ultimate-member 2.11.2 Reflected.Cross-Site.Scripting.via.Filter.Parameters MEDIUM" "ultimate-member 2.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "ultimate-member 2.11.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ultimate-member 2.11.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'value' MEDIUM" "ultimate-member 2.11.1 Authenticated.(Subscriber+).Profile.Privacy.Setting.Bypass MEDIUM" "ultimate-member 2.10.4 Admin+.Arbitrary.Function.Call MEDIUM" "ultimate-member 2.10.2 Unauthenticated.Blind.SQL.Injection HIGH" "ultimate-member 2.10.1 Unauthenticated.SQLi HIGH" "ultimate-member 2.10.0 Authenticated.SQL.Injection MEDIUM" "ultimate-member 2.9.2 Information.Exposure MEDIUM" "ultimate-member 2.9.2 Unauthenticated.SQL.Injection HIGH" "ultimate-member 2.9.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Profile.Picture.Update MEDIUM" "ultimate-member 2.8.7 Cross-Site.Request.Forgery.to.Membership.Status.Change MEDIUM" "ultimate-member 2.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "uss-upyun 1.5.1 Cross-Site.Request.Forgery MEDIUM" "upload-quota-per-user No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "ultimate-image-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultraaddons-elementor-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "ultraaddons-elementor-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultraaddons-elementor-lite 1.1.9 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.UA_Template.Shortcode MEDIUM" "ultraaddons-elementor-lite No.known.fix Author+.Stored.XSS MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "uipress-lite No.known.fix Subscriber+.Plugin.Settings.Update MEDIUM" "uipress-lite No.known.fix Missing.Authorization MEDIUM" "uipress-lite No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "uipress-lite No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "uipress-lite 3.5.09 Subscriber+.Plugin.Settings.Update MEDIUM" "uipress-lite 3.5.08 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "uipress-lite 3.5.05 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-flipbox-addon-for-elementor 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-groups 6.1.1 Missing.Authorization.to.Authenticated.(Group.Leader+).User.Group.Add LOW" "uncanny-learndash-groups 6.1.1 Authenticated.(Group.Leader+).Privilege.Escalation HIGH" "unlimited-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "user-language-switch No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'tab_color_picker_language_switch'.Parameter MEDIUM" "user-language-switch No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery.via.'info_language'.Parameter HIGH" "user-language-switch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-twitter-profile-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "upc-ean-barcode-generator 2.0.3 Cross-Site.Request.Forgery MEDIUM" "upc-ean-barcode-generator 2.0.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "upc-ean-barcode-generator 2.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "user-avatar-reloaded No.known.fix Reloaded.<=.1.2.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "uix-slideshow 1.6.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "users-customers-import-export-for-wp-woocommerce 2.6.3 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Read.via.download_file.Function MEDIUM" "users-customers-import-export-for-wp-woocommerce 2.6.3 Directory.Traversal.to.Authenticated.(Administrator+).Limited.Arbitrary.File.Deletion.via.admin_log_page.Function LOW" "users-customers-import-export-for-wp-woocommerce 2.6.3 Authenticated.(Admin+).PHP.Object.Injection.via.form_data.Parameter HIGH" "users-customers-import-export-for-wp-woocommerce 2.6.3 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.validate_file.Function HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "ultimate-multi-design-video-carousel No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "usercentrics-consent-management-platform No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-profile-meta No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "ui-slider-filter-by-price No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ui-slider-filter-by-price No.known.fix Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.3.09 Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "url-image-importer 1.0.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "url-image-importer 1.0.7 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "user-registration-plugin-for-woocommerce No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "users-control No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-live-cricket-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "upsell-order-bump-offer-for-woocommerce 3.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "upsell-order-bump-offer-for-woocommerce 3.0.1 Unauthenticated.Order.Manipulation MEDIUM" "ultimate-popup-creator No.known.fix Unauthenticated.SQL.Injection HIGH" "ultimate-popup-creator No.known.fix Missing.Authorization.to.Unauthenticated.DB.Table.Truncation MEDIUM" "updraft No.known.fix Reflected.XSS HIGH" "user-registration-pro 5.2.0 Cross-Site.Request.Forgery.to.User.Deletion MEDIUM" "user-registration-pro 5.1.3 Authentication.Bypass HIGH" "user-registration-pro 5.1.2 Unauthenticated.Privilege.Escalation HIGH" "user-spam-remover No.known.fix Unauthenticated.Information.Exposure MEDIUM" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "uper-elementor No.known.fix Missing.Authorization MEDIUM" "upcasted-s3-offload 3.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "upload-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-security-checker No.known.fix Cross-Site.Request.Forgery MEDIUM" "userfeedback-lite 1.10.1 Authenticated.(Editor+).SQL.Injection MEDIUM" "userfeedback-lite 1.9.0 Missing.Authorization.to.Information.Disclosure MEDIUM" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "user-drop-down-roles-in-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "ultra-skype-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'btn_id'.Shortcode.Attribute MEDIUM" "ultimate-post 5.0.9 Admin+.SSRF.via.REST.API.Endpoints MEDIUM" "ultimate-post 5.0.4 Missing.Authorization MEDIUM" "ultimate-post 5.0.4 Unauthenticated.Information.Exposure MEDIUM" "ultimate-post 5.0.4 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "ultimate-post 4.1.37 Missing.Authorization MEDIUM" "ultimate-post 4.1.36 Authenticated.(Editor+).Privilege.Escalation HIGH" "ultimate-post 4.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.17 Missing.Authorization.to.Arbitrary.Plugin.Installation/Activation HIGH" "ultimate-post 4.1.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "unilevel-mlm-plan 2.0.0 Reflected.Cross-Site.Scripting.via.'page' HIGH" "user-roles-and-capabilities No.known.fix Missing.Authorization MEDIUM" "unlimited-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member-widgets-for-elementor 2.4 Unauthenticated.Information.Exposure MEDIUM" "ultimate-member-widgets-for-elementor 2.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-notes 1.0.3 Admin+.Stored.XSS MEDIUM" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "utech-spinning-earth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "unusedcss 2.4.5 Missing.Authorization MEDIUM" "unusedcss 2.4.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Setting.Reset MEDIUM" "unusedcss 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification.and.SQL.Injection HIGH" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.9.1 Admin+.Stored.XSS LOW" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "useinfluence No.known.fix Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.54 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.49 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.48 Missing.Authorization MEDIUM" "userswp 1.2.45 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "userswp 1.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "uptime-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "uix-page-builder 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-activity No.known.fix IP.Spoofing MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncomplicated-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "unitimetable No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "upi-qr-code-payment-for-woocommerce 1.6.1 Missing.Authorization MEDIUM" "ux-flat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "ultimate-store-kit 2.9.5 Missing.Authorization MEDIUM" "ultimate-store-kit 2.8.7 Contributor+.Stored.XSS MEDIUM" "ultimate-store-kit 2.5.0 Cross-Site.Request.Forgery.to.Limited.User.Meta.Update MEDIUM" "ultimate-store-kit 2.4.1 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.6.0 Contributor+.Stored.XSS MEDIUM" "ultimate-store-kit 2.3.1 Missing.Authorization MEDIUM" "ultimate-store-kit 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks-for-gutenberg 1.4.1.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Upload HIGH" "url-coupons-for-woocommerce-by-algoritmika 1.7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ut-demo-importer No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "ultimate-auction No.known.fix Missing.Authorization MEDIUM" "ultimate-auction No.known.fix Unauthenticated.Information.Exposure MEDIUM" "ultimate-auction 4.3.0 Contributor+.Arbitrary.Post.Deletion MEDIUM" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "usc-e-shop 2.11.25 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "usc-e-shop 2.11.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.order_mail MEDIUM" "usc-e-shop 2.11.25 Missing.Authorization MEDIUM" "usc-e-shop 2.11.22 Authenticated.(Author+).SQL.Injection.via.Cookie MEDIUM" "usc-e-shop 2.11.21 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.11.21 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.11.17 Authenticated.(Editor+).PHP.Object.Injection MEDIUM" "usc-e-shop 2.11.17 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.11.14 Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "usc-e-shop 2.11.10 Unauthenticated.Stored.Cross-Site.Scripting.via.name.Parameter HIGH" "usc-e-shop 2.11.2 Authenticated.(Admin+).SQL.Injection MEDIUM" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "updraftplus 1.25.1 Backup/Restore.<.1.25.1.-.Reflected.XSS HIGH" "updraftplus 1.24.12 Unauthenticated.PHP.Object.Injection HIGH" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "user-activity-log No.known.fix Unauthenticated.Limited.Options.Update.via.Failed.Login HIGH" "user-activity-log No.known.fix Unauthenticated.Limited.Arbitrary.Option.Update MEDIUM" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "ut-elementor-addons-lite 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Field MEDIUM" "ut-elementor-addons-lite 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ut-elementor-addons-lite 1.1.9 Authenticated.(Contributor+).Restricted.Post.Disclosure MEDIUM" "userpro-mediamanager No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "userpro-mediamanager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "universal-google-adsense-and-ads-manager No.known.fix Missing.Authorization MEDIUM" "user-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-login-history 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "ulisting No.known.fix Authenticated.(Editor+).Arbitrary.File.Download MEDIUM" "ulisting No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "ulisting No.known.fix Admin+.SQL.Injection MEDIUM" "ulisting No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.and.PHP.Object.Injection HIGH" "ulisting No.known.fix Subscriber+.Privilege.Escalation HIGH" "ulisting 2.1.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ulisting 2.1.7 Unauthenticated.SQL.Injection HIGH" "ulisting 2.1.6 Unauthenticated.Information.Exposure MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "user-registration-aide No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "usb-qr-code-scanner-for-woocommerce No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "user-specific-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "update-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "user-role-editor 4.64.4 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "useful-tab-block-responsive-amp-compatible No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.className.Parameter MEDIUM" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "ultimate-wp-mail 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-wp-mail 1.3.7 1.3.6.-.Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation.via.get_email_log_details.Function HIGH" "ultimate-wp-mail 1.3.6 Missing.Authorization MEDIUM" "ultimate-wp-mail 1.3.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ultimate-wp-mail 1.3.5 Cross-Site.Request.Forgery MEDIUM" "ultimate-wp-mail No.known.fix Open.Redirect MEDIUM" "uber-grid No.known.fix Missing.Authorization.to.Unauthenticated.Portfolio.Update MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "uber-grid No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "upload-am-file-hosting-vpn 1.0.1 Contributor+.Arbitrary.Option.Update HIGH" "upload-am-file-hosting-vpn 1.0.1 Contributor+.Arbitrary.Option.Disclosure MEDIUM" "upcoming-events-lists No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "userpro No.known.fix Missing.Authorization MEDIUM" "userpro No.known.fix Community.and.User.Profile.WordPress.Plugin.<=.5.1.10.-.Unauthenticated.Arbitrary.File.Read MEDIUM" "userpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro No.known.fix Missing.Authorization MEDIUM" "userpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "ungapped-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "ultra-portfolio No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "usermaven 1.2.2 Cross-Site.Request.Forgery MEDIUM" "url-media-uploader No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Safe.File.Upload MEDIUM" "url-media-uploader 1.0.1 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebinding MEDIUM" "user-verification 2.0.45 Authentication.Bypass.to.Account.Takeover CRITICAL" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ultimate-post-kit 4.0.16 Ultimate.Post.Kit.<.4,0,16..Unauthenticated.Arbitrary.Post.Content.Disclosure MEDIUM" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "university-quizzes-online No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "url-rewrite-analyzer 1.3.4 Missing.Authorization MEDIUM" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "ultimate-woocommerce-auction-pro 1.5.3 Unauthenticated.SQL.Injection.via.'auction_id' HIGH" "usersnap 4.17 Admin+.Stored.XSS LOW" "uji-countdown No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "ucat-next-story No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options-premium 4.9.61 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.and.Dropbox.File.Deletion MEDIUM" "uni-woo-custom-product-options-premium 4.9.56 Unauthenticated.Arbitrary.File.Upload.via.'uni_cpo_upload_file' CRITICAL" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "uncanny-learndash-toolkit 3.7.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.7.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.7.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.6 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.8.8 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Modules.Activation/Deactivation MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-reviews 3.2.17 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "ultimate-reviews 3.2.15 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "uk-address-postcode-validation 3.10.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "video-blogster-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "video-blogster-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vstemplate-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "vertical-scroll-slideshow-gallery-v2 No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "vehica-core 1.0.101 Cross-Site.Request.Forgery MEDIUM" "vehica-core 1.0.98 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikappointments 1.2.17 Cross-Site.Request.Forgery MEDIUM" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "visitor-maps-extended-referer-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.8.3 Unauthenticated.Information.Exposure HIGH" "vikbooking 1.8.3 Missing.Authorization MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikbooking 1.7.2 Admin+.Stored.XSS LOW" "vikbooking 1.6.8 Insecure.Direct.Object.References MEDIUM" "vikbooking 1.6.8 Broken.Access.Control MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF LOW" "vikbooking 1.5.12 Admin+.Stored.XSS MEDIUM" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting LOW" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload MEDIUM" "vikbooking 1.5.4 Booking.Data.Disclosure CRITICAL" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "varnish-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vignete-ads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vice-versa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "vite-coupon 1.0.10 Remote.Code.Execution.via.CSRF HIGH" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vc-addons-by-bit14 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vc-addons-by-bit14 No.known.fix Editor+.Stored.XSS LOW" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "v-form 3.2.25 Authenticated.(Contributor+).Information.Exposure MEDIUM" "v-form 3.2.21 Missing.Authorization MEDIUM" "v-form 3.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "v-form 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "v-form 3.0.7 Missing.Authorization MEDIUM" "v-form 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "visual-builder 1.3 Missing.Authorization MEDIUM" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vegas-fullscreen-background-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vertical-diamond-flipbook-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vod-infomaniak 1.5.12 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "vod-infomaniak 1.5.10 Missing.Authorization MEDIUM" "vod-infomaniak 1.5.8 Cross-Site.Request.Forgery MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "video-embeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videographywp 1.0.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vk-all-in-one-expansion-unit 9.112.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SNS.Title MEDIUM" "vk-all-in-one-expansion-unit 9.112.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vk-all-in-one-expansion-unit 9.112.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "vg-woocarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "visual-recent-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-embedder 1.8 Stored.XSS.via.CSRF HIGH" "verge3d 4.9.5 Missing.Authorization MEDIUM" "verge3d 4.9.4 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.9.3 Cross-Site.Request.Forgery MEDIUM" "verge3d 4.8.3 Cross-Site.Request.Forgery MEDIUM" "verge3d 4.8.1 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "video-playlist-for-youtube No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "vagonic-sortable No.known.fix Missing.Authorization MEDIUM" "voltax-video-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "video-contest No.known.fix Admin+.Stored.XSS LOW" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vk-blocks 1.95.0.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "video-wc-gallery 1.32 Missing.Authorization.to.Unauthenticated.Limited.File.Deletion MEDIUM" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "viitor-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'link'.Shortcode.Attribute MEDIUM" "viaads 2.1.3 Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "vidorev-extensions 2.9.9.9.9.9.6 Missing.Authorization.to.Unauthenticated.Youtube.Video.Import MEDIUM" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "video-share-vod 2.7.12 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Custom.Field.Meta.Values MEDIUM" "video-share-vod 2.7.7 Cross-Site.Request.Forgery.to.Command.Injection HIGH" "video-share-vod 2.7.10 Reflected.Cross-Site.Scripting HIGH" "video-share-vod 2.6.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-share-vod 2.6.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vzaar-media-management No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "vidshop-for-woocommerce 1.1.5 Unauthenticated.Time-Based.SQL.Injection.via.'fields' HIGH" "vkontakte-cross-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "verification-sms-targetsms No.known.fix Unauthenticated.Limited.Remote.Code.Execution HIGH" "visitors-details No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "void-elementor-whmcs-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "verbalize-wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "video-embed-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "virtual-hdm-for-taxservice-am 1.2.1 Unauthenticated.Arbitrary.SQL.Execution HIGH" "virtual-hdm-for-taxservice-am 1.2.3 Unauthenticated.SQL.Injection HIGH" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "vampire-character No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "vc-autoresponder-addon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "vc-autoresponder-addon No.known.fix Missing.Authorization MEDIUM" "videojs-hls-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "visualmodo-elements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "videowhisper-live-streaming-integration 6.2.5 Cross-Site.Request.Forgery MEDIUM" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Read HIGH" "videowhisper-live-streaming-integration 6.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "video-player-youtube-vimeo 3.9 Reflected.Cross-Site.Scripting MEDIUM" "vg-postcarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "viewmedica 1.4.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viewmedica 1.4.18 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "viewmedica 1.4.18 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "vikrestaurants 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vikrestaurants 1.5.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vikrestaurants 1.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "vr-frases 4.0 Reflected.Cross-Site.Scripting MEDIUM" "vr-frases 4.0 Authenticated.(Admin+).SQL.Injection MEDIUM" "vr-frases 4.0 Reflected.XSS HIGH" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "vp-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vkontakte-wall-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "video-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "vk-filter-search No.known.fix Contributor+.Stored.XSS MEDIUM" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "visit-site-link-enhanced No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "variable-inspector No.known.fix Missing.Authorization MEDIUM" "variable-inspector 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "visual-link-preview 2.3.0 Missing.Authorization MEDIUM" "visual-link-preview 2.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.visual-link-preview.Shortcode MEDIUM" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "virtual-bot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "virtual-bot No.known.fix Unauthenticated.SQL.Injection HIGH" "valenti-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viet-contact No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'ll1',.'ll2',.'ll3',.and.'ll4'.Parameters MEDIUM" "vr-views No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "vibebp 1.9.9.7.7 Unauthenticated.SQL.Injection HIGH" "vibebp 1.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "vibebp 1.9.9.5 Unauthenticated.Privilege.Escalation CRITICAL" "vitepos-lite 3.3.1 Authenticated.(Subscriber+).Arbitrary.File.Upload.to.Remote.Code.Execution HIGH" "vitepos-lite 3.1.8 Missing.Authorization MEDIUM" "vitepos-lite 3.1.5 Missing.Authorization MEDIUM" "vitepos-lite 3.1.4 Missing.Authorization MEDIUM" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "verowa-connect 3.3.0 Contributor+.Stored.XSS MEDIUM" "verowa-connect 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "verowa-connect 3.1.0 Admin+.SQL.Injection MEDIUM" "verowa-connect 3.0.2 Unauthenticated.SQL.Injection HIGH" "void-visual-whmcs-element No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "void-visual-whmcs-element No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "void-visual-whmcs-element 1.0.4.1 Contributor+.Stored.XSS MEDIUM" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-list-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "video-list-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-list-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "video-list-manager No.known.fix Missing.Authorization MEDIUM" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "visualizer 3.11.13 Authenticated.(Contributor+).SQL.Injection MEDIUM" "visualizer 3.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Import.Data.From.File MEDIUM" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "vertical-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "voucherpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "vcaching No.known.fix Unauthenticated.Information.Exposure HIGH" "vcaching No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "vnpay-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "vooplayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "virtuaria-pagseguro 3.6.4 Missing.Authorization MEDIUM" "valvepress-rankie 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "valvepress-rankie 1.8.2 Wordpress.Rank.Tracker.Plugin.<.1.8.2.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "valvepress-rankie 1.8.2 Missing.Authorization MEDIUM" "video-conferencing-with-zoom-api 4.6.6 Unauthenticated.SDK.Signature.Generation HIGH" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "visual-slider 1.4 Reflected.Cross-Site.Scripting MEDIUM" "vcos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viperbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "voidek-employee-portal 1.0.8 Missing.Authorization MEDIUM" "vertical-response-newsletter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-player-for-wpbakery 1.0.2 Contributor+.Stored.XSS MEDIUM" "vibes 2.2.1 Unauthenticated.SQL.Injection.via.'resource'.Parameter HIGH" "viral-loops-wp-integration No.known.fix Missing.Authorization MEDIUM" "viral-loops-wp-integration No.known.fix Missing.Authorization LOW" "viral-loops-wp-integration No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "vbsso-lite No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "vmax-project-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "vasaio-qr-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "viglink-spotlight-by-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'float'.Shortcode.Attribute MEDIUM" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "vk-google-job-posting-manager 1.2.24 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Job.Description.Field MEDIUM" "vk-google-job-posting-manager 1.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-playlist-and-gallery-plugin No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "video-playlist-and-gallery-plugin No.known.fix Authenticated.(Contributor+).Information.Exposure MEDIUM" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "visual-text-editor No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-sidebar-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vimeography 2.4.5 Sensitive.Information.Exposure MEDIUM" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "visitor-stats-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "visual-portfolio 3.3.10 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "video-onclick No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "visual-header 1.5 Missing.Authorization MEDIUM" "voice-feedback 2.0.0 Subscriber+.Privilege.Escalation HIGH" "vikrentcar 1.4.5 Authenticated.(Author+).SQL.Injection.via.'month'.Parameter HIGH" "vikrentcar 1.4.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "vikrentcar 1.4.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "video-grid 1.22 Reflected.XSS HIGH" "video-embed-privacy 1.3 Reflected.Cross-Site.Scripting MEDIUM" "video-expander No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "virtual-moderator No.known.fix Cross-Site.Request.Forgery MEDIUM" "vgw-metis No.known.fix Missing.Authorization MEDIUM" "vgw-metis 2.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "vm-menu-reorder No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "vimeo-simplegallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Settings.Modification MEDIUM" "vdocipher 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vayu-blocks 1.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Block.Attributes MEDIUM" "vayu-blocks 1.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.containerWidth.Parameter MEDIUM" "vayu-blocks 1.2.2 1.2.1.-.Missing.Authorization.to.Unauthenticated.Limited.Arbitrary.Options.Update MEDIUM" "vayu-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "vayu-blocks 1.2.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "video-gallery-block 1.1.1 Contributor+.Stored.XSS MEDIUM" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "vr-calendar-sync No.known.fix Cross-Site.Request.Forgery.to.Calendar.Sync MEDIUM" "vr-calendar-sync 2.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync 2.4.5 LFI.via.CSRF HIGH" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "validar-certificados-de-cursos No.known.fix Cross-Site.Request.Forgery MEDIUM" "validar-certificados-de-cursos 1.6.2 Cross-Site.Request.Forgery MEDIUM" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "vipdrv-vip-test-drive No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "visucom-smart-sections No.known.fix WPBakery.Page.Builder.Addon.<=.1.7.8.-.Unauthenticated.PHP.Object.Injection CRITICAL" "vertical-scroll-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "vikrentitems 1.2.1 Reflected.Cross-Site.Scripting.via.'delto'.Parameter MEDIUM" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "videospirecore No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.User.Email.Change/Account.Takeover HIGH" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "visit-counter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "vrpconnector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "virusdie 1.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).API.Key.Disclosure MEDIUM" "virusdie 1.1.7 Missing.Authorization MEDIUM" "virusdie 1.1.7 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "virusdie 1.1.4 Cross-Site.Request.Forgery MEDIUM" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "woo-cart-count-shortcode 1.1.0 Contributor+.XSS MEDIUM" "woo-cart-count-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cookie No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-import-export-lite 3.9.30 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-import-export-lite 3.9.29 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-import-export-lite 3.9.28 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wikiloops-track-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "woocommerce-customers-manager 31.4 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "woo-custom-profile-picture No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "weaver-themes-shortcode-compatibility No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-for-japan 2.8.5 Missing.Authorization.to.Unauthenticated.Paidy.Order.Manipulation MEDIUM" "woocommerce-for-japan 2.8.0 Missing.Authorization.to.Unauthenticated.Order.Status.Modification MEDIUM" "woocommerce-for-japan 2.6.41 Cross-Site.Request.Forgery MEDIUM" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-recaptcha-bp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wowrestro 1.1 CSRF.Bypass MEDIUM" "wp-propagator No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-spotlight-search 1.1.2 Cross-Site.Request.Forgery MEDIUM" "wp-memory 3.99 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation.via.wpmemory_install_plugin.Function MEDIUM" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery.to.Backup.Trigger MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "woo-events 4.1.8 Missing.Authorization MEDIUM" "woo-events 4.1.3 Unauthenticated.Arbitrary.File.Overwrite CRITICAL" "wp-iframe-images-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-easy-faqs No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.WP_EASY_FAQ.Shortcode MEDIUM" "wp-dynamic-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smushit 3.17.1 Admin+.Directory.Traversal LOW" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "woocommerce-sendinblue-newsletter-subscription 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-sendinblue-newsletter-subscription 4.0.50 Missing.Authorization MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wati-chat-and-notification 1.1.5 Stored.XSS.via.CSRF HIGH" "wordpress-importer 0.8.4 Admin+.PHP.Object.Injection MEDIUM" "woocommerce-stock-manager 3.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "wordpress-gdpr 2.0.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-gdpr 2.0.3 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "wp-hide-security-enhancer 2.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Contents.Deletion HIGH" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wc-support-system 1.2.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Ticket.Deletion MEDIUM" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "wc-support-system 1.2.3 Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "woolementor No.known.fix Missing.Authorization MEDIUM" "woolementor No.known.fix Author+.Stored.XSS MEDIUM" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "woocommerce-maintenance-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-quick-view 1.1.3 Unauthenticated.Information.Disclosure MEDIUM" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "wh-cache-and-security No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.1.4 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "wp-event-solution 4.0.52 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.'post_settings' HIGH" "wp-event-solution 4.0.38 Unauthenticated.Server-Side.Request.Forgery HIGH" "wp-event-solution 4.0.32 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "wp-event-solution 4.0.35 Authenticated.(Contributor+).Privilege.Escalation.via.User.Email.Change/Account.Takeover HIGH" "wp-event-solution 4.0.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.27 Unauthenticated.Arbitrary.File.Read HIGH" "wp-event-solution 4.0.27 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "wp-event-solution 4.0.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.25 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.25 Missing.Authorization.to.Unauthenticated.Payment.Status.Update MEDIUM" "wp-event-solution 4.0.21 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "wp-bootscraper 4.0.0 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-edit-password-protected 1.3.5 Open.Redirect LOW" "wp-edit-password-protected 1.3.5 Protection.Bypass.via.REST.API MEDIUM" "wp-reset 2.06 Unauthenticated.Sensitive.Information.Exposure.via.wf-licensing.log MEDIUM" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "website-builder No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.5.3 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "waymark 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.4.2 Reflected.Cross-Site.Scripting.via.'content' MEDIUM" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mmenu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-contest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-contest No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-ad-manager-plugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Admin.Settings MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "wdes-responsive-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'attr'.Shortcode.Attribute MEDIUM" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping 2.1.2 Missing.Authorization MEDIUM" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wish-list-for-woocommerce 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wish-list-for-woocommerce 3.2.4 Missing.Authorization MEDIUM" "wish-list-for-woocommerce 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wish-list-for-woocommerce 3.1.8 Cross-Site.Request.Forgery.to.Cross-Site.Scriping.via.Wishlist.Name MEDIUM" "wish-list-for-woocommerce 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-reactions-lite 1.3.9 CSRF LOW" "wp-subtitle 3.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-map-route-planner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 3.0.7 Admin+.Stored.XSS LOW" "wp-lightbox-2 3.0.6.8 Unauthenticated.Stored.XSS HIGH" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 3.0.6.6 Admin+.Stored.XSS LOW" "wp-less 1.9.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "woocommerce-checkout-manager 7.8.6 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "woocommerce-checkout-manager 7.8.2 Unauthenticated.Limited.File.Upload MEDIUM" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "wp-thumbnail No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-leads-builder-any-crm 3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Many.Actions MEDIUM" "wp-leads-builder-any-crm 3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-leads-builder-any-crm 3.1 Authenticated.(Contributor+).SQL.Injection MEDIUM" "websand-subscription-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pagseguro-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "wp-clone-by-wp-academy 2.4.7 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialized_replace' HIGH" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wp-front-end-profile 1.3.9 Cross-Site.Request.Forgery.to.Unauthorized.User.Account.Approval.or.Rejection MEDIUM" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-publication-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-email-debug 1.2.1 1.1.0.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "woo-tuner No.known.fix Missing.Authorization MEDIUM" "wp-desklite No.known.fix Reflected.XSS HIGH" "webpushr-web-push-notifications 4.39.0 Unauthenticated.Information.Exposure MEDIUM" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "wp-all-export-pro 1.9.2 Authenticated.(ShopManager+).Arbtirary.Options.Update MEDIUM" "wp-all-export-pro 1.9.2 Unauthenticated.Remote.Code.Execution.via.Custom.Export.Fields HIGH" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wp-mediatagger No.known.fix Reflected.XSS HIGH" "wp-mediatagger No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-ultimate-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-eMember No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-gravity-forms-spreadsheets 1.2.7 Unauthenticated.PHP.Object.Injection HIGH" "wp-gravity-forms-spreadsheets 1.2.5 Cross-Site.Request.Forgery MEDIUM" "wp-gravity-forms-spreadsheets 1.2.5 Open.Redirect MEDIUM" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "wilmer-core 2.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-post-hide 1.1.0 Cross-Site.Request.Forgery MEDIUM" "woostagram-connect No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-responsive-meet-the-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-csv-to-database No.known.fix CSRF LOW" "wootrello 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "wp-fiddle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-smart-compare 6.4.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woo-smart-compare 6.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-meta No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wp-courses 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Update HIGH" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "wp-user-stylesheet-switcher No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-rest-api-authentication 3.6.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "wa11y No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-photo-reviews No.known.fix Review.Reminders.-.Review.for.Discounts.<=.1.3.13.-.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "weglot 5.2 Missing.Authorization.to.Unauthenticated.Limited.Transient.Deletion MEDIUM" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "wp-hotjar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-plugin-info-card 6.3.0 Cross-Site.Request.Forgery.to.Arbitrary.Custom.Plugin.Entry.Creation MEDIUM" "wp-plugin-info-card 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.containerid.Parameter MEDIUM" "wp-plugin-info-card 5.3.1 Contributor+.Stored.XSS MEDIUM" "woo-advanced-product-size-chart 2.4.6 Missing.Authorization MEDIUM" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-all-import 4.0.1 Reflected.Cross-Site.Scripting.via.'filepath' MEDIUM" "wp-all-import 4.0.0 Admin+.Remote.Code.Execution.via.Conditional.Logic MEDIUM" "wp-all-import 3.9.4 Admin+.Limited.Unsafe.File.Upload MEDIUM" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "watcher-elementor No.known.fix Missing.Authorization MEDIUM" "woocommerce-check-pincode-zipcode-for-shipping No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 5.7.0 Missing.Authorization.to.Authenticated.(Subscriber+).Peppol.Identifier.Modification MEDIUM" "woocommerce-pdf-invoices-packing-slips 5.0.0 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.7 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "webp-express 0.25.11 Unauthenticated.Information.Exposure MEDIUM" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "wp-admin-ui-customize 1.5.14 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-pricing-table No.known.fix Reflected.XSS HIGH" "woocommerce-products-filter 1.3.7.4 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference.via.'woof_add_subscr' MEDIUM" "woocommerce-products-filter 1.3.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference.via.'woof_add_query/woof_remove_query' MEDIUM" "woocommerce-products-filter 1.3.7.2 Unauthenticated.SQL.Injection.via.'phrase'.Parameter HIGH" "woocommerce-products-filter 1.3.7.1 Contributor+.Local.File.Inclusion HIGH" "woocommerce-products-filter 1.3.6.5 Subscriber+.Local.File.Inclusion HIGH" "woocommerce-products-filter 1.3.6.6 Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-products-filter 1.3.6.4 Reflected.Cross-Site.Scripting.via.really_curr_tax.Parameter MEDIUM" "woocommerce-products-filter 1.3.6.2 Insecure.Direct.Object.Reference.to.Unsubscribe MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "wp-megamenu No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-role-pricing No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-dynamic-pricing-discounts-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-oscommerce-sync No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "wp-business-hours No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wp-easy-contact 4.0.2 Unauthenticated.PHP.Object.Injection HIGH" "wp-easy-contact 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.noaccess_msg.Parameter MEDIUM" "wp-easy-contact 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-dashboard-chat No.known.fix Authenticated.(Contributor+).SQL.Injection.via.id MEDIUM" "woocommerce-notify-updated-product No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-likes No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-full-stripe-free 8.3.2 Unauthenticated.SQL.Injection HIGH" "wp-full-stripe-free 8.2.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wordpress-mu-secure-invites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-cloak-affiliate-links 1.0.36 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "wp-svg No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-svg-upload No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wordpress-popular-posts 7.2.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "wp-media-file-type-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-pos 1.7.9 Missing.Authorization MEDIUM" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woolentor-addons 3.3.3 Unauthenticated.Email.Relay.Abuse HIGH" "woolentor-addons 3.2.6 Unauthenticated.Local.File.Inclusion.via.'load_template' HIGH" "woolentor-addons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woolentor-addons 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 3.1.3 Unauthenticated.Server-Side.Request.Forgery.via.URL.Parameter MEDIUM" "woolentor-addons 3.1.1 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Flash.Sale.Countdown.Module MEDIUM" "woolentor-addons 2.9.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.WL:.FAQ.Widget.Elementor.Template MEDIUM" "woolentor-addons 2.9.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "woo-checkout-field-editor-pro 2.1.8 Unauthenticated.Stored.XSS.via.Block.Checkout.Custom.Radio.Field HIGH" "woo-checkout-field-editor-pro 2.0.4 Reflected.Cross-Site.Scripting.via.render_review_request_notice MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "webpurifytextreplace 4.0.3 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Change.via.webpurify_save_options MEDIUM" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-mailerlite 3.1.3 Unauthenticated.SQL.Injection HIGH" "woo-mailerlite 3.1.4 WooCommerce.integration.<.3.1.4.-.Missing.Authorization.to.Data.Deletion MEDIUM" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "wordapp No.known.fix Missing.Authorization MEDIUM" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "wp-category-dropdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-category-dropdown 1.9 Contributor+.Stored.XSS MEDIUM" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-last-modified-info 1.9.6 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Post.Metadata.Modification MEDIUM" "wp-last-modified-info 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-last-modified-info 1.9.5 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "wp-social-broadcast No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quote-calculator-order No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-quote-calculator-order No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-producttables-pro 2.2.7 Unauthenticated.SQL.Injection HIGH" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-altcoin-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-altcoin-payment-gateway No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "wiser-notify 2.6 Missing.Authorization MEDIUM" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-nested-pages 3.2.13 Contributor+.Stored.XSS MEDIUM" "wp-nested-pages 3.2.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.9 Editor+.Stored.XSS LOW" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-proposals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-proposals No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "web-cam 3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slug.Parameter MEDIUM" "woo-point-of-sale 6.2.0 Insecure.Direct.Object.Reference.to.Privilege.Escalation.via.Arbitrary.User.Email.Change CRITICAL" "wp-recipe-maker 10.3.3 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Post.Metadata.Modification.via.'recipeId'.Parameter MEDIUM" "wp-recipe-maker 10.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-recipe-maker 10.3.0 Missing.Authorization MEDIUM" "wp-recipe-maker 10.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 10.2.3 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "wp-recipe-maker 10.1.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-recipe-maker 9.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recipe-maker 9.7.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'tooltip' MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-ukrposhta 1.18.0 Reflected.Cross-Site.Scripting.via.order,.post,.and.idd.Parameters MEDIUM" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woc-open-close No.known.fix Missing.Authorization MEDIUM" "woc-open-close No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "wp-remote-thumbnail No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-flexible-map 1.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flexible.Maps.Shortcode MEDIUM" "wp-imap-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-delete-user-accounts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-delete-user-accounts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "whmpress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "whmpress No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "whmpress 6.3-revision-1 Unauthenticated.Local.File.Inclusion.to.Arbitrary.Options.Update CRITICAL" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-capture No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-lead-capture No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "wp-staging-pro 6.1.3 Unauthenticated.Information.Exposure.via.getOutdatedPluginsRequest.Function MEDIUM" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "wp-downloadcounter No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "wp-automatic-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "wp-tao 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "webbricks-addons 1.1.11 Contributor+.Stored.XSS MEDIUM" "wp-datatable No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-datatable 0.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wp-cloudflare-page-cache 5.2.3 Unauthenticated.Stored.Cross-Site.Scripting.via.Activity.Log HIGH" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-js-list-pages-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'class'.Shortcode.Attribute MEDIUM" "wp-topbar No.known.fix CSRF MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "wp-about-author 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-featured-entries No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-bigpost-shipping 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bulk-delete 1.3.7 Missing.Authorization MEDIUM" "wp-bulk-delete 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woomotiv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woomotiv 3.6.3 Unauthenticated.SQL.Injection HIGH" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection.via.key.Parameter HIGH" "wp-easy-gallery No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "wp-easy-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Gallery.Manipulation MEDIUM" "wp-mini-program No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-google-reviews 6.8.1 Unauthenticated.Stored.XSS.via.Google.Review MEDIUM" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wappointment No.known.fix Missing.Authorization MEDIUM" "wappointment 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-ad-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-download-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-seo No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "wp-ajaxify-comments 3.2 Unauthenticated.HTTP.Header.Injection MEDIUM" "wp-easycart 5.8.12 Unauthenticated.Information.Exposure MEDIUM" "wp-easycart 5.7.9 Missing.Authorization.to.Order.Updates MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "woo-lucky-wheel 1.1.14 Authenticated.(Administrator+).PHP.Code.Injection.via.Conditional.Tags HIGH" "weluka-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 5.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 5.3.3 Authenticated.(Admin+).PHP.Object.Injection MEDIUM" "wp-security-audit-log 5.3.0 Unauthenticated.Stored.XSS HIGH" "wp-security-audit-log 5.2.2 Unauthenticated.Stored.Cross-Site.Scripting.via.User_id.Parameter HIGH" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "wechat-subscribers-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ticket 6.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ticket 6.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ticket 6.0.3 Unauthenticated.PHP.Object.Injection HIGH" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-discount-rules 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "wp-optimize 4.2.0 Admin+.SQLi MEDIUM" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "wp-scraper 5.8.2 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "wp-ad-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-sudan-payment-gateway No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-translate No.known.fix Missing.Authorization MEDIUM" "wp-graphviz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wing-migrator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-block-pack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "weedmaps-menu-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.weedmaps_menu.Shortcode MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-greet 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "wp-event-aggregator 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-custom-post-rss-feed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "website-toolbox-forums 2.0.2 Reflected.Cross-Site.Scripting.via.websitetoolbox_username MEDIUM" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wp-events-manager 2.2.2 Missing.Authorization MEDIUM" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "woo-fattureincloud 2.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-profile-avatar No.known.fix Missing.Authorization MEDIUM" "wp-user-profile-avatar 1.0.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-user-profile-avatar 1.0.2 Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-database-backup 7.4 Unauthenticated.Database.Back-Up.Exposure HIGH" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-notcaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wisly No.known.fix Insecure.Direct.Object.Reference.to.Unauthenticated.Wishlist.Manipulation MEDIUM" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-recipe-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Skill.Level'.Input.Field MEDIUM" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-js-impress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-date-and-time-shortcode 2.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sendfox No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "w3-total-cache No.known.fix Unauthenticated.Arbitrary.Code.Execution HIGH" "w3-total-cache 2.8.13 Unauthenticated.Command.Injection CRITICAL" "w3-total-cache 2.8.2 Unauthenticated.Plugin.Deactivation.and.Extensions.Activation/Deactivation MEDIUM" "w3-total-cache 2.8.2 Information.Exposure.via.Log.Files LOW" "w3-total-cache 2.8.2 Subscriber+.Server-Side.Request.Forgery HIGH" "w3-total-cache 2.7.6 Sensitive.Credentials.Stored.in.Plaintext LOW" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) HIGH" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.5 Weak.Validation.of.Amazon.SNS.Push.Messages CRITICAL" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "wp-ultimate-reviews-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-file-download 6.2.6 Reflected.XSS HIGH" "wp-course-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "wp-spacecontent No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wemail 2.0.8 Missing.Authorization.to.Unauthenticated.Form.Deletion MEDIUM" "wemail 2.0.8 Sensitive.Information.Disclosure MEDIUM" "wemail 1.14.14 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-freemind No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "worker-elementor No.known.fix Missing.Authorization MEDIUM" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-guppy No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-special-textboxes 6.2.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "woocommerce-products-without-featured-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-flat-countdown No.known.fix Authenticated.(Susbcriber+).Privilege.Escalation HIGH" "wp-baidu-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "woo-additional-fees-on-checkout-wordpress 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-additional-fees-on-checkout-wordpress 1.4.8 Reflected.Cross-Site.Scripting.via.'number' MEDIUM" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "w3speedster-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "w3speedster-wp 7.27 Cross-Site.Request.Forgery MEDIUM" "w3speedster-wp 7.27 Admin+.RCE MEDIUM" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "wp-malware-removal 16.9 Missing.Authorization MEDIUM" "wp-malware-removal 17.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-malware-removal 16.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-filter 3.0.1 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "woo-product-filter 2.9.8 Unauthenticated.SQL.Injection HIGH" "woo-product-filter 2.8.0 Unauthenticated.SQL.Injection.via.filtersDataBackend.Parameter HIGH" "woo-product-filter 2.7.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "wonka-slide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-content-protection No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wp-fancybox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-responsive-slider-with-lightbox 1.0.22 Contributor+.DOM-Based.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox 1.0.1 Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "wc-ja-ja-pagamentos-multicaixa-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-geonames 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9 Reflected.Cross-Site.Scripting MEDIUM" "wholesale-pricing-woocommerce 4.0.4 Contributor+.Stored.XSS MEDIUM" "wholesale-pricing-woocommerce 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-iconics No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-filter-combine-rss-feeds No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Feed.Deletion MEDIUM" "wp-email-delivery No.known.fix Reflected.XSS HIGH" "wp-headers-and-footers 3.1.2 Arbitrary.Options.Update.via.CSRF HIGH" "wp-funnel-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-mis-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-carticon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-signature No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-finance No.known.fix Stored.XSS.via.CSRF HIGH" "wp-finance No.known.fix Reflected.XSS HIGH" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "wow-entrance-effects-wee No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgets-for-tiktok-video-feed 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wise-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-featured-screenshot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-jamstack-deployments No.known.fix Missing.Authorization MEDIUM" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-e-commerce-style-email No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wp-e-commerce-style-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ecommerce-quickpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-time-capsule 1.22.24 Reflected.Cross-Site.Scripting MEDIUM" "wp-time-capsule 1.22.22 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-time-capsule 1.22.22 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-time-capsule 1.22.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "wp-image-compression No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-report-post No.known.fix Reflected.XSS HIGH" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "woocommerce-simple-registration 1.5.9 Cross-Site.Request.Forgery.to.Privilege.Escalation.via.Role.Request.Approval HIGH" "woocommerce-simple-registration 1.5.7 Unauthenticated.Privilege.Escalation CRITICAL" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woolook No.known.fix Authenticated.(Admin+).Local.File.Inclusion MEDIUM" "woolook No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wip-incoming-lite 1.1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woofilter-pro 2.9.6 Unauthenticated.SQL.Injection HIGH" "wc-dropi-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-file-dropzone No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion MEDIUM" "wp-custom-fields-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcfs-preset.Shortcode MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-filter-post-categories No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "woocommerce-order-searching No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-jquery-pdf-paged No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "wp-google-street-view 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'wpgsv_map'.Shortcode MEDIUM" "wp-google-street-view 1.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-force-images-download 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-to-google-merchant-center No.known.fix Missing.Authorization MEDIUM" "wp-simple-anchors-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpanchor.Shortcode MEDIUM" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "wp-links-page 5.0 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-links-page 5.0 Subscriber+.SQL.Injection MEDIUM" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-colorful-tag-cloud No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "wp-allow-hosts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'allowed-hosts'.Parameter MEDIUM" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "wp-notes-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webba-booking-lite 6.2.2 Missing.Authorization MEDIUM" "webba-booking-lite 6.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webba-booking-lite 5.1.21 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 5.1.22 Missing.Authorization MEDIUM" "webba-booking-lite 5.0.50 Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Settings.Update MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "wp-smart-flexslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-wholesale-lead-capture 2.0.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "woocommerce-wholesale-lead-capture 2.0.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-expand-tabs-free 2.2.13 Admin+.PHP.Object.Injection MEDIUM" "wp-expand-tabs-free 2.2.7 Admin+.Stored.XSS LOW" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-database-optimizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-database-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-mailing-group No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-mailing-group 3.0.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-mailing-group 3.0.0 Reflected.Cross-Site.Scripting HIGH" "wp-mailing-group 3.0.0 Admin+.SQL.Injection MEDIUM" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "woo-cart-all-in-one 1.1.22 Admin+.Code.Injection HIGH" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wedesigntech-portfolio No.known.fix Missing.Authorization MEDIUM" "wp-easy-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-tesseract No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.9 Unauthenticated.Tax.Sync.Settings.Update MEDIUM" "woocommerce-multilingual 5.3.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.7 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-post-list-table 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "wp-blackcheck No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "wp-gmail-smtp No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gmail-smtp No.known.fix Sensitive.Information.Exposure MEDIUM" "wp-analytify-pro 7.0.4 Unauthenticated.Information.Exposure MEDIUM" "wp-last-modified No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-show-single-variations-shop-category 3.0 Missing.Authorization MEDIUM" "wp-social-reviews 4.0.2 Embed.Social.Feeds,.Customer.Reviews,.Chat.Widgets.(Google.Reviews,.YouTube.Feed,.Photo.Feeds,.and.More).<.4.0.2.-.Missing.Authorization.to.Unauthenticated.Plugin's.Settings.Disclosure.And.Modification MEDIUM" "wp-social-reviews 4.0.0 Unauthenticated.Stored.Cross-Site.Scripting.via.External.Content.Import MEDIUM" "wp-social-reviews 3.20.2 Missing.Authorization MEDIUM" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "wp-abstracts-manuscripts-manager 2.7.5 Unauthenticated.Local.File.Inclusion HIGH" "wp-abstracts-manuscripts-manager No.known.fix Stored.XSS.via.CSRF HIGH" "wp-abstracts-manuscripts-manager 2.7.4 Cross-Site.Request.Forgery.to.Arbitrary.Account.Deletion HIGH" "wp-abstracts-manuscripts-manager 2.7.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "wp-login-customizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-featured-content-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.21.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Missing.Authorization HIGH" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).SQL.Injection.via.orderby HIGH" "wp-mailster 1.8.17.0 Missing.Authorization MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Information.Exposure MEDIUM" "wp-mailster 1.8.16.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-dropbox-dropins No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.4.26 Cross-Site.Request.Forgery.to.Limited.Settings.Update MEDIUM" "wc4bp 3.4.25 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-hijri No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hijri 1.5.2 Reflected.XSS HIGH" "woo-vehicle-parts-finder 3.8 Unauthenticated.PHP.Object.Injection HIGH" "woo-vehicle-parts-finder 3.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-triggers-lite No.known.fix Admin+.SQL.Injection MEDIUM" "wp-triggers-lite No.known.fix Reflected.XSS HIGH" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woodpecker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'form_name'.Shortcode.Attribute MEDIUM" "wp-jobs2careers No.known.fix Reflected.XSS HIGH" "web-stat 1.4.1 API.Key.Disclosure HIGH" "woo-cart-weight 1.9.12 Missing.Authorization MEDIUM" "wp-dispatcher No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-dispatcher No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "wp-coupons-and-deals 3.2.5 Missing.Authorization MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-post-to-pdf-enhanced No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "wp-flybox No.known.fix CSRF MEDIUM" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-shapes No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-map-block 2.0.3 Contributor+.Stored.XSS.via.Marker MEDIUM" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-show-stats No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "wp-thumbtack-review-slider 2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-team-manager No.known.fix Missing.Authorization MEDIUM" "wp-team-manager 2.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cleanup-and-basic-functions No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-migrate-2-aws 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-signature No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-sri No.known.fix Missing.Authorization MEDIUM" "wp-freeio 1.2.22 Unauthenticated.Privilege.Escalation CRITICAL" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "wp-admin-microblog No.known.fix Cross-Site.Request.Forgery.to.Message.Creation MEDIUM" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-custom-product-tabs-lite 1.9.1 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-menu-image 2.3 Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-menu-image 2.3 Missing.Authorization.to.Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webp-converter-for-media 6.5.2 Unauthenticated.SSRF MEDIUM" "webp-converter-for-media 6.4.0 Subscriber+.Optimized.Image.Deletion.via.regenerate-attachment.REST.Endpoint MEDIUM" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-cafe No.known.fix Missing.Authorization MEDIUM" "wp-cafe 2.2.33 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.32 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "wp-counter-up 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "wc-pre-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-fortnox-integration 4.5.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-fortnox-integration 4.5.6 Missing.Authorization MEDIUM" "wp-easyarchives No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-microdata No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "webappick-pdf-invoice-for-woocommerce 3.7.59 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "wp-currency-exchange-rates 1.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "wp-ulike No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attribute MEDIUM" "wp-ulike 5.0.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.Log.Deletion.via.'id'.Parameter MEDIUM" "wp-ulike 4.7.10 Missing.Authorization.to.Unauthenticated.Content.Spoofing MEDIUM" "wp-ulike 4.7.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.6 Admin+.Stored.XSS LOW" "wp-ulike 4.7.5 Admin+.Stored.XSS.via.Widgets LOW" "wp-ulike 4.7.5 Cross-Site.Request.Forgery.to.Statistic.Deletion MEDIUM" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-gsheetconnector 1.4.0 Cross-Site.Request.Forgery MEDIUM" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wp-sendgrid-smtp No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-jquery-datatable No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-announcements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wiki-embed 1.4.7 Cross-Site.Request.Forgery MEDIUM" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "woo-store-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-compare-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-booking-system 2.0.19.13 Unauthenticated.Information.Exposure MEDIUM" "wp-booking-system 2.0.19.11 Missing.Authorization.via.wpbs_refresh_calendar_editor MEDIUM" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "weekly-planner No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wordpress-tooltips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "windows-live-writer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-better-customer-list No.known.fix Reflected.Cross-Site.Scripting HIGH" "wcs-qr-code-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mobile-themes No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-githuber-md No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "wc-tabs No.known.fix Authentiated.(Shop.Manager+).PHP.Object.Injection.in.product_has_custom_tabs HIGH" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-multi-store-locator No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-multi-store-locator 2.5.2 Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.5.1 Contributor+.Stored.XSS MEDIUM" "wp-politic 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "wp-programmmanager No.known.fix Reflected.XSS HIGH" "wp-programmmanager No.known.fix Admin+.SQL.Injection MEDIUM" "wp-programmmanager No.known.fix Category.Deletion.via.CSRF MEDIUM" "wp-posts-carousel 1.3.13 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "wp-posts-carousel 1.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.auto_play_timeout.Parameter MEDIUM" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "wc-reports-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "worpit-admin-dashboard-plugin 4.5.0 Unauthenticated.PHP.Object.Injection CRITICAL" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "wp-user-manager 2.9.13 Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.'current_user_avatar'.Parameter MEDIUM" "wp-user-manager 2.9.13 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "wp-user-manager 2.9.12 Missing.Authorization.to.Carbon.Fields.Custom.Sidebar.Addition/Removal MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Authenticated.(Subscriber+).User.Meta.Key.Enumeration MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "wp-strava No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-tithely No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wc-checkout-getnet 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-checkout-getnet 1.8.1 Reflected.XSS MEDIUM" "wc-checkout-getnet 1.8.1 Admin+.Stored.XSS LOW" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-copy-media-url No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "wp-geo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization MEDIUM" "wishlist-member-x 3.26.7 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x 3.26.7 Unauthenticated.Information.Exposure MEDIUM" "wishlist-member-x 3.26.7 Subscriber+.Remote.Code.Execution CRITICAL" "wishlist-member-x 3.26.7 Subscriber+.Privilege.Escalation HIGH" "wishlist-member-x 3.26.7 Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x 3.26.7 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wishlist-member-x 3.26.7 Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x 3.26.7 Missing.Authorization.to.Information.Disclosure MEDIUM" "wp-image-uploader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-uploader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "wp-image-uploader No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market 2.2.2 Settings.Update.via.CSRF MEDIUM" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "wp-hotel-booking 2.2.8 Unauthenticated.Sensitive.Information.Exposure.via.'email'.Parameter MEDIUM" "wp-hotel-booking 2.2.9 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-hotel-booking 2.2.9 Cross-Site.Request.Forgery MEDIUM" "wp-hotel-booking 2.2.8 Unauthenticated.Information.Exposure MEDIUM" "wp-hotel-booking 2.2.3 Subscriber+.Rating.Manipulation MEDIUM" "wp-hotel-booking 2.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-hotel-booking 2.1.7 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "wp-hotel-booking 2.1.6 Missing.Authorization MEDIUM" "wp-hotel-booking No.known.fix Contributor+.Local.File.Inclusion HIGH" "wp-hotel-booking 2.1.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wiredminds-leadlab 1.4 Reflected.Cross-Site.Scripting HIGH" "wp-responsive-images No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.via.src HIGH" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-music-player No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "woocommerce-ultimate-points-and-rewards 2.10.3 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "word-freshener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-plugin-manager 1.4.8 Cross-Site.Request.Forgery MEDIUM" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-social-seo-booster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "wp-app-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.'app-bar-features'.Parameter HIGH" "wp-app-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "widgetkit-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "wp-ulike-pro 1.9.4 Unauthenticated.Limited.Arbitrary.File.Upload MEDIUM" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "wp-thumb No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "woo-gift-cards-lite 3.1.5 Authenticated.(Administrator+).SQL.Injection.via.wps_wgm_save_post.Function MEDIUM" "woo-gift-cards-lite 3.0.7 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "woo-superb-slideshow-transition-gallery-with-random-effect No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "wp-sticky-side-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "web-to-sugarcrm-lead 1.0.1 Cross-Site.Request.Forgery.to.Custom.Field.Deletion MEDIUM" "wp-panoramio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "wp-customer-reviews 3.7.6 Reflected.Cross-Site.Scripting.via.'wpcr3_fname'.Parameter HIGH" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "wp-category-meta No.known.fix CSRF MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "woo-cardcom-payment-gateway No.known.fix Missing.Authorization MEDIUM" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.8.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-stories-enhancer 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mathjax-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-orders-customers-exporter No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-responsive-tabs 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-knowledgebase No.known.fix CSRF MEDIUM" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woosa-ai-for-woocommerce No.known.fix Unauthenticated.Arbitrary.File.Deletion/Read.via.Path.Traversal CRITICAL" "wp-file-upload 5.1.7 File.Overwrite.via.Race.Condition MEDIUM" "wp-file-upload 4.25.3 Cross-Site.Request.Forgery.in.wfu_file_details MEDIUM" "wp-file-upload 4.24.14 Unuathenticated.Remote.Code.Execution CRITICAL" "wp-file-upload 4.25.0 Unauthenticated.Remote.Code.Execution,.Arbitrary.File.Read,.and.Arbitrary.File.Deletion CRITICAL" "wp-file-upload 4.24.14 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.in.wfu_file_downloader.php HIGH" "wp-file-upload 4.25.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "wp-file-upload 4.24.12 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.and.Deletion.in.wfu_file_downloader.php CRITICAL" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "wp-data-access 5.5.64 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'wpda_app'.Shortcode MEDIUM" "wp-data-access 5.5.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-data-access 5.5.23 Unauthenticated.SQL.Injection HIGH" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "wa-chatbox-manager 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wa-chatbox-manager 1.2.6 Missing.Authorization MEDIUM" "wa-chatbox-manager 1.2.3 Missing.Authorization MEDIUM" "wp-discourse 2.6.0 Authenticated.(Author+).Information.Exposure MEDIUM" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-auto-affiliate-links 6.4.7 Admin+.SQL.Injection MEDIUM" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-show-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_more.Shortcode MEDIUM" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-clone-any-post-type No.known.fix Missing.Authorization MEDIUM" "wp-clone-any-post-type No.known.fix Open.Redirect MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "wp-seo-structured-data-schema 2.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "wp-sliding-logindashboard-panel No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-user-profiles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "wp-download-mirror-counter No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-snow-effect No.known.fix Missing.Authorization MEDIUM" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-galleria No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn2.Shortcode MEDIUM" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-bootstrap-tabs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-pocket-urls 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "woo-pricing-table 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "wp-background-tile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-podcasts-manager 1.4 Cross-Site.Request.Forgery MEDIUM" "woocommerce-hss-extension-for-streaming-video No.known.fix Reflected.Cross-Site.Scripting.via.videolink.Parameter MEDIUM" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-caldav2ics No.known.fix Cross-Site.Request.Forgery MEDIUM" "wooCommerce-order-proposal 2.0.6 Authenticated.(Shop.Manager+).Privilege.Escalation.via.Order.Proposal HIGH" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-media-categories No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-nssuser-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "woo-category-slider-by-pluginever 4.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-projects-portfolio No.known.fix Stored.XSS.via.CSRF HIGH" "wp-projects-portfolio No.known.fix Reflected.XSS HIGH" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "wp-super-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-headmaster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-addpub No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-orphanage-extended 1.3 Cross-Site.Request.Forgery.to.Orphan.Account.Privilege.Escalation HIGH" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "wp-eventpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Permalink.Suffix.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Header/Footer/Body.Script.Update.via.CSRF MEDIUM" "wp-multitasking 0.1.18 WP.Utilities.<.0.1.18.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-tv 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wccp-pro 15.3 Open.Redirect MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "woocommerce-abandon-cart-pro 9.17.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-github No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wp-quick-shop 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "web2application No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-easy-recipe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wayne-audio-player No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "woo-rede 5.1.6 Missing.Authorization.to.Unauthenticated.Rede.Order.Logs.Deletion MEDIUM" "woo-rede 5.1.3 Unauthenticated.Order.Status.Manipulation MEDIUM" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "wd-image-magnifier-xoss No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wmf-mobile-redirector No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Settings.Parameters MEDIUM" "wp-less-compiler No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-fixtag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "woo-tumblog No.known.fix Missing.Authorization.to.Unauthenticated.Content.Injection MEDIUM" "wp-fpo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wizshop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.28 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Hidden.Field.Value.via.REST.API MEDIUM" "weforms 1.6.26 Missing.Authorization MEDIUM" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "wp-content-security-policy No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.CSP-Report.Fields HIGH" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting.via.'channel' MEDIUM" "we-testimonial-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-keyword-monitor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "wp-bitly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bitly 2.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-bitly 2.7.3 Missing.Authorization MEDIUM" "wp-bitly 2.7.2 Contributor+.Stored.XSS MEDIUM" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "wp-find-your-nearest No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-find-your-nearest No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema No.known.fix Contributor+.Object.Instantiation MEDIUM" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-payment-gateway-paysera 3.11.0 Missing.Authorization MEDIUM" "woocommerce-products-slider No.known.fix Missing.Authorization MEDIUM" "woocommerce-products-slider 1.13.51 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-perfect-plugin 1.8.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-social 3.1.4 Missing.Authorization.in.Cache.REST.Endpoints.to.Social.Counter.Tampering MEDIUM" "wp-social 3.1.1 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-social 3.0.8 Authentication.Bypass CRITICAL" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "wordpressplugin-upgrade-time-out-plugin No.known.fix Stored.XSS.via.CSRF HIGH" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.14 Missing.Authorization MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "webcamconsult 1.6.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-health 2.17.1 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-tournament-registration No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.field.Parameter MEDIUM" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "wp-membership No.known.fix Subscriber+.Privilege.Escalation HIGH" "wp-membership No.known.fix Missing.Authorization MEDIUM" "wp-membership 1.6.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-membership 1.6.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-gallery-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-registration 6.8 Authenticated.(Subscriber+).Privilege.Escalation.via.profile_save_field HIGH" "wp-registration 6.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-registration No.known.fix Authenticated.(Contributor+).Privilege.Escalation HIGH" "wp-registration 6.4 Unauthenticated.Privilege.Escalation CRITICAL" "wp-registration 6.0 Missing.Authorization.to.User.Deletion CRITICAL" "wp-registration 6.8 Unauthenticated.Account.Takeover CRITICAL" "whizzy No.known.fix Missing.Authorization MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "woocommerce-product-addon 33.0.17 Missing.Authorization MEDIUM" "woocommerce-product-addon 33.0.16 Unauthenticated.SQL.Injection HIGH" "woocommerce-product-addon 33.0.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-product-addon 33.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "wp-mylinks 1.0.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-slider-pro-drag-drop-slider-builder-for-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "woo-slider-pro-drag-drop-slider-builder-for-woocommerce No.known.fix Drag.Drop.Slider.Builder.For.WooCommerce.<=.1.12.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "woo-parcel-pro 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "wp-conditional-captcha No.known.fix Open.Redirect MEDIUM" "woo-direct-checkout-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-appbox 4.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.appbox.Shortcode MEDIUM" "wp-appbox 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "wp-editor 1.2.9.2 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "wp-editor 1.2.9.2 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Update HIGH" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "wp-permalink-translator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "wp-email-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-easy-events 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-ultimate-gift-card 2.9.7 Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<.2.9.7.-.Unauthenticated.SQL.Injection HIGH" "woocommerce-ultimate-gift-card 2.9.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-ultimate-gift-card 2.9.1 Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<.2.9.1.-.Reflected.Cross-Site.Scripting MEDIUM" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "wp-maintenance 6.1.9.8 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "weather-layer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-media-category-management 2.4.0 2.3.3.-.Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "wp-fullcalendar No.known.fix Missing.Authorization MEDIUM" "wp-fullcalendar No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-fullcalendar 1.6 Contributor+.Stored.XSS MEDIUM" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "website-file-changes-monitor 2.2.0 Missing.Authorization MEDIUM" "website-file-changes-monitor 2.1.0 Admin+.Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 2.1.1 Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "woo-line-notify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "winston-ai-wp 0.0.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Settings.Deletion MEDIUM" "woo-payment-bkash No.known.fix Missing.Authorization MEDIUM" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "wp-s3 1.6 Reflected.XSS HIGH" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "wp-compress-mainwp No.known.fix Missing.Authorization MEDIUM" "wp-compress-mainwp 6.50.05 Missing.Authorization MEDIUM" "wp-compress-mainwp 6.30.06 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-condition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-oauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-review 2.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review 2.3.7 IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "wp-log-action 0.52 Reflected.XSS HIGH" "woocommerce-bookings 2.2.5 Unauthenticated.Bookings.Products.Data.and.Metadata.Disclosure.via.REST.API MEDIUM" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-opensearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-popup-builder No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-popup-builder 1.3.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wp_ajax_nopriv_shortcode_Api_Add HIGH" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "wp-asset-clean-up 1.3.9.9 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wedevs-project-manager 3.0.2 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "wedevs-project-manager 2.6.27 Authenticated.(Subscriber+).SQL.Injection.via.'completed_at_operator' MEDIUM" "wedevs-project-manager 2.6.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wedevs-project-manager 2.6.23 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wedevs-project-manager 2.6.23 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wedevs-project-manager 2.6.25 Cross-Site.Request.Forgery MEDIUM" "wedevs-project-manager 2.6.18 Authenticated.(Subscriber+).SQL.Injection.via.orderby.Parameter MEDIUM" "wedevs-project-manager 2.6.18 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "wedevs-project-manager 2.6.23 Admin+.Stored.XSS LOW" "wedevs-project-manager 2.6.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.16 Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.Project.Task.List.REST.API MEDIUM" "wedevs-project-manager No.known.fix Project.Manager+.SQL.Injection MEDIUM" "wedevs-project-manager 2.6.15 Missing.Authorization.to.Project.Milestone.and.Task.Creation/Deletion MEDIUM" "wedevs-project-manager 2.6.14 Insecure.Direct.Object.Reference.to.Unauthenticated.Authorization.Bypass HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-masonry-infinite-scroll 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webhotelier 1.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-crowdfunding 2.1.16 Contributor+.Stored.XSS MEDIUM" "wp-crowdfunding 2.1.15 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Download MEDIUM" "wp-crowdfunding 2.1.13 Missing.Authorization.to.Authenticated.(Subscriber+).WooCommerce.Installation MEDIUM" "wp-crowdfunding 2.1.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcf_donate.Shortcode MEDIUM" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wish-list-for-woocommerce-pro 3.1.3 3.1.2.-.Reflected.Cross-Site.Scripting.via.wtab.Parameter MEDIUM" "wowhead-tooltips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-applink No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "wp-accessibility 2.3.2 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.'alt'.Attribute MEDIUM" "wp-admin-custom-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gpx-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sgpx.Shortcode MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "woocommerce-display-products-by-tags No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ban-user No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wibiya No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-rfq-for-woocommerce 1.9.180 Insecure.Direct.Object.Reference.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "wc1c-main No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "wp-simple-html-sitemap 3.6 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 3.2 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wp-sinotype No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "wp-seo-search 1.2 Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "wp-readme-parser No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.target.Parameter MEDIUM" "wp-pipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-pipes No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wp-pipes No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-pipes No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-pipes 1.4.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-pipes No.known.fix Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wp-pipes 1.4.2 Reflected.Cross-Site.Scripting.via.x1.Parameter MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "wp-bibtex No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bibtex 3.0.2 Cross-Site.Request.Forgery.to.Stored.and.Reflected.Cross-Site.Scripting MEDIUM" "wp-term-order 2.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-auto-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "watu 3.4.5.1 Missing.Authorization MEDIUM" "watu 3.4.5.1 Missing.Authorization MEDIUM" "watu 3.4.5 Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Referer HIGH" "watu 3.4.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "watu 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "watu 3.4.1.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "wp-stripe-donation 3.2.4 Missing.Authorization MEDIUM" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cassify 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-multi-currency 2.2.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.get_products_price.Function HIGH" "woo-multi-currency 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-stories 1.38.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "woo-refund-and-exchange-lite 4.5.6 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Refund.Request.Cancellation MEDIUM" "woo-refund-and-exchange-lite 4.5.6 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.Order.Message.Read MEDIUM" "woo-refund-and-exchange-lite 4.4.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woo-refund-and-exchange-lite 4.4.6 Subscriber+.IDOR MEDIUM" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wc-order-limit-lite 3.0.3 Missing.Authorization MEDIUM" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-peach-payments-gateway 3.3.7 Missing.Authorization MEDIUM" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "world-cup-predictor No.known.fix Reflected.Cross-Site.Scripting HIGH" "wordpress-theme-demo-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cors No.known.fix Missing.Authorization MEDIUM" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-support-ticket-system 17.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Information.Exposure MEDIUM" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-support-ticket-system 17.8 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-jobhunt No.known.fix Missing.Authorization.to.Authenticated.(Candidate+).Stored.Cross-Site.Scripting.via.'status' HIGH" "wp-jobhunt No.known.fix Authenticated.(Candidate+).Insecure.Direct.Object.Reference MEDIUM" "wp-jobhunt 7.7 WP.JobHunt.<.7,7.Authenticated.(Custom+).Authorization.Bypass MEDIUM" "wp-jobhunt 7.7 Authenticated.(Candidate+).Stored.Cross-Site.Scripting.via.cs_job_title MEDIUM" "wp-jobhunt No.known.fix Subscriber+.Arbitrary.Account.Deletion.via.IDOR HIGH" "wp-jobhunt No.known.fix Unauthenticated.Insecure.Direct.Object.Reference HIGH" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Email.Update/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass CRITICAL" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass.to.Candidate HIGH" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "wp-lucky-wheel 1.0.23 Authenticated.(Administrator+).Remote.Code.Execution.via.'conditional_tags'.Parameter HIGH" "woo-manage-fraud-orders No.known.fix Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "woo-manage-fraud-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-imageflow2 5.2.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woozap No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-pinterest-automatic 4.19.0 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-pinterest-automatic No.known.fix Missing.Authorization MEDIUM" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-food No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-audio-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read.via..htaccess.Manipulation HIGH" "wp-audio-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.'audio_upload'.Parameter HIGH" "woo-xendit-virtual-accounts 6.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Order.Status.Update.to.Paid MEDIUM" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "wc-polo-payments 3.0.0 Unauthenticated.Local.File.Inclusion HIGH" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "wdv-one-page-docs No.known.fix Missing.Authorization MEDIUM" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wc-planzer-shipping 1.0.26 Reflected.Cross-Site.Scripting.via.processed-ids MEDIUM" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "wp-clap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-responsive-thumbnail-slider 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.5.0 Missing.Authorization MEDIUM" "woocommerce-jetpack 7.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.2.5 Unauthenticated.Double.Extension.Arbitrary.File.Upload HIGH" "woocommerce-jetpack 7.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.2.5 7.2.4.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-jetpack 7.2.5 7.2.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "woocommerce-jetpack 7.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-jetpack 7.2.4 Authenticated.(ShopManager+).Stored.Cross-Site.Scripting.via.wcj_product_meta.Shortcode MEDIUM" "woocommerce-jetpack 7.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "wp-popups-lite 2.2.0.6 Missing.Authorization MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-custom-taxonomy-image No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "wp-spell-check 9.22 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-advanced-pdf No.known.fix Missing.Authorization MEDIUM" "wp-advanced-pdf No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-identicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Authentication.Bypass CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "woo-smart-quick-view 4.2.6 Insecure.Direct.Object.Reference.to.Unauthenticated.Private.Product.Exposure MEDIUM" "woo-smart-quick-view 4.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.woosq_btn.Shortcode MEDIUM" "woo-smart-quick-view 4.1.2 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-front-end-login-and-register No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-login-and-register No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-members 3.5.6 Authenticated.(Contributor+).SQL.Injection.via.'order_by'.Shortcode.Attribute MEDIUM" "wp-members 3.5.4.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Multiple.Checkbox.and.Multiple.Select.User.Profile.Fields MEDIUM" "wp-members 3.5.4.5 Unauthenticated.Information.Exposure.via.Unprotected.Files MEDIUM" "wp-members 3.5.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-members 3.5.4.3 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Profile.Names MEDIUM" "wp-members 3.5.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-members 3.5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-members 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_user_memberships.Shortcode MEDIUM" "wp-members 3.4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_loginout.Shortcode MEDIUM" "wp-members 3.4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wish-to-go No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "woo-tbc-payment-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-security-hardening 1.2.7 Unauthenticated.Security.Feature.Bypass.to.Username.Enumeration MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wavesurfer-wp 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'src'.Shortcode.Attribute MEDIUM" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "wp-google-map-plugin 4.9.2 Unauthenticated.SQL.Injection.via.'orderby'.Parameter HIGH" "wp-google-map-plugin 4.9.2 Unauthenticated.SQL.Injection.via.'location_id'.Parameter HIGH" "wp-google-map-plugin 4.8.7 Subscriber+.Limited.Local.File.Inclusion HIGH" "wp-google-map-plugin 4.8.7 Authenticated.(Administrator+).PHP.Object.Injection MEDIUM" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.7.2 Admin+.Stored.XSS LOW" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "wp-update-mail-notification 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "wp-text-expander No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "wizhi-multi-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-easy-allopass No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "wp-page-loading 1.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-connect No.known.fix Stored.XSS.via.CSRF HIGH" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "wp-data-logger 2.2.1 Missing.Authorization MEDIUM" "woocommerce-compare-products 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products 3.2.2 Unauthenticated.PHP.Object.Injection HIGH" "wp-joomag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waveplayer 3.8.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "webo-facto-connector 1.41 Unauthenticated.Privilege.Escalation CRITICAL" "wordcents No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-scriptcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wp-private-content-plus No.known.fix Password.Protection.Bypass MEDIUM" "wp-private-content-plus No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-private-content-plus 3.6.2 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-private-content-plus 3.6.1 Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "wp-ispconfig3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-secure-by-sitesecuritymonitorcom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-cookies-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 17.6 Missing.Authorization MEDIUM" "wp-google-places-review-slider 16.1 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "wp-google-places-review-slider 15.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "wordpress-sql-backup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "world-prayer-time No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-news-sliders No.known.fix Missing.Authorization MEDIUM" "wp-foft-loader 2.1.40 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wb-custom-product-tabs-for-woocommerce 1.2.5 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "woo-pdf-invoice-builder 1.2.151 Missing.Authorization MEDIUM" "woo-pdf-invoice-builder 1.2.149 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.137 Reflected.Cross-Site.Scripting MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "webd-woocommerce-advanced-reporting-statistics 4.1.3 Unauthenticated.Information.Exposure MEDIUM" "webd-woocommerce-advanced-reporting-statistics 4.1.2 Unauthenticated.SQLi HIGH" "woo-advanced-product-information 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-multivendor-membership 2.11.9 Insecure.Direct.Object.Reference.to.Update.Membership.Payment MEDIUM" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-save-abandoned-carts 8.2.1 Cross-Site.Request.Forgery MEDIUM" "wp-social-feed No.known.fix Reflected.XSS HIGH" "wp-cycle-text-announcement No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-3d-viewer 1.8.6.7 Contributor+.Stored.XSS MEDIUM" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-activity-o-meter No.known.fix Reflected.XSS HIGH" "wp-job-board-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wp-compiler No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-login-with-ajax No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-carousel-free 2.7.4 Admin+.Stored.XSS LOW" "wp-carousel-free 2.6.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.6.9 Editor+.Stored.XSS LOW" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "wp-mapbox-gl-js No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woodly-core No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-smtp 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting.via.Email HIGH" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-twitpic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-edit No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wh-tweaks 1.0.3 Admin+.Stored.XSS LOW" "wp-sos-donate No.known.fix Reflected.Cross-Site.Scripting.via.$_SERVER['PHP_SELF'] MEDIUM" "woo-reviews-by-wiremo No.known.fix Missing.Authorization MEDIUM" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wordpress-dashboard-twitter No.known.fix Missing.Authorization MEDIUM" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-rss-aggregator 5.0.12 Unauthenticated.DOM-Based.Reflected.Cross-Site.Scripting.via.postMessage MEDIUM" "wp-rss-aggregator 5.0.11 Reflected.Cross-Site.Scripting.via.'template'.Parameter HIGH" "wp-rss-aggregator 5.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wp-rss-aggregator.Shortcode MEDIUM" "wp-rss-aggregator 5.0.11 Reflected.Cross-Site.Scripting.via.className MEDIUM" "wp-rss-aggregator 4.23.13 Missing.Authorization MEDIUM" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-biographia No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wezido-elementor-addon-based-on-easy-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-manager-colors No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Reflected.XSS HIGH" "wp-base-booking-of-appointments-services-and-events 5.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.app_export_db MEDIUM" "wp-base-booking-of-appointments-services-and-events 4.9.2 Reflected.Cross-Site.Scripting.via.status.Parameter MEDIUM" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-db-booster No.known.fix Cross-Site.Request.Forgery.to.Database.Cleanup MEDIUM" "wp-db-booster No.known.fix Missing.Authorization MEDIUM" "wip-woocarousel-lite 1.1.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wip-woocarousel-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "workbox-video-from-vimeo-youtube-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payment-gateway-for-saferpay No.known.fix Unauthenticated.Path.Traversal MEDIUM" "wp-time-machine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-automatic 3.119.0 AI.content.generator.and.auto.poster.plugin.<.3.119.0.-.Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-automatic 3.116.0 AI.content.generator.and.auto.poster.plugin.<.3.116.0.-.Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-gerencianet-official No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wc-sms 2.8.1.1 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "wp-access-areas 1.5.20 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-logging 1.16 Unauthenticated.PHP.Object.Injection.via.Email.Log.Message.Field HIGH" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "we-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-ecards-invites 1.3.905 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "webtexttool No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "webtexttool 3.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webtexttool 3.6.2 Missing.Authorization MEDIUM" "wolverine-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-price-history 2.1.5 Authenticated.(Shop.manager+).PHP.Object.Injection HIGH" "wc-price-history 2.1.4 Missing.Authorization MEDIUM" "wp-tabber-widget No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-tabber-widget No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wc-pickupp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "webappick-product-feed-for-woocommerce 6.6.12 Missing.Authorization.to.Authenticated.(Shop.Manager+).Arbitrary.Plugin.Installation HIGH" "webappick-product-feed-for-woocommerce 6.6.19 Missing.Authorization MEDIUM" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "wp-slimstat 5.4.0 Unauthenticated.Stored.Cross-Site.Scripting.via.'fh' HIGH" "wp-slimstat 5.3.2 Authenticated.(Subscriber+).SQL.Injection.via.'args'.Parameter MEDIUM" "wp-slimstat 5.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-slimstat 5.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.'fh'.Parameter HIGH" "wp-slimstat 5.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.'notes/resource'.Parameters HIGH" "wp-slimstat 5.3.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-slimstat 5.2.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "wp-count-down-timer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "wp-ptviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cards No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "wp-e-commerce No.known.fix Coupon.Deletion.via.CSRF MEDIUM" "wp-e-commerce No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0..Authenticated.SQL.Injection MEDIUM" "wp-share-buttons-analytics-by-getsocial No.known.fix Missing.Authorization MEDIUM" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "wp-employee-attendance-system No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-maximum-upload-file-size 1.1.4 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-post-modules-el No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-meta-keywords-meta-description No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-cookies-enabler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-email-inquiry-cart-options No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.Stored.XSS LOW" "wp-auctions No.known.fix Editor+.SQL.Injection MEDIUM" "wp-auctions No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-auctions No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-manager-companies 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "wowpth No.known.fix Reflected.XSS HIGH" "wowpth No.known.fix Reflected.XSS HIGH" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-landing-page No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Post.Meta.Update MEDIUM" "wp-change-status-notifier No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-embed-facebook No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-gift-product No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wonderplugin-slider-lite 14.5 Authenticated.(Contributor+).Dom-based.Stored.Cross-Site.Scripting MEDIUM" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-hr-manager 3.2.0 Reflected.XSS HIGH" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-crm No.known.fix CSV.Injection LOW" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "wp-post-corrector No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-corrector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-file-manager-pro 8.4.3 Arbitrary.File.Deletion.via.Traversal MEDIUM" "wp-file-manager-pro 8.3.10 Unauthenticated.Backup.File.Download.and.Upload HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Limited.JavaScript.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "wp-migrate-db 2.7.7 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-dispensary No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "wp-dream-carousel No.known.fix Reflected.XSS HIGH" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "webriti-custom-login-page No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "walker-elementor No.known.fix Missing.Authorization MEDIUM" "webparex No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-online-users-stats No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.hk_dataset_results.Function MEDIUM" "wp-online-users-stats No.known.fix Authenticated.(Editor+).SQL.Injection.via.table_name.Parameter MEDIUM" "wp-online-users-stats No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-review No.known.fix Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Custom.Fields HIGH" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-odoo-form-integrator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-html5-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-login No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wicked-folders 4.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Arbitrary.Folder.Deletion LOW" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-profitshare No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-profitshare No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-downloadmanager 1.69.1 Authenticated.(Administrator+).Path.Traversal.to.Arbitrary.File.Deletion.via.'file'.Parameter MEDIUM" "wp-downloadmanager 1.69.1 Authenticated.(Administrator+).Path.Traversal.to.Arbitrary.File.Read.via.'download_path'.Parameter LOW" "wp-downloadmanager 1.69 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wp-downloadmanager 1.68.11 Authenticated.(Administrator+).Arbitrary.File.Read MEDIUM" "wp-downloadmanager 1.68.11 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-downloadmanager 1.68.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "wbc907-core 3.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailto-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "wp-spid-italia 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "wp-newsletter-subscription No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-subscription-forms-pro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "woo-product-tables 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-tables 2.1.3 Unuthenticated.SQL.Injection HIGH" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "widgetize-pages-light No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-shrinker No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "woo-social-login 2.8.3 Cross-Site.Request.Forgery MEDIUM" "woo-social-login 2.7.8 WordPress./.WooCommerce.Plugin.<.2.7.8.-.Authentication.Bypass HIGH" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "wp-contact-form-7-spam-blocker 1.2.10 Editor+.Remote.Code.Execution HIGH" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-font-pairing-preview No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-action-network 1.8.0 Reflected.Cross-Site.Scripting HIGH" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "webman-amplifier 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.5.7 Subscriber+.Funds.Creation MEDIUM" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "wp-basics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-asambleas No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-asambleas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-asambleas No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cardealer 1.2.17 Unauthenticated.Privilege.Escalation CRITICAL" "wp-shopify 1.5.4 Reflected.XSS HIGH" "wp-shopify 1.6.0 Contributor+.Local.File.Inclusion HIGH" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "wp-client-testimonial No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'Testimonial.Heading'.Setting MEDIUM" "wp-client-testimonial No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'aft_testimonial_meta_name'.Metabox.Field MEDIUM" "wp-subscription-forms 1.2.4 Missing.Authorization MEDIUM" "wp-subscription-forms 1.2.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-subscription-forms 1.2.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-email-newsletter No.known.fix Reflected.XSS HIGH" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-no-bot-question No.known.fix Cross-Site.Request.Forgery MEDIUM" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-myparcel-belgium 4.5.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-feature-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "wc-pickup-store 1.8.10 Unauthenticated.Settings.Update MEDIUM" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "wc-estimate-and-quote No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-duplicate-page 1.8.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Duplication MEDIUM" "wp-duplicate-page 1.8 Missing.Authorization.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure MEDIUM" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-job-portal 2.4.5 Missing.Authorization MEDIUM" "wp-job-portal 2.4.4 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Job.Description.Field MEDIUM" "wp-job-portal 2.4.1 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "wp-job-portal 2.3.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.3.3 Unauthenticated.Arbitrary.File.Download HIGH" "wp-job-portal 2.3.3 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-job-portal 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-job-portal 2.2.9 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Photo.Disconnection MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Job.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Company.Logo.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Company.Deletion MEDIUM" "wp-job-portal 2.2.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "wp-job-portal 2.2.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.wpjobportal_deactivate() MEDIUM" "wp-job-portal 2.2.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.3 Missing.Authorization.to.Limited.Privilege.Escalation MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.getFieldsForVisibleCombobox() MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-job-portal 2.2.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal 2.1.9 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "wonderplugin-slider 14.5 Authenticated.(Contributor+).Dom-based.Stored.Cross-Site.Scripting MEDIUM" "widget-manager-light No.known.fix Missing.Authorization MEDIUM" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "weather-atlas 3.0.4 Unauthenticated.Cross-Site.Scripting MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wn-flipbox-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-quick-post-duplicator 2.2 Missing.Authorization MEDIUM" "wp-content-permission No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'ohmem-message'.Parameter MEDIUM" "wp-order-by No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-logic 6.0.6 Contributor+.Remote.Code.Execution HIGH" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-helpdesk-integration No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "web-directory-free 1.7.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.9 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.7 Unauthenticated.SQL.Injection HIGH" "web-directory-free 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woocommerce-exporter 2.7.7 Unauthenticated.Local.File.Inclusion HIGH" "woocommerce-exporter 2.7.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "weblizar-companion No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-upload-files-anywhere No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-upload-files-anywhere No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "wordlift 3.54.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordlift 3.54.5 Missing.Authorization MEDIUM" "wordlift 3.54.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wedesigntech-ultimate-booking-addon 1.0.4 Missing.Authorization MEDIUM" "wedesigntech-ultimate-booking-addon No.known.fix Subscriber+.Authentication.Bypass HIGH" "wedesigntech-ultimate-booking-addon No.known.fix Authentication.Bypass CRITICAL" "wedesigntech-ultimate-booking-addon 1.0.4 Missing.Authorization MEDIUM" "woo-book-price No.known.fix Authenticated.(Subscriber++).Arbitrary.File.Download MEDIUM" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "website-chat-button-kommo-integration No.known.fix Missing.Authorization MEDIUM" "wp-google-maps 10.0.06 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.admin_post_wpgmza_save_settings MEDIUM" "wp-google-maps 10.0.05 Missing.Authorization.to.Authenticated.(Subscriber+).Map.Engine.Setting.Modification MEDIUM" "wp-google-maps 9.0.48 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.49 Unauthenticated.Cache.Poisoning MEDIUM" "wp-google-maps 9.0.47 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wp-google-maps 9.0.41 Cross-Site.Request.Forgery MEDIUM" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "wp-event-manager 3.1.51 Unauthenticated.Stored.Cross-Site.Scripting.via.'organizer_name' HIGH" "wp-event-manager 3.1.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.2.0 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-event-manager 3.2.1 Missing.Authorization MEDIUM" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-shortcm No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "wp-ultimate-csv-importer 7.38 Authenticated.(Subscriber+).SQL.Injection.via.File.Name MEDIUM" "wp-ultimate-csv-importer 7.36 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.Bitly.Shortlink.Bypass MEDIUM" "wp-ultimate-csv-importer 7.34 Authenticated.(Administrator+).PHP.Object.Injection.via.CSV.Import HIGH" "wp-ultimate-csv-importer 7.33.1 Missing.Authorization.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "wp-ultimate-csv-importer 7.29 .7.28.-.Authenticated.(Subscriber+).Remote.Code.Execution.via.Code.Injection HIGH" "wp-ultimate-csv-importer 7.28 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-ultimate-csv-importer 7.28 Missing.Authorization.to.Authenticated.(Subscriber+).FTP/SFTP.Credential.Exposure HIGH" "wp-ultimate-csv-importer 7.20.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-ultimate-csv-importer 7.19.1 Subscriber+.Arbitrary.File.Deletion HIGH" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wc-place-order-without-payment 2.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-link-preview No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "wp-user-switch No.known.fix Subscriber+.Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "wp-reviews-plugin-for-google 13.2.2 Contributor+.Stored.XSS.via.trustindex.Shortcode MEDIUM" "wp-reviews-plugin-for-google 13.2.5 Unauthenticated.Stored.XSS.via.Google.Reviews MEDIUM" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-github-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bulk-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.2 Missing.Authorization MEDIUM" "wp-datepicker 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "wp-social-bookmarking No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "wp-ride-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "webemailprotector No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-cyr-cho No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-extra-fields 16.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-user-extra-fields No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-user-extra-fields No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-user-extra-fields 16.9 Missing.Authorization MEDIUM" "wp-user-extra-fields 16.8 Subscriber+.Arbitrary.File.Deletion HIGH" "wp-user-extra-fields 16.7 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-user-extra-fields 16.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-extra-fields 16.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-paypal-gateway 9.0.54 Missing.Authorization MEDIUM" "woo-exfood 3.3.3 Restaurant.Menu.&.Food.ordering.<.3.3.3.-.Unauthenticated.Arbitrary.Shortcode.Execution.via.ids HIGH" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "woocommerce-paymaster-gateway-019 No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-customize-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-customize-login-page No.known.fix Missing.Authorization MEDIUM" "woocommerce-all-currencies 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sync-for-notion 1.7.1 Missing.Authorization MEDIUM" "wp-get-the-table 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "woocommerce-booking 6.10.0 Subscriber+.Arbitrary.Option.Update HIGH" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-shortcode 1.4.17 CSRF MEDIUM" "woocommerce-store-toolkit 2.4.4 Unauthenticated.Local.File.Inclusion HIGH" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "woo-thank-you-page-customizer 1.1.9 Missing.Authorization MEDIUM" "woo-thank-you-page-customizer 1.1.8 Missing.Authorization MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "wp-donate No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "worry-proof-backup No.known.fix Authenticated.(Subscriber+).Path.Traversal.via.Backup.Upload HIGH" "we-client-logo-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecommerce-paypal 2.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wp-advanced-search No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wp-advanced-search 3.3.9.3 Admin+.Stored.XSS LOW" "wp-advanced-search 3.3.9.2 Unauthenticated.SQL.Injection HIGH" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wordpress-simple-paypal-shopping-cart 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Insecure.Direct.Object.Reference.via.'quantity' MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.4 Insecure.Direct.Object.Reference MEDIUM" "wordpress-simple-paypal-shopping-cart 5.1.3 Unauthenticated.Information.Exposure.via.file_url.Parameter HIGH" "wordpress-simple-paypal-shopping-cart 5.1.3 Unauthenticated.Product.Price.Manipulation HIGH" "wordpress-simple-paypal-shopping-cart 5.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-prayers-request 2.4.8 Email.Settings.Update.via.CSRF MEDIUM" "wp-prayers-request 2.4.8 Settings.Update.via.CSRF MEDIUM" "woo-point-of-salepos No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "wp-amaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 27.2 Contributor+.Stored.XSS.via.'jsonText'.Block.Attribute MEDIUM" "wordpress-seo 26.9 Contributor+.Stored.XSS MEDIUM" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-custom-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wp-travel-engine 6.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-travel-engine 6.6.8 Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.File.Renaming CRITICAL" "wp-travel-engine 6.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-travel-engine 6.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-travel-engine 6.3.6 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-travel-engine 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-travel-engine 6.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "what-would-seth-godin-do 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "wp-scribd-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.and.Countdown.Widgets MEDIUM" "widgetkit-for-elementor 2.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button+modal.Widget MEDIUM" "widgetkit-for-elementor 2.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.5 Missing.Authorization.to.Notice.Dismissal NONE" "widgetkit-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "wordpress-admin-bar-improved No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-options-editor No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-sms 7.1.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 7.0.2 Missing.Authorization MEDIUM" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-polls 2.77.3 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-lijit-wijit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-quick-setup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin/Theme.Installation HIGH" "widget-countdown 2.7.8 Widget.Countdown.<.2.7.8.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "widget-countdown 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-countdown 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-square 5.1.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.in.get_token_by_id HIGH" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-ticketbai 3.21 Unauthenticated.SQL.Injection HIGH" "wp-ticketbai No.known.fix Missing.Authorization MEDIUM" "wp-ticketbai 3.19 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "wp-travel-blocks 3.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.9.1 Unauthenticated.Local.File.Inclusion HIGH" "wp-travel-blocks 3.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "wp-nerd-toolkit No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-tiktok-feed No.known.fix Missing.Authorization MEDIUM" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wonderplugin-video-embed 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "wp-map No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mermaid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "widget-or-sidebar-per-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wdesignkit 1.2.17 Missing.Authentication.via.wdkit_handle_review_submission.Function MEDIUM" "wdesignkit 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wdesignkit 1.1.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-fastest-cache-premium 1.7.5 Subscriber+.Blind.Server-Side.Request.Forgery LOW" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "wp-recaptcha-integration 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration 1.2.8 Admin+.Stored.XSS LOW" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-docs 2.2.9 Missing.Authorization MEDIUM" "wp-docs 2.2.7 Missing.Authorization MEDIUM" "wp-docs 2.2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.2.1 Authenticated.(Subscriber+).Time-Based.SQL.Injection.via.'dir_id' MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "wooenvato No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sexylightbox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-helper-lite 4.6.2 Missing.Authorization.in.whp_smtp_send_mail_test MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "wp-hide-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-user-frontend 4.2.9 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Modification.via.'post_id'.Parameter MEDIUM" "wp-user-frontend 4.2.6 Missing.Authorization MEDIUM" "wp-user-frontend 4.2.9 Author+.Arbitrary.File.Upload HIGH" "wp-user-frontend 4.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "wp-user-frontend 4.1.13 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-user-frontend 4.1.13 Missing.Authorization MEDIUM" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "woocommerce-products-by-custom-tax No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-jquery-lightbox 2.3.4 Contributor+.Stored.XSS MEDIUM" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "wikipedia-preview 1.16.0 Missing.Authorization MEDIUM" "wp-twitter-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-social-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-testimonials No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "wow-carousel-for-divi-lite 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Carousel.and.Logo.Carousel.Widgets MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "wp-analytify 6.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Minor.Settings.Update MEDIUM" "wp-analytify 5.5.1 Missing.Authorization MEDIUM" "wp-analytify 5.5.0 Missing.Authorization MEDIUM" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "woo-coupon-usage 6.8.1 Missing.Authorization MEDIUM" "woo-coupon-usage 6.4.2 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "woo-coupon-usage 6.4.1 Cross-Site.Request.Forgery MEDIUM" "woo-coupon-usage 7.2.1 Missing.Authorization MEDIUM" "woo-coupon-usage 6.3.1 Reflected.Cross-Site.Scripting.via.'commission_summary'.Parameter MEDIUM" "woo-coupon-usage 5.16.7.2 Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "wp-sitemap No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woocommerce-inventory-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-product-table 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-table 5.0.0 Reflected.XSS HIGH" "woo-product-table 3.5.2 Information.Exposure MEDIUM" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.60.29 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.50.55 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.30.31 Unauthenticated.Broken.Authentication HIGH" "wp-compress-image-optimizer 6.30.31 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.30.16 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions HIGH" "wp-compress-image-optimizer 6.30.16 Unauthenticated.Server-Side.Request.Forgery.via.init.Function MEDIUM" "wp-compress-image-optimizer 6.30.04 Reflected.Cross-Site.Scripting.via.custom_server.Parameter MEDIUM" "wp-compress-image-optimizer 6.21.01 Reflected.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wp-roadmap 2.2.0 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "while-it-is-loading No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.8 Cross-Site.Request.Forgery MEDIUM" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wibstats-statistics-for-wordpress-mu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wc-affiliate 2.17 Subscriber+.PHP.Object.Injection HIGH" "wc-affiliate 2.6 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.wf-export-all MEDIUM" "wc-affiliate 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.4 Reflected.XSS HIGH" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-geometa No.known.fix 0.3.5.-.Subscriber+.Privilege.Escalation HIGH" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "wp-eis No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wc-bulk-assign-linked-products No.known.fix Missing.Authorization MEDIUM" "wp-quick-contact-us No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "window-blinds-solution 3.1 Contributor+.LFI MEDIUM" "wp-limit-failed-login-attempts 5.6 Unauthenticated.SQL.Injeciton HIGH" "wp-limit-failed-login-attempts 5.4 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "woozone 14.0.31 Unauthenticated.SQL.Injection HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.1.0 Reflected.Cross-Site.Scripting HIGH" "woozone No.known.fix Subscriber+.SQL.Injection HIGH" "woozone 14.1.0 Subscriber+.Privilege.Escalation HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-payment-gateway 3.2.79 Missing.Authorization.to.Payment.Token.Exposure.and.Transaction.Fraud HIGH" "woo-one-click-upsell-funnel 3.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wps_wocuf_pro_yes.Shortcode MEDIUM" "wp-optimize-by-xtraffic No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wedocs 2.1.17 Missing.Authorization.to.Authenticated.(Subscriber+).Documentation.Post.Update MEDIUM" "wedocs 2.1.16 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wedocs 2.1.15 Subscriber+.Settings.Update MEDIUM" "wedocs 2.1.5 Missing.Authorization MEDIUM" "woocommerce-ajax-filters 3.1.9.7 Author+.PHP.Object.Injection HIGH" "woocommerce-ajax-filters 1.6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-recall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-recall No.known.fix Missing.Authorization MEDIUM" "wp-recall No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-recall No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-recall 16.26.12 Admin+.Stored.XSS LOW" "wp-recall 16.26.12 Unauthenticated.SQL.Injection HIGH" "wp-recall 16.26.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Exeuction MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recall 16.26.12 Admin+.SQL.Injection MEDIUM" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-social-stream No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-enable-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "wc-qr-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bookwidgets 0.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "wp-paypal 1.2.3.42 Missing.Authorization.to.Unauthenticated.Arbitrary.Order.Creation MEDIUM" "wp-paypal 1.2.3.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "wp-discord-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-push-notification-firebase No.known.fix Cross-Site.Request.Forgery.to.Broadcast.Notification MEDIUM" "wp-ever-accounting 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wechat-social-login No.known.fix Authentication.Bypass CRITICAL" "wechat-social-login No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 3.6.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wc-shipos-delivery 3.1.0 Cross-Site.Request.Forgery MEDIUM" "wc-shipos-delivery 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-shipos-delivery 2.2.0 Reflected.Cross-Site.Scripting.via.dvsfw_bulk_label_url.Parameter MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "woo-poly-integration No.known.fix Missing.Authorization MEDIUM" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "wp-post-category-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-free-ssl No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wm-zoom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-wallet No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wbounce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wheel-of-life 1.1.9 Missing.Authorization MEDIUM" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "wp-dummy-content-generator 4.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 4.06.05 Missing.Authorization MEDIUM" "webinar-ignition 4.03.33 Unauthenticated.Login.Token.Generation.to.Authentication.Bypass CRITICAL" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-fsqm-pro 4.19.1 WordPress.Form.Builder.<.4.19.1.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-fsqm-pro 4.19 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "wp-jobsearch 3.0.8 Unauthenticated.PHP.Object.Injection HIGH" "wp-jobsearch 3.0.8 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wp-jobsearch 3.0.6 Reflected.Cross-Site.Scripting HIGH" "wp-jobsearch 3.0.6 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "wp-jobsearch No.known.fix Authentication.Bypass.via.Social.Logins HIGH" "wp-jobsearch 2.6.8 Unauthenticated.Privilege.Escalation CRITICAL" "wp-jobsearch 2.6.8 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 2.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-content-pilot 2.1.8 Missing.Authorization MEDIUM" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "wah-forms No.known.fix Missing.Authorization MEDIUM" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-parallax-content-slider No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.7.1 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Refund.Request.Creation MEDIUM" "wc-multivendor-marketplace No.known.fix Missing.Authorization MEDIUM" "wc-multivendor-marketplace 3.6.12 Reflected.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "wooexim No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wooexim No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wooexim No.known.fix CSRF.to.Reflected.XSS MEDIUM" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-copysafe-web 5.2 Missing.Authorization MEDIUM" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "widget4call No.known.fix Reflected.XSS HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "woo-order-notes 1.5.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wetterwarner 2.8 Admin+.Stored.XSS LOW" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-custom-google-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-emmet No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-responsive-photo-gallery 1.0.16 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "wp-responsive-photo-gallery 1.0.4 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "webp-conversion No.known.fix Missing.Authorization MEDIUM" "wc-payphone-gateway 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "wp-click-info No.known.fix Reflected.XSS HIGH" "wecantrack 2.0.1 Open.Redirect MEDIUM" "wp-query-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "wp-power-stats No.known.fix CSRF MEDIUM" "wp-dashboard-beacon No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-airbnb-review-slider 4.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-airbnb-review-slider 4.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "wp-image-mask 3.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-contact-form7-email-spam-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webtoffee-product-feed 2.3.4 Authenticated.(Shop.manager+).PHP.Object.Injection MEDIUM" "webtoffee-product-feed 2.3.2 Missing.Authorization MEDIUM" "webtoffee-product-feed 2.2.9 Missing.Authorization MEDIUM" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "watchtowerhq 3.16.1 Authenticated.(Administrator+).Arbitrary.File.Read.via.'wht_download_big_object_origin'.Parameter MEDIUM" "watchtowerhq 3.10.4 Authentication.Bypass.to.Administrator.due.to.Missing.Empty.Value.Check CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "woo-direct-checkout-lite No.known.fix Missing.Authorization MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-load-gallery No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wc-partial-shipment 3.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "worker-wpbakery No.known.fix Missing.Authorization MEDIUM" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "woocommerce-multiple-free-gift No.known.fix Insufficient.Server-Side.Validation.to.Arbitrary.Gift.Adding MEDIUM" "wp-photo-album-plus 9.1.05.009 Reflected.Cross-Site.Scripting HIGH" "wp-photo-album-plus 9.0.11.007 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.wppa_user_upload MEDIUM" "wp-photo-album-plus 8.9.01.001 Unauthenticated.Arbitrary.Shortcode.Execution.via.getshortcodedrenderedfenodelay HIGH" "wp-photo-album-plus 8.8.07.004 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-agenda No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-register-profile-with-shortcode 3.6.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "wp-register-profile-with-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "wp-optin-wheel 1.4.8 Admin+.SSRF MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-hosting-performance-check No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-photo-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-azure-offload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "wp-ultimate-post-grid 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-grid-with-filters.Shortcode MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "wc-recently-viewed-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "watermark-reloaded 1.4.0 Cross-Site.Request.Forgery.via.optionsPage HIGH" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "wp-reactions-box No.known.fix Unauthenticated.SQLi HIGH" "wp-reactions-box No.known.fix Unauthenticated.SQLi HIGH" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-hashtags No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wonder-fontawesome No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-gdpr-cookie-consen No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-custom-cms-block No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wcfm-marketplace-rest-api 1.6.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-easy-guide No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-flipclock No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "wp-fb-autoconnect No.known.fix Admin+.Stored.XSS LOW" "wp-fb-autoconnect 4.6.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "woo-products-widgets-for-elementor No.known.fix Contributor+.Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wizit-gateway-for-woocommerce No.known.fix Missing.Authentication.to.Unauthenticated.Arbitrary.Order.Cancellation MEDIUM" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "woorewards 5.7.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Loyalty.Rule.Modification MEDIUM" "woorewards 5.3.1 Missing.Authorization MEDIUM" "woo-recargo-de-equivalencia No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-login-control No.known.fix Reflected.XSS HIGH" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "wolmart-core 1.9.7 Unauthenticated.SQL.Injection HIGH" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-responsive-slab-text 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-attractive-donations-system-easy-stripe-paypal-donations 1.29 Cross-Site.Request.Forgery MEDIUM" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "wordpress-custom-sidebar No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wc-sales-count-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-discord-invite 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.4 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter No.known.fix Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.8 Unauthenticated.SQL.Injection HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-data-guards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "woo-order-splitter 5.3.6 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Exposure MEDIUM" "woo-order-splitter 5.3.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-restaurant-listings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-performance-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-performance-pack 2.5.4 Missing.Authorization MEDIUM" "wp-mpdf 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "wp-skitter-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-tactical-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-soundsystem No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsstm-track.Shortcode MEDIUM" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.3.3 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-chrono No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-editormd No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-export 1.4.15 Unauthenticated.Sensitive.Information.Exposure.via.PHP.Type.Juggling LOW" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-photo-text-slider-50 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "wp-intro-js-tours No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-auto-spinner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-spinner No.known.fix Missing.Authorization MEDIUM" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "widget-for-eventbrite-api 6.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-order-cancellation-return No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "wp-test-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-test-email 1.1.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-test-email 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-raptor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-flickrshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-mstoreapp-mobile-app No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "wp-travel 11.1.1 Missing.Authorization MEDIUM" "wp-travel 10.1.4 Author+.SQL.Injection MEDIUM" "wp-travel 10.0.1 Subscriber+.SQL.Injection HIGH" "wp-travel 9.7.0 Missing.Authorization MEDIUM" "wp-travel 9.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "wp-meetup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-time-slots-booking-form 1.2.40 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.31 Cross-Site.Request.Forgery MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "website-llms-txt 8.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-awesome-import-export No.known.fix Import.&.Export.WordPress.Data.<=.4.1.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.SQL.Execution/Privilege.Escalation HIGH" "wc-spod No.known.fix Missing.Authorization MEDIUM" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-custom-login-page-logo No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wb-sticky-notes 1.2.5 Missing.Authorization MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-easy-poll-afo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wp-mail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mail No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-discord-post-plus No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "wp-frontend-submit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-ultimate-exporter 2.20 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "wp-ultimate-exporter 2.14 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-ultimate-exporter 2.10 Information.Disclosure.Through.Unprotected.Directory HIGH" "wp-ultimate-exporter 2.9.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "wp-ultimate-exporter 2.9.2 Authenticated.(Admin+).Remote.Code.Execution MEDIUM" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "wp-user-avatar 4.16.12 Subscriber+.Arbitrary.Subscription.Cancellation/Expiration HIGH" "wp-user-avatar 4.16.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-user-avatar 4.16.5 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.19 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.Image.Uploader.Component MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Authenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.File.Uploader.Component CRITICAL" "wc-designer-pro 1.9.31 Unauthenticated.Arbitrary.File.Read HIGH" "wc-designer-pro No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wc-designer-pro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wc-designer-pro No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "winterlock 1.2.9 Missing.Authorization.to.Sensitive.Information.Exposure.via.Log.File MEDIUM" "winterlock 1.2.5 Cross-Site.Request.Forgery MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wp-simple-firewall 21.0.10 Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "wp-simple-firewall 21.0.10 Unauthenticated.Reflected.Cross-Site.Scripting.via.'message'.Parameter MEDIUM" "wp-simple-firewall 21.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Email.MFA.Update MEDIUM" "wp-simple-firewall 21.0.10 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference.to.Disable.Google.Authenticator MEDIUM" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-showhide 1.06 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "woomulti No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "wp-education 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.text_html_tag MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-extra-fields No.known.fix Reflected.XSS HIGH" "wp-maintenance-mode-site-under-construction 4.4 Cross-Site.Request.Forgery MEDIUM" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wamate-confirm No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Phone.Number.Blocking/Unblocking MEDIUM" "wp-multilang 2.4.19.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "woocommerce-myparcel 4.24.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-wholesale-prices 2.2.7 Authenticated.(Shop.Manager).Privilege.Escalation HIGH" "woocommerce-wholesale-prices 2.2.5 Authenticated.(Shop.Manager+).Privilege.Escalation HIGH" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "whatsiplus-scheduled-notification-for-woocommerce No.known.fix Cross-Site.Request.Forgery.to.'wsnfw_save_users_settings'.AJAX.Action MEDIUM" "workreap No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "workreap 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "workreap 3.3.3 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.'workreap_temp_upload_to_media' HIGH" "workreap 3.3.2 Authentication.Bypass.via.'workreap_verify_user_account' HIGH" "workreap 3.2.6 Unauthenticated.Privilege.Escalation CRITICAL" "wp-noexternallinks 4.3 Backdoored MEDIUM" "wp-record 1.6.8 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "widget-logic-visual No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hide-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-parcelas No.known.fix Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-digital-content-delivery-with-drm-flickrocket 4.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-smart-import 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "wp-hrm-lite-human-resource-management-system No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-hide-admin-bar No.known.fix Cross-Site.Request.Forgery MEDIUM" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "wp-fundraising-donation 1.7.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wp-fundraising-donation 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "wp-touch-slider No.known.fix Reflected.XSS HIGH" "wp-monalisa 6.5 Cross-Site.Request.Forgery MEDIUM" "wallwisher-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-store-locator 2.2.261 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "web-push No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-database-optimizer-tools No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-keybase-verification 1.4.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-categories-widget 2.3 Reflected.XSS HIGH" "wp-autokeyword No.known.fix Missing.Authorization MEDIUM" "wp-autokeyword No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-autokeyword No.known.fix Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "wp-autokeyword No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-flipkart-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wdes-responsive-mobile-menu No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wp-rest-cache 2025.1.1 Unauthenticated.Local.File.Inclusion HIGH" "woo-ups-pickup No.known.fix Missing.Authorization MEDIUM" "woo-ups-pickup 2.6.6 Reflected.XSS HIGH" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "wordpress-popup 7.8.9.3 Unauthenticated.Information.Exposure MEDIUM" "wordpress-popup 7.8.9.3 Subscriber+.Arbitrary.File.Upload.via.Module.Import HIGH" "wordpress-popup 7.8.6 Missing.Authorization.to.Unauthorized.Form.Submission MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unpublished.Form.Exposure MEDIUM" "wordpress-popup 7.8.5 Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "wordpress-seo-premium 26.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "wooms No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wooms No.known.fix Missing.Authorization MEDIUM" "wooms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-geshi-highlight No.known.fix Author+.ReDoS LOW" "wp-inquiries No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-crontrol 1.19.2 1.17.0.-.1.19.1.-.Authenticated.(Administrator+).Blind.Server-Side.Request.Forgery MEDIUM" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "wp-spreadplugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-crm-system 3.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).CRM.Data.Exposure.and.Task.Modification MEDIUM" "wp-crm-system No.known.fix Missing.Authorization MEDIUM" "wp-crm-system 3.4.3 Missing.Authorization MEDIUM" "wp-crm-system 3.4.6 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-crm-system 3.4.0 Unauthenticated.Duplicate.Contact.Settings.Update MEDIUM" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-realestate 1.6.27 Unauthenticated.Privilege.Escalation.via.'process_register' CRITICAL" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-supersized No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "wp-social-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-for-paygent-payment-main 2.4.7 Missing.Authorization.to.Unauthenticated.Payment.Callback.Manipulation MEDIUM" "wc-builder 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-builder 1.2.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting.via.'heading_color'.Shortcode.Attribute MEDIUM" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-edit-templates No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "wp-mapa-politico-spain 3.8.1 Cross-Site.Request.Forgery MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "windows-azure-storage 4.5.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "wp-plugin-contact-form-7 No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "winning-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-order-details No.known.fix Missing.Authorization MEDIUM" "wgpwpp No.known.fix Missing.Authorization MEDIUM" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-giftcards No.known.fix Missing.Authorization MEDIUM" "weichuncai No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wishlist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wishlist 1.0.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist No.known.fix Missing.Authorization MEDIUM" "wishlist No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "wishlist No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wishlist No.known.fix Cross-Site.Request.Forgery MEDIUM" "wishlist 1.0.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist 1.0.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wishlist 1.0.40 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wp-subscribe No.known.fix Missing.Authorization MEDIUM" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "woo-single-page-checkout No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-addon-uploads No.known.fix Missing.Authorization MEDIUM" "woo-addon-uploads 1.7.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "woocommerce-lightbox 2.2 Contributor+.Stored.XSS MEDIUM" "wp-text-slider-widget No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wallet-system-for-woocommerce 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Wallet.Balance.Manipulation MEDIUM" "wallet-system-for-woocommerce 2.7.4 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "wallet-system-for-woocommerce 2.6.8 Cross-Site.Request.Forgery MEDIUM" "wallet-system-for-woocommerce 2.6.9 Reflected.Cross-Site.Scripting HIGH" "wallet-system-for-woocommerce 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wallet-system-for-woocommerce 2.6.3 Missing.Authorization MEDIUM" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-dropshipping No.known.fix Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.52.0 Unauthenticated.Information.Exposure MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.49.3 Unauthenticated.Information.Exposure MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.49.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "wp-jscrollpane No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-salesforce-plugin-crm-perks 1.7.6 Open.Redirect MEDIUM" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-url-shortener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-bbcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "wp-forms-signature-contract-add-on 1.8.3 Missing.Authorization.to.Authenticated.(Subscriber+).Notice.Dimissal MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 2.0.1 Settings.Update.via.CSRF MEDIUM" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "wp-e-customers No.known.fix Reflected.XSS HIGH" "wp-dpe-ges 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-editor-bootstrap-blocks 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.7.25 WooCommerce.Frontend.Manager.<.6.7.25.-.Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "wc-frontend-manager 6.7.25 Missing.Authorization MEDIUM" "wc-frontend-manager 6.7.17 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Modification MEDIUM" "wc-frontend-manager 6.7.13 Insecure.Direct.Object.Reference.to.Account.Takeover/Privilege.Escalation HIGH" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-able-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-notification-bell 1.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "wp-management-controller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-content-copy-protector 3.6.1 Cross-Site.Request.Forgery MEDIUM" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "woocommerce-loyal-customer No.known.fix Missing.Authorization MEDIUM" "wp-marketing-automations 3.6.4.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-marketing-automations 3.6.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "wp-marketing-automations 3.6.4 Authenticated.(Contributor+).Sensitive.Information.Exposure.to.Privilege.Escalation.via.Woofunnel.Library HIGH" "wp-marketing-automations 3.6.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "wp-marketing-automations 3.6.1 Open.Redirect MEDIUM" "wp-marketing-automations 3.5.2 Open.Redirect HIGH" "wp-marketing-automations 3.5.2 Unauthenticated.SQL.Injection.via.'automationId' HIGH" "wp-marketing-automations 3.3.0 Unauthenticated.SQLi HIGH" "wp-marketing-automations 3.2.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "wp-simpleweather No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-publications No.known.fix Admin+.Stored.XSS LOW" "wp-publications No.known.fix Local.File.Inclusion HIGH" "wp-html-page-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "wp-simple-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "widget-options No.known.fix Contributor+.Remote.Code.Execution HIGH" "widget-options 4.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-options 4.1.1 Contributor+.Remote.Code.Execution HIGH" "widget-options 4.0.9 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-options 4.0.8 Missing.Authorization MEDIUM" "widget-options 4.0.8 Contributor+.Remote.Code.Execution CRITICAL" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-basic-ordernumbers No.known.fix Missing.Authorization MEDIUM" "whizz-plugins 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-show-login-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wd-facebook-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "woo-booking-bundle-hours 0.7.5 Cross-Site.Request.Forgery MEDIUM" "wp-flickr-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp-postratings-cheater No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gcalendar No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wishsuite 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'button_text'.Shortcode.Attribute MEDIUM" "wishsuite 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "wot-elementor-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-company-info No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sifr No.known.fix Cross-Site.Request.Forgery MEDIUM" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-additional-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-listings-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-lister-for-ebay 3.8.6 Missing.Authorization MEDIUM" "wp-lister-for-ebay 3.8.5 Missing.Authorization MEDIUM" "wp-lister-for-ebay 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wm-options-import-export No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "woocommerce-delivery-notes 5.9.0 Missing.Authorization MEDIUM" "woocommerce-delivery-notes 5.9.0 Unauthenticated.Remote.Code.Execution CRITICAL" "woocommerce-delivery-notes 5.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-delivery-notes 5.5.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woocommerce-delivery-notes 5.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Logo.Deletion MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "woo-codice-fiscale No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woozone-contextual No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "wp-parsidate 5.1.2 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 2.0.20 Incorrect.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Table.Creation MEDIUM" "wp-table-builder 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-table-builder 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-table-builder 2.0.6 Reflected.Cross-Site.Scripting HIGH" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.6.0 Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "woo-shipping-dpd-baltic 1.2.84 Reflected.Cross-Site.Scripting HIGH" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "woocommerce-multi-currency No.known.fix Missing.Authorization.to.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-multi-currency 2.3.7 WooCommerce.Multi.Currency.-.Currency.Switcher.<.2.3.7.-.Unauthenticated.SQL.Injection HIGH" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "woo-thank-you-page-nextmove-lite 2.24.0 Missing.Authorization MEDIUM" "woo-thank-you-page-nextmove-lite 2.24.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "woo-thank-you-page-nextmove-lite 2.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-thank-you-page-nextmove-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-thank-you-page-nextmove-lite 2.20.0 Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Reason.Submission MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "wp-google-street-view-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-refund-and-exchange 3.2.7 Warranty.Management,.Refund.Policy,.Manage.User.Wallet.<.3.2.7.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-quick-product-editor No.known.fix Missing.Authorization MEDIUM" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-ad-guru No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "wp-ogp No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webcake 1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "wp-experiments-free No.known.fix Missing.Authorization MEDIUM" "wp-experiments-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-multiple-addresses No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bulk-post-duplicator No.known.fix Cross-Site.Request.Forgery MEDIUM" "wise-chat 3.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.X-Forwarded-For.Header HIGH" "wise-chat 3.3.4 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-theme No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "wp-hello-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.'digit_one'.and.'digit_two'.Parameters MEDIUM" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-add-active-class-to-menu-item No.known.fix Cross-Site.Request.Forgery MEDIUM" "woobox 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woobox 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce 10.5.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.9.5 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.3.1 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 5.7.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.6.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.0.5 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.4.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 10.3.8 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.7.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.1.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 5.5.5 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.4.5 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.8.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.2.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 10.1.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.5.5 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.9.5 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.2.5 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.6.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.0.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.9.7 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.3.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.7.1 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.0.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.4.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 5.8.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.7.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.1.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.5.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.2.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 5.6.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 10.4.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.8.7 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.5.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.9.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.3.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 10.2.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.6.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.0.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 5.4.4 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.3.6 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.7.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.1.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 10.0.6 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.4.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.8.3 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.1.7 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 7.5.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 5.9.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.8.7 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 8.2.5 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 6.6.2 Arbitrary.Admin.User.Creation.via.CSRF HIGH" "woocommerce 9.6.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 10.3.7 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.7.2 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.4.4 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 10.1.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.5.4 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.2.4 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.9.6 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.3.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.0.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.7.2 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.1.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 10.4.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.8.6 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.5.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 10.2.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.6.3 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.3.5 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 10.0.5 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.4.2 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.1.5 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 9.8.6 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.2.4 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 8.9.4 Subscriber/Customer+.Order.Data.Disclosure MEDIUM" "woocommerce 10.0.3 Shop.manager+.Stored.XSS LOW" "woocommerce 10.0 Shop.Manager.PII.Leak.in.Multisite MEDIUM" "woocommerce 9.9.4 Shop.manager+.SQLi MEDIUM" "woocommerce 9.7.1 Shop.Manager+.Stored.XSS.via.New.Product.Form MEDIUM" "woocommerce 9.4.3 Reflected.XSS HIGH" "woocommerce 9.4.3 Unauthenticated.Order.Creation MEDIUM" "woocommerce 9.1.0 Unauthenticated.HTML.Injection MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "wp-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "woo-coming-soon-product No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "woo-coming-soon-product 5.1 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "woo-order-export-lite 3.5.6 Unauthenticated.PHP.Object.Injection.via.Order.Details HIGH" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wp-custom-admin-interface 7.42 Missing.Authorization MEDIUM" "wp-custom-admin-interface 7.41 Missing.Authorization MEDIUM" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "wp-migration-duplicator 1.5.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "welcome-popup No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager No.known.fix Missing.Authorization MEDIUM" "wp-stats-manager 7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.6 Missing.Authorization MEDIUM" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "wp-attachments 5.2.1 Missing.Authorization MEDIUM" "wp-attachments 5.1 Reflected.Cross-Site.Scripting.via.attachment_id.Parameter MEDIUM" "wp-attachments 5.0.12 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "wc-vendors 2.6.4.1 Cross-Site.Request.Forgery.to.Vendor.Product.Deletion MEDIUM" "wc-vendors 2.5.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-taxonomy-meta No.known.fix Cross-Site.Request.Forgery.to.Taxonomy.Meta.Add/Delete MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ticket-ultra No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "walker-core 1.3.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "wp-flipper No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-foodbakery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Privilege.Escalation.in.foodbakery_registration_validation CRITICAL" "wp-foodbakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-foodbakery No.known.fix Authentication.Bypass CRITICAL" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-church-donation No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-church-donation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-church-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-serial-numbers 2.1.1 Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wise-analytics 1.1.20 Missing.Authorization.to.Unauthenticated.Arbitrary.Analytics.Database.Disclosure.via.'name'.Parameter MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wc-pagaleve 1.6.10 Pagaleve.<.1.6.10.-.Unauthenticated.PHP.Object.Injection CRITICAL" "wp-flashy-marketing-automation 2.0.9 Cross-Site.Request.Forgery MEDIUM" "webd-woocommerce-product-excel-importer-bulk-edit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-frontend-manager-ultimate 6.7.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-rest-headless No.known.fix Unauthenticated.Protection.Mechanism.Bypass MEDIUM" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-planification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-syntax No.known.fix Author+.Potential.ReDoS LOW" "werk-aan-de-muur 1.5.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "w2s-migrate-woo-to-shopify 1.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "woocommerce-product-payments 3.5.9 Missing.Authorization MEDIUM" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-2fa 3.0.0 Second.Factor.Bypass MEDIUM" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "woo-payment-gateway-for-piraeus-bank 3.1.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Order.Status.Change MEDIUM" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "webling 3.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dropzone No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'callback'.Shortcode.Attribute MEDIUM" "wp-dropzone 1.1.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-chart-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpchart.Shortcode MEDIUM" "wired-impact-volunteer-management 2.8.1 Missing.Authorization MEDIUM" "wired-impact-volunteer-management 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-system-info No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-clanwars No.known.fix Authenticated.(Administrator+).SQL.Injection.via.'orderby'.Parameter MEDIUM" "widgetpack-comment-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "wide-banner No.known.fix Missing.Authorization MEDIUM" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "wp-donimedia-carousel No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wovax-idx No.known.fix Missing.Authorization.to.Privilege.Escalation HIGH" "weaver-for-bbpress 1.7.1 Reflected.Cross-Site.Scripting.via._wpnonce.Parameter MEDIUM" "wp-mapit No.known.fix Missing.Authorization MEDIUM" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-bookmarks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-global-screen-options No.known.fix Cross-Site.Request.Forgery.to.Screen.Options.Update MEDIUM" "werkstatt-plugin 1.6.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woo-razorpay 4.7.9 Unauthenticated.Order.Modification MEDIUM" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "wc-plus No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Manipulation MEDIUM" "wp-table-manager 4.1.4 Missing.Authorization.to.Authenticated.(Subscriber+).Directory.Traversal.to.Folder/File.Name.Disclosure MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-to-hootsuite 1.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wp-featherlight No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "wp-email-capture 3.12.6 Cross-Site.Request.Forgery MEDIUM" "wp-email-capture 3.12.5 Missing.Authorization MEDIUM" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-query-console No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "wp-security-master No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-discussion-board 2.5.8 Missing.Authorization MEDIUM" "wp-discussion-board 2.5.6 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "woo-smart-wishlist 5.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Exposure MEDIUM" "woo-smart-wishlist 5.0.4 Insecure.Direct.Object.Reference.to.Unauthenticated.Wishlist.Manipulation MEDIUM" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "wooemailreport No.known.fix Reflected.XSS HIGH" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-upload-files 84.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "w3s-cf7-zoho No.known.fix Cross-Site.Request.Forgery MEDIUM" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-modal-popup-with-cookie-integration 2.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-modal-popup-with-cookie-integration 2.5 Admin+.Stored.XSS LOW" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "woo-quickview 2.2.18 Unauthenticated.Private.Product.Disclosure MEDIUM" "woo-quickview 2.2.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wp-hallo-welt No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-custom-product-addons 3.1.1 Authenticated.(Shop.Manager+).Code.Injection.via.Conditional.Logic.'operator'.Parameter HIGH" "wp-media-optimizer-webp No.known.fix Reflected.Cross-Site.Scripting.via.wpmowebp-css-resources.and.wpmowebp-js-resources.Parameters MEDIUM" "wp-all-import-pro 4.9.8 Cross-Site.Request.Forgery.to.Imported.Content.Deletion MEDIUM" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).PHP.Object.Injection.via.Import.File HIGH" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-all-import-pro 4.9.4 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.File.Import HIGH" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "wp-log-viewer No.known.fix Missing.Authorization MEDIUM" "wp-easy-toggles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-storymap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-storymap No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-login-attempt-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webflow-pages 1.1.0 Missing.Authorization MEDIUM" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "wp-google-analytics-events No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "wp-mail-catcher 2.1.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-bannerize-pro 1.11.1 Missing.Authorization MEDIUM" "wp-bannerize-pro 1.11.0 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "woo-update-variations-in-cart No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "woocustomizer No.known.fix Missing.Authorization MEDIUM" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photonav No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.photonav.Shortcode MEDIUM" "wc-cashapp 6.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-enable-webp No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-google-map-gold 5.8.5 Missing.Authorization MEDIUM" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "wp-user-frontend-pro 4.1.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-user-frontend-pro 4.1.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wp-colorbox 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-flot No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "wp-inventory-manager 2.3.5 Cross-Site.Request.Forgery MEDIUM" "wp-inventory-manager 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "wp-users-masquerade No.known.fix Authentication.Bypass HIGH" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "woc-order-alert 3.6.3 Unauthenticated.WooCommerce.REST.Permission.Bypass HIGH" "woc-order-alert 3.6.2 Missing.Authorization MEDIUM" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "woo-address-book 1.6.0 CSRF HIGH" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "woo-combo-offers 4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-contracts No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "wp-timelines 3.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-timelines 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-blocks-hub No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-smart-tool-tip No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-multi-step-checkout 2.34 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-simple-redirect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woorousell 1.1.1 Contributor+.Stored.XSS MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wp-bulletin-board No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-tarteaucitron-js-self-hosted No.known.fix Running.a.Vulnerable.Dependency MEDIUM" "woo-custom-cart-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-binary-mlm 2.1 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woo-binary-mlm 2.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-orders-ei No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "woocommerce-orders-ei No.known.fix Missing.Authorization MEDIUM" "wp-header-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "workscout-core 1.7.07 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "workscout-core 1.7.06 Reflected.Cross-Site.Scripting MEDIUM" "workscout-core 1.7.06 Cross-Site.Request.Forgery MEDIUM" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wordpress-logging-service No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-imagezoom No.known.fix Reflected.XSS HIGH" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.10.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Authenticated.(Contributor+).Local.File.Inclusion.via.'theme' HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Contributor+.Local.File.Inclusion HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "wp-meta-seo 4.5.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "wp-table-editor No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-table-editor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-realestate-manager No.known.fix Authentication.Bypass CRITICAL" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wc-purchase-orders 1.0.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wp-google-map No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-fastest-cache 1.4.1 Subscriber+.DB.Cleanup.Actions MEDIUM" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "woo-payrexx-gateway 3.1.6 Missing.Authorization MEDIUM" "wp-mailgun-smtp No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-mailgun-smtp No.known.fix Missing.Authorization MEDIUM" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-krpano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-simple-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-form-iii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-cookie-consent No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-news-magazine 1.2.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "wp-export-categories-taxonomies No.known.fix Missing.Authorization MEDIUM" "wp-post-author 3.8.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-author 3.8.2 Authenticated.(Administrator+).SQL.Injection HIGH" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wc-return-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-statistics 14.15.5 Unauthenticated.Stored.XSS.via.User-Agent.Header HIGH" "wp-statistics 14.15.2 Missing.Authorization MEDIUM" "wp-statistics 14.13.4 Subscriber+.Arbitrary.Plugin.Settings.Update MEDIUM" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wow-media-library-fix No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wc-product-table-lite 4.6.3 Unauthenticated.Time-Based.SQL.Injection.via.'search'.Parameter HIGH" "wc-product-table-lite 3.9.6 Missing.Authorization MEDIUM" "wc-product-table-lite 3.9.5 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.9.0 Missing.Authorization MEDIUM" "wc-product-table-lite 3.8.7 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woffice-core 5.4.31 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "woffice-core 5.4.31 Missing.Authorization MEDIUM" "woffice-core 5.4.27 Authenticated.(Contributor+).Arbitrary.File.Deletion MEDIUM" "woffice-core 5.4.22 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woffice-core 5.4.22 Cross-Site.Request.Forgery.to.User.Registration.Approval MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-slide-categorywise No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.4.2.3 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "wp-click-track No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-document-revisions 3.8.0 Missing.Authorization MEDIUM" "wp-nice-loader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-businessdirectory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-businessdirectory 3.1.5 Unauthenticated.SQL.Injection HIGH" "wp-businessdirectory 3.1.3 Reflected.Cross-Site.Scripting HIGH" "wp-businessdirectory 3.1.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "wp-file-get-contents No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5..Authenticated.SQL.Injection HIGH" "xmlrpc-attacks-blocker No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.'X-Forwarded-For' MEDIUM" "xili-dictionary No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xili-dictionary 2.12.5.1 Reflected.Cross-Site.Scripting MEDIUM" "xpro-theme-builder 1.2.10 Missing.Authorization MEDIUM" "xpro-theme-builder 1.2.8.5 Missing.Authorization MEDIUM" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "xola-bookings-for-tours-activities No.known.fix Missing.Authorization MEDIUM" "xm-backup No.known.fix Cross-Site.Request.Forgery MEDIUM" "xpro-elementor-addons-pro 1.4.10 Pro.<.1.4.10.-.Authenticated.(Contributor+).Remote.Code.Execution HIGH" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xo-security 1.5.3 XSS MEDIUM" "xpresslane-integration-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xml-multilanguage-sitemap-generator No.known.fix Missing.Authorization MEDIUM" "xv-random-quotes 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "xv-random-quotes 2.0.1 Unauthenticated.SQL.Injection HIGH" "xv-random-quotes No.known.fix Reflected.XSS HIGH" "xv-random-quotes No.known.fix Settings.Reset.via.CSRF MEDIUM" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xml-for-google-merchant-center 3.0.12 Reflected.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xisearch-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xili-language No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xili-language 2.21.3 Reflected.Cross-Site.Scripting MEDIUM" "xl-tab 1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "xl-tab 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpert-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xo-event-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'xo_event_field'.shortcode MEDIUM" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xpro-addons-beaver-builder-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xt-woo-ajax-add-to-cart 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "x-addons-elementor No.known.fix Missing.Authorization MEDIUM" "x-addons-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "x-addons-elementor 1.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Video.ID.Field MEDIUM" "x-addons-elementor 1.0.17 Contributor+.Stored.XSS MEDIUM" "xt-facebook-events 1.1.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "xmasb-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xc-woo-google-cloud-print No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "xcloner-backup-and-restore 4.8.3 Cross-Site.Request.Forgery.in.Xcloner_Remote_Storage:save() MEDIUM" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "xili-tidy-tags No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xili-tidy-tags No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.05 Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xlsx-viewer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "xpd-reduce-image-filesize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xelion-webchat 9.2.0 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "xelion-webchat 9.2.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xavins-review-ratings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xavins-list-subpages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xml-for-avito 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xo-liteslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xagio-seo 7.1.0.31 Unauthenticated.Privilege.Escalation CRITICAL" "xagio-seo 7.1.0.31 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "xagio-seo No.known.fix Missing.Authorization MEDIUM" "xagio-seo 7.1.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Unprotected.Back-Up.Files HIGH" "xagio-seo 7.1.0.17 Unauthenticated.Stored.Cross-Site.Scripting.via.'HTTP_REFERER' HIGH" "xagio-seo 7.0.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xshare No.known.fix Cross-Site.Request.Forgery.to.'rs_plugin_reset'.Parameter MEDIUM" "xtra-settings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Scroller.Widget.box.link MEDIUM" "xpro-elementor-addons 1.4.20 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "xpro-elementor-addons 1.4.20 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.11 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'Site.Title'.widget MEDIUM" "xpro-elementor-addons 1.4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.6.3 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "xpro-elementor-addons 1.4.6.6 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.6.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "yada-wiki 3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "yith-slider-for-page-builders No.known.fix Missing.Authorization MEDIUM" "yop-poll 6.5.39 Missing.Authorization MEDIUM" "yop-poll 6.5.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "yet-another-webclap-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "yith-woocommerce-quick-view 2.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.yith_quick_view.Shortcode MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "your-simple-svg-support 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "yogo-booking 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "ycyclista No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yt-cookie-nonsense No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yourplugins-wc-conditional-cart-notices No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-product-add-ons 4.14.2 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.13.1 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "yacp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "yoco-payment-gateway 3.9.1 Unauthenticated.Arbitrary.File.Read HIGH" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yslider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "youtube-embed 5.4 Admin+.Stored.XSS LOW" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "youtube-showcase 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "youtube-showcase 3.5.2 Unauthenticated.PHP.Object.Injection HIGH" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yet-another-related-posts-plugin 5.30.11 Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "ymc-smart-filter 3.2.1 Unauthenticated.SQL.Injection MEDIUM" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yaad-sarig-payment-gateway-for-wc No.known.fix Missing.Authorization MEDIUM" "yaad-sarig-payment-gateway-for-wc 2.2.5 Subscriber+.Log.Read/Deletion MEDIUM" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "yext No.known.fix Missing.Authorization MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yournewsapp No.known.fix Unauthenticated.SQL.Injection HIGH" "yournewsapp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "yawave No.known.fix Unauthenticated.SQL.Injection HIGH" "yotpo-social-reviews-for-woocommerce 1.7.10 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yahoo-boss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yayforms 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-search 2.8.1 Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "youtube-simple-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "ymc-states-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "yougler-blogger-profile-page No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "yr-activity-link 1.2.4 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "ycontributors No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yamaps 0.6.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Parameters MEDIUM" "yamaps 0.6.40 Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.41 Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.30 Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "yanewsflash No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yandex-pinger No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 5.0.26 Shop.Manager+.RCE.via.Feed.Generation HIGH" "yml-for-yandex-market 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yaymail 4.3.3 Missing.Authorization.to.Authenticated.(Shop.Manager+).License.Key.Deletion.via.'/yaymail-license/v1/license/delete'.Endpoint MEDIUM" "yaymail 4.3.3 Missing.Authorization.to.Authenticated.(Shop.Manager+).Plugin.Installation.and.Activation LOW" "yaymail 4.3.3 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting.via.Template.Elements MEDIUM" "yaymail 4.3.3 Shop.Manager+.Arbitrary.Options.Update HIGH" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "yeemail 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ydn-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "youneeq-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "yatra 2.1.15 Admin+.Stored.XSS LOW" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "youtube-feed-pro 2.6.1 Unauthenticated.Arbitrary.File.Read.via.Path.Traversal MEDIUM" "youram-youtube-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.instance.Parameter MEDIUM" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.49.1 Cross-Site.Request.Forgery MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-request-a-quote 2.46.1 Missing.Authorization MEDIUM" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yphplista No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yphplista No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yottie-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "youtube-simplegallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yummly-rich-recipes No.known.fix Cross-Site.Request.Forgery MEDIUM" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Cross-Site.Request.Forgery MEDIUM" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yds-support-ticket-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yaycurrency 3.3.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "yaycurrency 3.3.2 Admin+.Remote.Code.Execution MEDIUM" "yahoo-media-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yahoo-media-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yaysmtp 2.6.7 Admin+.SQL.Injection MEDIUM" "yaysmtp 2.6.5 Authenticated.(Administrator+).SQL.Injection MEDIUM" "yaysmtp 2.6.4 2.6.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "youzify No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery HIGH" "youzify 1.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.(save_addon_key_license) MEDIUM" "youzify 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "youzify 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Review.Deletion MEDIUM" "youzify 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.youzify_media.Shortcode MEDIUM" "youzify 1.3.1 Subscriber+.Arbitrary.Attachment.Deletion MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "years-since No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "youtube-video-player No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.ThickBox.JavaScript.Library MEDIUM" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.5 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "yayextra 1.5.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "yayextra 1.5.3 Missing.Authorization MEDIUM" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "yame-linkinbio No.known.fix Unauthenticated.Information.Exposure MEDIUM" "yaypricing 3.5.4 Missing.Authorization MEDIUM" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "yith-woocommerce-popup 1.48.1 Cross-Site.Request.Forgery MEDIUM" "ymm-search 1.0.12 Cross-Site.Request.Forgery MEDIUM" "yoo-bar 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yith-woocommerce-wishlist 4.13.0 Unauthenticated.Arbitrary.Wishlist.Renaming.via.IDOR MEDIUM" "yith-woocommerce-wishlist 4.10.1 Unauthenticated.Wishlist.Rename.via.IDOR MEDIUM" "yith-woocommerce-wishlist 4.10.1 Wishlist.Item.Deletion.via.Wishlist.Token.Disclosure MEDIUM" "yith-woocommerce-wishlist 4.6.0 Contributor+.Stored.XSS.via.id.Parameter MEDIUM" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "your-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs No.known.fix Shop.Manager+.PHP.Object.Injection MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "zalo-live-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "zemanta No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Attachment.Upload.and.Set.Post.Featured.Image MEDIUM" "zooom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zweb-social-mobile No.known.fix Social.Mobile.<=.1.0.0.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "zoloblocks 2.3.12 Missing.Authorization MEDIUM" "zoloblocks 2.3.12 Missing.Authorization.to.Unauthenticated.Popup.Enable/Disable MEDIUM" "zoloblocks 2.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoloblocks 2.3.12 Unauthenticated.Sever-Side.Request.Forgery HIGH" "zoloblocks 2.3.13 Contributor+.Stored.XSS MEDIUM" "zoloblocks 2.3.3 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "zalomeni No.known.fix Admin+.Stored.XSS LOW" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "zigaform-calculator-cost-estimation-form-builder-lite 7.6.7 Unauthenticated.Form.Submission.Data.Disclosure.in.rocket_front_payment_seesummary.AJAX.Endpoint MEDIUM" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zenphotopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zara-4 No.known.fix Missing.Authorization MEDIUM" "zita-site-library 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "zoho-subscriptions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-subscriptions 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ziggeo 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zephyr-modern-admin-theme 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "zarinpal-paid-downloads No.known.fix Reflected.XSS HIGH" "zarinpal-paid-downloads No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "zarinpal-paid-downloads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zt-captcha No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "zoom-image-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zikzag-core 1.4.6 Unauthenticated.Local.File.Inclusion HIGH" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "z-downloads 1.11.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "z-downloads 1.11.6 Unauthenticated.Stored.XSS HIGH" "z-downloads 1.11.7 Admin+.Stored.XSS.via.SVG.Upload LOW" "z-downloads 1.11.5 Admin+.Arbitrary.File.Upload MEDIUM" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zmseo No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zoho-flow 2.14.2 Cross-Site.Request.Forgery MEDIUM" "zoho-flow 2.14.2 Cross-Site.Request.Forgery MEDIUM" "zoho-flow 2.13.4 Missing.Authorization MEDIUM" "zoho-flow 2.8.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zm-gallery No.known.fix ZM.Gallery.1,0..Authenticated.Blind.SQL.Injection HIGH" "zip-attachments No.known.fix Missing.Authorization.to.Unauthenticated.Private.And.Password-Protected.Posts.Attachment.Disclosure MEDIUM" "zip-attachments No.known.fix Missing.Authorization.to.Limited.File.Deletion MEDIUM" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zotpress 7.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.'nickname' MEDIUM" "zotpress 7.3.13 Missing.Authorization MEDIUM" "zotpress 7.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL" "z-inventory-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "z-inventory-manager 3.1.7 Unauthenticated.PHP.Object.Injection CRITICAL" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "zoho-forms 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "zero-bs-crm 6.7.1 Unauthenticated.Local.File.Inclusion HIGH" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zero-bs-crm 4.2.4 Unauthorized.Invoice.Disclosure LOW" "zohocreator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH" "zarinpal-woocommerce-payment-gateway 5.0.17 Improper.Access.Control.to.Payment.Status.Update HIGH" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "zegen-core 2.0.2 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "zapier 1.5.3 Missing.Authorization MEDIUM" "zapier 1.5.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery.via.updated_user.Function MEDIUM" "zij-kart No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zalo-official-live-chat No.known.fix Cross-Site.Request.Forgery MEDIUM" "zartis-job-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "zip-code-based-content-protection 1.0.3 Unauthenticated.SQL.Injection.via.'zipcode'.Parameter HIGH" "zip-code-based-content-protection 1.0.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zenost-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Attributes MEDIUM" "zuppler-online-ordering No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "zombify 1.7.6 Authenticated.(Subscriber+).Path.Traversal.to.Arbitrary.File.Read MEDIUM" "ziplist-recipe-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "zielke-design-project-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zionbuilder 3.6.17 Contributor+.Stored.XSS MEDIUM" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "zox-news 3.17.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Modification HIGH" "z-companion 1.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "z-companion 1.1.0 Missing.Authorization MEDIUM" "zd-scribd-ipaper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.204 Authenticated.(Custom+).Arbitrary.File.Read.And.Server-Side.Request.Forgery MEDIUM" "zephyr-project-manager 3.3.203 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.202 Missing.Authorization MEDIUM" "zephyr-project-manager 3.3.201 Missing.Authorization MEDIUM" "zephyr-project-manager 3.3.102 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zigaform-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zhina-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "znajdz-prace-z-pracapl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoorum-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zoho-crm-forms No.known.fix Missing.Authorization MEDIUM" "zoho-crm-forms 1.7.9.8 Contributor+.SQL.Injection MEDIUM" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zx-csv-upload No.known.fix ZX_CSV.Upload.1..Authenticated.SQL.Injection HIGH" "zstore-manager-basic No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Cache.Clearing MEDIUM" "zen-social-sticky No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zajax-ajax-navigation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM")
pp "Plugin: Version"
rplugins=(`grep -oP ".*/wp-content/plugins/\K[a-zA-Z0-9-_.]+" $file | sort -u`)
d=true; [[ ! ${rplugins[@]} ]] && d=false || d=true
z=0; if [[ ${rplugins[@]} =~ "wp-statistics" ]]; then rplugins=(${rplugins[@]/wp-statistics}); v=$(grep -oP '^<\!-- Analytics by [a-zA-Z ]+\K[\d.]+' $file); sap wp-statistics; fi; if [[ ${rplugins[@]} =~ "google-analytics-for-wordpress" ]]; then rplugins=(${rplugins[@]/google-analytics-for-wordpress}); v=$(grep -oP "Google Analytics[a-zA-Z ]+\K[\d.]+" $file); sap google-analytics; fi; if [[ $(grep -i "wp-super-cache" $file) ]]; then ((z++)); rg wp-super-cache readme.txt; sap wp-super; fi; if [[ $(grep -i "w3-total-cache" $file) ]]; then ((z++)); rplugins=(${rplugins[@]/w3-total-cache}); rg w3-total-cache readme.txt; sap w3-total; fi; if [[ ${rplugins[@]} =~ "svg-support" ]]; then rplugins=(${rplugins[@]/svg-support}); rg svg-support readme.txt; sap svg-support; fi; if [[ ${rplugins[@]} =~ "pixelyoursite" ]]; then rplugins=(${rplugins[@]/pixelyoursite}); v=$(grep -m1 -oP "PixelYourSite.*[a-zA-Z ]+\K[\d.]+" $file); sap pixelyoursite; fi
len=$(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | wc -l); tplugins=$(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tr '[:upper:]' '[:lower:]'); for ((c=0; c<${#rplugins[@]}; c++)); do [[ ${tplugins[@],,} =~ ^${rplugins[c],,}$ ]] && rplugins=(${rplugins[@]/${rplugins[c]}}); done; for ((c=0; c<$len; c++)); do if [[ `echo -n $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]')` == "slider revolution" ]]; then rplugins=(${rplugins[@]/revslider}); v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap revslider; elif [[ `echo -n $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]')` == "all in one seo (aioseo)" ]]; then v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap all-in-one-seo-pack; else v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]'); fi; done
if ! "$d" && [[ z -eq 0 ]]; then [[ ! ${tplugins[@]} ]] && { cg_color bbg "No plugins detected"; return 1; }; fi
links=($(len=${#rplugins[@]}; for ((c=0; c<$len; c++)); do if [[ $tplugins =~ ${rplugins[c]} ]]; then continue; elif [[ $(grep -oP "<(script|link).*/wp-content/plugins/${rplugins[c]}/.*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+" | sort -u | wc -l) == 1 ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/[a-zA-Z-_/.?]+=([\d]+\.[\d.]+|[\d]+)" $file; continue; fi; k=0; vz=(`grep -oP "<script.*/wp-content/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+"`); l=${#vz[@]}; for ((i=0; i<$l-1; i++)); do if [[ ${vz[i]} == ${vz[i+1]} ]]; then ((k++)); fi; done; if [[ $k == $(($l-1)) ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=${vz[0]}" $file && continue; elif [[ $k > 0 && $k > $(($(($l-1))/2)) ]]; then y=$(grep -oP "^<script.*/wp-content/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+|[\d]+)" $file | sort | uniq -cd | sort | tail -n 1 | cut -d " " -f8); grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/wp-content/plugins/${rplugins[c]}/.*ver=$y" $file; continue; fi; grep -m1 -oP "<script.*src=.*/wp-content/plugins/${rplugins[c]}/.*id='${rplugins[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || grep -m1 -oP "<script.*src=.*/wp-content/plugins/${rplugins[c]}/.*id=\"${rplugins[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || if [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/plugins/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/plugins/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; fi; done))
i=0; len=${#rplugins[@]}; for ((c=0; c<$len; c++)); do [[ $tplugins =~ ${rplugins[c]} ]] && continue; if [[ ${links[i]} =~ ${rplugins[c]} ]]; then if [[ ! $wp_version ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sap ${rplugins[c]}; ((i++)); continue; fi; if [[ ! ${links[i]} =~ $wp_version ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sap ${rplugins[c]}; ((i++)); continue; else v=$(curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt $url/wp-content/plugins/${rplugins[c]}/README.txt $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); if [[ $v ]]; then sap ${rplugins[c]}; ((i++)); continue; else echo "${rplugins[c]}: Version not detected"; ((i++)); continue; fi; fi; else echo "${rplugins[c]}: Version not detected"; fi; done
pp "Vulnerabilities"
if [[ ${flagz[@]} ]]; then for ((c=0; c<${#flagz[@]}; c++)); do hh=(${vulns_plugins[${flagz[c]}]}); cg_color olbb "(${hh[0]}) "; echo -n ${hh[2]} | tr "." " "; if [[ ${hh[3]} == "CRITICAL" ]]; then cg_color bbr " [${hh[3]}]"; elif [[ ${hh[3]} == "HIGH" ]]; then cg_color bhr " [${hh[3]}]"; elif [[ ${hh[3]} == "MEDIUM" ]]; then cg_color bby " [${hh[3]}]"; elif [[ ${hh[3]} == "LOW" ]]; then cg_color bbp " [${hh[3]}]"; fi; done; else cg_color bbg "No vulnerabilities detected"; fi
}
themes(){
flagz=()
releases_themes=()
vulns_themes=("5star No.known.fix CSRF.File.Upload HIGH" "15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "astra 4.12.4 Contributor+.Stored.XSS.via.Post.Meta MEDIUM" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "athos No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "art-theme 3.12.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Option.Delete MEDIUM" "arkhe No.known.fix Local.File.Inclusion.via.CSRF HIGH" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anfaust No.known.fix Reflected.XSS HIGH" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "acerola No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "acerola No.known.fix Missing.Authorization MEDIUM" "aardvark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anon2x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "architecturer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alchemists No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "aapna No.known.fix Reflected.XSS HIGH" "apollo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "accio 1.1.1 Information.Disclosure HIGH" "aurum-minimalist-shopping-theme 4.0.3 WordPress.&.WooCommerce.Shopping.Theme.<.4.0.3.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Content.Import MEDIUM" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amely 3.2.0 Unauthenticated.SQL.Injection HIGH" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "adforest 6.0.13 Authentication.Bypass HIGH" "adforest 6.0.12 Unauthenticated.Local.File.Inclusion HIGH" "adforest 6.0.12 Missing.Authorization MEDIUM" "adforest 6.0.10 Authentication.Bypass CRITICAL" "adforest 5.1.9 Authentication.Bypass CRITICAL" "adforest 5.1.8 Classified.Ads.WordPress.Theme.<.5.1.8.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post/Attachment.Deletion MEDIUM" "adforest 5.1.7 Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "adforest 5.1.7 Authentication.Bypass CRITICAL" "artrium No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "anubis No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "alone No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "alone 7.8.7 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "alone 7.8.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload.via.Plugin.Installation CRITICAL" "alone 7.8.5 Unauthenticated.Remote.Code.Execution CRITICAL" "aihub No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).All.Plugins.Deactivated MEDIUM" "aihub 1.3.8 Unauthenticated.Arbitrary.File.Upload.in.generate_image CRITICAL" "aihub 1.3.8 Startup.&.Technology.WordPress.Theme.<.1.3.8.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "ashley 1.8.0 Unauthenticated.Local.File.Inclusion CRITICAL" "aora No.known.fix Home.&.Lifestyle.Elementor.WooCommerce.Theme.<=.1.3.15.-.Unauthenticated.Local.File.Inclusion HIGH" "aora No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "aora 1.3.10 Unauthenticated.Local.File.Inclusion CRITICAL" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "amuli No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "asia-garden No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "alloggio No.known.fix Hotel.Booking.<=.1.8.-.Unauthenticated.Local.File.Inclusion HIGH" "amoli No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "alliance No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "aviana No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "athens No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "avventure No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "academist 1.3 Unauthenticated.Local.File.Inclusion HIGH" "aports No.known.fix Reflected.XSS HIGH" "au-pair-agency No.known.fix Babysitting.&.Nanny.Theme.<=.1.2.2.-.Unauthenticated.PHP.Object.Injection CRITICAL" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "askka No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "alright No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "archub No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).All.Plugins.Deactivated MEDIUM" "atlas No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "anarkali No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "avantage 2.5.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ashe 2.244 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "auto-repair No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-mart No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "amwerk 1.3.0 Unauthenticated.PHP.Object.Injection HIGH" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anand No.known.fix Reflected.XSS HIGH" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anona No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "anona No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "anona No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "arrival No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "aeroland No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "algenix No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "agrofood 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "almera 1.1.8 Information.Disclosure HIGH" "anywhere-elementor-pro No.known.fix Missing.Authorization MEDIUM" "amfissa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "andersonclinic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "assembly No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "aqualots No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "arlo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "arlo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "anima 1.4.1.1 Contributor+.Stored.XSS MEDIUM" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aldo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "appzend 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.progressbarLayout.Parameter MEDIUM" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "antioch No.known.fix Arbitrary.File.Download HIGH" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "agricola No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-staple No.known.fix Authenticated.(Subscriber+).Arbitrary.Plugin.Activation.and.Deactivation HIGH" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auramart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "airin-blog 1.6.3 Unauthenticated.PHP.Object.Injection HIGH" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "automotive 13.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action.Fields MEDIUM" "atlast-business No.known.fix Reflected.XSS HIGH" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "axioma 1.1.2 Information.Disclosure HIGH" "aromatica No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "altair No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "altair 5.2.5 Unauthenticated.Arbitrary.Options.Update.via.pp_import_current CRITICAL" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addison 1.4.8 Unauthenticated.PHP.Object.Injection HIGH" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "autoparts No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "angel No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "arcane No.known.fix Missing.Authorization MEDIUM" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anih No.known.fix Creative.Agency.WordPress.Theme.<=.2024.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bicycleshop 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "belfort No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "bodycenter No.known.fix Gym,.Fitness.WooCommerce.WordPress.Theme.<=.2.4.-.Unauthenticated.Local.File.Inclusion CRITICAL" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "biagiotti 3.5.2 Unauthenticated.Local.File.Inclusion HIGH" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "big-store 2.0.9 Missing.Authorization MEDIUM" "buzzstone No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "beautique No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "bloggie No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "bloggie No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "bravada 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bonbon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "buddyapp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "butcher 2.54 Reflected.Cross-Site.Scripting MEDIUM" "butcher No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "brook No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "bw-craftxtore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "bootstrap-ultimate No.known.fix Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "bw-giftxtore 1.7.6 Unauthenticated.Local.File.Inclusion CRITICAL" "berger No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "bardwp 1.7 Cross-Site.Request.Forgery MEDIUM" "blogmine 1.1.8 Unauthenticated.Local.File.Inclusion HIGH" "blessing 1.3.2.1 Information.Disclosure HIGH" "brooklyn 4.9.9.3 Authenticated.(Subscriber+).PHP.Object.Injection.in.ot_decode HIGH" "brooklyn No.known.fix PHP.Object.Injection HIGH" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "billey 2.1.6 Unauthenticated.Local.File.Inclusion HIGH" "bellevuex No.known.fix Missing.Authorization MEDIUM" "blogzee No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "builty 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "brookside No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bailly No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "buisson No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "boliin No.known.fix Reflected.XSS HIGH" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bazinga No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "business-pro No.known.fix Reflected.XSS HIGH" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "belletrist No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bricks 1.12.5 Unauthenticated.SQL.Injection.via.'p'.Parameter HIGH" "bricks 2.0 Unauthenticated.SQL.Injection.via.'p'.Parameter HIGH" "bricks 1.9.7 Authenticated.(Contributor+).Privilege.Escalation.via.create_autosave HIGH" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bw-petito 1.6.5 Unauthenticated.Local.File.Inclusion CRITICAL" "bugspatrol No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "bw-fitrush No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "bard No.known.fix Missing.Authorization MEDIUM" "bard 2.217 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "bw-zagg No.known.fix Electronics.&.Accessories.WooCommerce.WordPress.Theme.<=.1.4.1.-.Unauthenticated.Local.File.Inclusion HIGH" "build No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brandy 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "barberry No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "business-roy No.known.fix Missing.Authorization MEDIUM" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "blogvy 1.0.8 Unauthenticated.Local.File.Inclusion HIGH" "barter 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogmatic 1.0.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "buyent No.known.fix Unauthenticated.Privilege.Escalation.via.User.Registration CRITICAL" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "boot-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bajaar No.known.fix Highly.Customizable.WooCommerce.WordPress.<=.2.1.0.-.Unauthenticated.Local.File.Inclusion HIGH" "beacon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "blogistic No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "beelove No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "bw-zenny No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "bw-printxtore 1.7.7 Unauthenticated.Local.File.Inclusion HIGH" "blogbyte 1.1.2 Unauthenticated.Local.File.Inclusion HIGH" "buzzclub 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update MEDIUM" "blabber No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "blanka-wp 1.5 One.Page.WordPress.<.1.5.-.Unauthenticated.Local.File.Inclusion HIGH" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "basil No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bimber No.known.fix Viral.Magazine.WordPress.Theme.<=.9.2.5.-.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogprise 1.0.10 Unauthenticated.Local.File.Inclusion HIGH" "bassein No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "basel 5.9.2 Missing.Authorization HIGH" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brain-power No.known.fix Reflected.XSS HIGH" "bookory 2.2.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "blogmarks No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "businext 2.4.4 Unauthenticated.Local.File.Inclusion HIGH" "bfres No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "blogty 1.0.12 Unauthenticated.Local.File.Inclusion HIGH" "backpacktraveler No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "backpacktraveler 2.10.3 Unauthenticated.Local.File.Inclusion CRITICAL" "butterbelly No.known.fix Unauthenticated.Information.Exposure MEDIUM" "beauty No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.tpl_featured_cat_id.Parameter MEDIUM" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogger-buzz 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocksy 2.1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'blocksy_meta'.Fields MEDIUM" "blocksy 2.1.7 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.98 Missing.Authorization LOW" "blocksy 2.0.78 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "besa 2.3.16 Unauthenticated.Local.File.Inclusion HIGH" "besa 2.3.16 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "besa 2.3.10 Unauthenticated.Local.File.Inclusion CRITICAL" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bulk No.known.fix Missing.Authorization MEDIUM" "betheme 28.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'page_title' MEDIUM" "betheme 28.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betheme 28.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betheme 28.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betheme 27.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme 27.5.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "bunnypresslite 2.1 Reflected.XSS HIGH" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "bbe 1.53 Direct.Object.Reference MEDIUM" "car-repair-services No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "create 2.9.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cloudme No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "curly 3.3 Unauthenticated.Local.File.Inclusion HIGH" "curly No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "constructo No.known.fix Cross-Site.Request.Forgery MEDIUM" "consultaid No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "classified-pro 1.0.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "casamia No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "cartify No.known.fix WooCommerce.Gutenberg.WordPress.<=.1.3.-.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "cloriato-lite No.known.fix Unauthenticated.Information.Exposure MEDIUM" "chinchilla No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "codiqa 1.2.8 Unauthenticated.PHP.Object.Injection HIGH" "compass No.known.fix Unauthenticated.Information.Exposure MEDIUM" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "constructor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Clean MEDIUM" "constructor No.known.fix Missing.Authorization MEDIUM" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "crafts-and-arts No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "crown-art No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "cars4rent No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "coinpress No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "catwalk No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "cas No.known.fix Unauthenticated.SSRF HIGH" "course-builder 3.6.6 Online.Course.WordPress.Theme.<.3.6.6.-.Unauthenticated.PHP.Object.Injection CRITICAL" "conult No.known.fix Reflected.XSS HIGH" "ciyashop No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "ciyashop 4.19.1 Multipurpose.WooCommerce.Theme.<.4.19.1.-.Unauthenticated.PHP.Object.Injection CRITICAL" "college 1.5.1 Reflected.XSS HIGH" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cortex No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "classiera 4.0.35 Unauthenticated.SQL.Injection HIGH" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "cream-magazine No.known.fix Missing.Authorization MEDIUM" "claue No.known.fix Clean,.Minimal.Elementor.WooCommerce.<=.2.2.7.-.Reflected.Cross-Site.Scripting MEDIUM" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "coleo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "calafate 1.7.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consultor No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "click-mag 3.7.0 Viral.WordPress.News.Magazine/Blog.Theme.<.3.7.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "caliris-wp 1.6 Unauthenticated.Local.File.Inclusion HIGH" "convex No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "connections-reloaded No.known.fix Reflected.XSS HIGH" "couponxxl No.known.fix Cross-Site.Request.Forgery MEDIUM" "couponxxl No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "couponxxl 3.1.0 Unauthenticated.PHP.Object.Injection CRITICAL" "charety 2.0.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "construction-light 1.6.8 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "construction-light No.known.fix Missing.Authorization MEDIUM" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "carspot 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "carspot 2.4.4 Unauthenticated.Arbitrary.Password.Reset/Account.Takeover CRITICAL" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "campress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "catch-base 3.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "catamaran No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "carzone No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "cena 2.11.27 Unauthenticated.Local.File.Inclusion HIGH" "citygov No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "civi No.known.fix Authentication.Bypass.via.Password.Update CRITICAL" "civi No.known.fix Authentication.Bypass.via.Non-Randomized.Password.for.SSO.Accounts MEDIUM" "civi No.known.fix Sensitive.Information.Exposure HIGH" "cookandmeal 1.2.4 Unauthenticated.Local.File.Inclusion HIGH" "childhope No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "carzine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "charity-is-hope No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "christine-miller No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "cerebrum No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "critique No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "consulting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "consulting 6.7.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cww-portfolio No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "celeste No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "capie 1.0.53.1 Unauthenticated.Local.File.Inclusion CRITICAL" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "cozystay 1.9.1 Unauthenticated.Local.File.Inclusion HIGH" "cozystay 1.7.1 Unauthenticated.Local.File.Inclusion CRITICAL" "cozystay 1.7.1 Unauthenticated.PHP.Object.Injection CRITICAL" "cozystay 1.7.1 Missing.Authorization.to.Arbitrary.Action.Execution.in.ajax_handler HIGH" "cozystay 1.7.1 Unauthenticated.PHP.Object.Injection.in.ajax_handler CRITICAL" "customify-theme No.known.fix Missing.Authorization MEDIUM" "city-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "churel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colormag 4.0.20 Missing.Authorization.to.Authenticated.(Subscriber+).ThemeGrill.Demo.Importer.Plugin.Installation MEDIUM" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "consultstreet No.known.fix Missing.Authorization MEDIUM" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "constix No.known.fix Reflected.XSS HIGH" "context-blog 1.2.6 Unauthenticated.Private.Post.Disclosure MEDIUM" "cardealer 1.6.7 Unauthenticated.PHP.Object.Injection CRITICAL" "cardealer 1.6.5 Arbitrary.Theme.Option.Update.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "cardealer 1.6.5 Missing.Authorization.to.Authenticated.(Subscriber+).Change.and.Delete.JS.and.CSS.Files MEDIUM" "cardealer 1.6.5 Cross-Site.Request.Forgery.to.User.Update.via.update_user_profile HIGH" "cardealer 1.6.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion.and.Read HIGH" "cardealer 1.1.9 Information.Disclosure HIGH" "cinerama No.known.fix A.WordPress.Theme.for.Movie.Studios.and.Filmmakers.<=.2.4.-.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "capella No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chronicle No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "couponxl No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "colorway No.known.fix Unauthenticated.Information.Exposure MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "craftcoffee 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "customify 0.4.12 Cross-Site.Request.Forgery MEDIUM" "confix No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "cocco No.known.fix Kids.Store.and.Baby.Shop.WordPress.Theme.<=.1.5.1.-.Unauthenticated.Local.File.Inclusion HIGH" "cocco No.known.fix Authenticated.(Subscriber+).Authenticated.Insecure.Direct.Object.Reference MEDIUM" "clean-retina 3.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "classter No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "conquerors No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "clanora 1.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chroma No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "celestial-aura No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "craftis No.known.fix Handcraft.&.Artisan.Elementor.Template.Kit.<=.1.2.8.-.Unauthenticated.Local.File.Inclusion HIGH" "coworking No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "corpkit 2.0.1 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "corpkit 2.0.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "cobble No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "cookiteer No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "design-comuni-wordpress-theme 1.1.2 Unauthenticated.Stored.XSS HIGH" "depot No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "diveit No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "diamond No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "doctreat 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "doctreat 1.6.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "dotlife 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "dor 2.4.1 Unauthenticated.Local.File.Inclusion CRITICAL" "dj-rainflow No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "digitally No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "diza 1.3.16 Unauthenticated.Local.File.Inclusion HIGH" "diza 1.3.16 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "diza 1.3.11 Unauthenticated.Local.File.Inclusion HIGH" "diza 1.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "dermatology-clinic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "deepdigital No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "deepdigital No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "drop 1.22 Reflected.XSS HIGH" "dash No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dwt-listing 3.3.7 Unauthenticated.Arbitrary.User.Password.Reset CRITICAL" "dwt-listing 3.3.5 Directory.&.Listing.WordPress.Theme.<=3.3.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dwt-listing 3.3.4 Directory.&.Listing.WordPress.Theme.<.3.3.4.-.Reflected.Cross-Site.Scripting MEDIUM" "dixon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "detailx No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "druco 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "doccure 1.5.1 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "doccure No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "doccure 1.5.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "dreamer-blog No.known.fix Subscriber+.Arbitrary.Plugin.Installation HIGH" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "dsk 2.4 Unauthenticated.Local.File.Inclusion CRITICAL" "digi-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dzonia-lite No.known.fix Unauthenticated.Information.Exposure MEDIUM" "directory 3.0.2 Reflected.XSS HIGH" "dolcino No.known.fix Pastry.and.Cake.Shop.WordPress.Theme.<=.1.6.-.Unauthenticated.Local.File.Inclusion HIGH" "dolcino No.known.fix Authenticated.(subscriber+).Insecure.Direct.Object.Reference MEDIUM" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "dt-the7 12.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'the7_fancy_title_css' MEDIUM" "dt-the7 12.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dt-the7 12.8.1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "dt-the7 12.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.and.data-dt-img-description.Attributes MEDIUM" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "dental No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "digiqole 2.2.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "donpeppe No.known.fix Pizza.and.Fast.Food.WordPress.Theme.<=.1.3.-.Unauthenticated.Local.File.Inclusion HIGH" "donpeppe No.known.fix Missing.Authorization MEDIUM" "dekoro No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "denticare 1.4.3 Unauthenticated.PHP.Object.Injection HIGH" "delicate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "dronex No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "drone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dwell No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "daiquiri No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "domnoo 1.52.1 Unauthenticated.Local.File.Inclusion HIGH" "darcie 1.1.6 Reflected.XSS HIGH" "disconnected No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "deston No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "dentario No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "drift No.known.fix Authenticated..(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title MEDIUM" "dr-patterson No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "diplomat 1.0.3 Information.Disclosure HIGH" "dricub-driving-school No.known.fix Missing.Authorization MEDIUM" "dricub-driving-school No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "dessau 1.9 Unauthenticated.Local.File.Inclusion CRITICAL" "dentalux No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "elessi-theme 6.4.1 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "elessi-theme 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "estrutura-basica No.known.fix Local.File.Download. HIGH" "extra 4.27.2 Contributor+.Stored.XSS MEDIUM" "educenter 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enzio 1.2.6 Responsive.Business.WordPress.Theme.<.1.2.6.-.Unauthenticated.Local.File.Inclusion CRITICAL" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "edge-decor No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "everest-news No.known.fix Reflected.XSS HIGH" "etta No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "eduma 5.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eduma 5.7.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "eduma 5.6.5 Missing.Authorization MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "epic No.known.fix Arbitrary.File.Download HIGH" "entrada No.known.fix Cross-Site.Request.Forgery MEDIUM" "entrada No.known.fix Unauthenticated.SQL.Injection HIGH" "extremestore No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "ekoterra No.known.fix NonProfit.&.Ecology.Theme.<=.1.0.0.-.Unauthenticated.Local.File.Inclusion HIGH" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eximius No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "energox 1.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "energia No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "education 3.6.11 PHP.Object.Injection CRITICAL" "emberlyn No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "eject No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "evently No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enzy 1.6.4 Reflected.Cross-Site.Scripting MEDIUM" "electroserv No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "estate No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "exhibz 3.0.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "edifice No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "emojination No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "equestrian-centre No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "eona No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "emaurri No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ecogrow No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "enfold No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enfold 7.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enfold 7.0 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.attachment_id MEDIUM" "enfold 7.0 Missing.Authorization.to.Sensitive.Information.Disclosure.in.avia-export-class.php MEDIUM" "enfold 6.0.4 Contributor+.Stored.XSS.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "eximious-magazine No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "eldon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "esotera 1.2.6 Contributor+.Stored.XSS MEDIUM" "exertio 1.3.3 Unauthenticated.PHP.Object.Injection HIGH" "echo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "ekommart 4.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "electron No.known.fix Missing.Authorization MEDIUM" "easyeat No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "electrician No.known.fix Electrical.Service.WordPress.<=.1.0.-.Reflected.Cross-Site.Scripting MEDIUM" "everest-news-pro No.known.fix Reflected.XSS HIGH" "eco-nature 2.1.0 Environment.&.Ecology.WordPress.Theme.<.2.1.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "exzo No.known.fix Missing.Authorization MEDIUM" "equadio No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "empowerment No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "etchy No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "edumall No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "edumall 4.4.5 Unauthenticated.Local.File.Inclusion HIGH" "edumall 4.3.0 Unauthenticated.Local.File.Inclusion HIGH" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "envo-multipurpose No.known.fix Missing.Authorization LOW" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "exit-game No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "edmin No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "edmin No.known.fix Reflected.Cross-Site.Scripting HIGH" "edmin No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "education-lms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ecoblue No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fitflex No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "freightco No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "flatnews 6.2 Reflected.Cross-Site.Scripting MEDIUM" "foton 2.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "flixita 1.0.83 Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "freeagent No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "frappe No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fabric No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "forumengine 1.9 Reflected.Cross-Site.Scripting MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "fwdevp No.known.fix Unauthenticated.Arbitrary.File.Download MEDIUM" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "fribbo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fabrica No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "felizia No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "fioxen No.known.fix Reflected.XSS HIGH" "fooddy No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "full-frame 2.7.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "fiorello No.known.fix Florist.and.Flower.Shop.WordPress.Theme.<=.1.0.-.Unauthenticated.Local.File.Inclusion HIGH" "fiorello No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "fitness-park No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "findgo 1.3.58 Cross-Site.Request.Forgery MEDIUM" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "fingo 1.3.60.1 Cross-Site.Request.Forgery MEDIUM" "foodbook 4.7.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "fashion2 5.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "faith-hope No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "freshio No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fluer No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "fivestar No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fivestar No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "flozen-theme 1.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "fluida 1.8.8.1 Contributor+.Stored.XSS MEDIUM" "frame No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fashionable-store No.known.fix Reflected.XSS HIGH" "fude No.known.fix Reflected.XSS HIGH" "fish-house No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "findall No.known.fix Business.Directory.WordPress.Theme.<=.1.4.-.Unauthenticated.Local.File.Inclusion HIGH" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "famita 1.55.1 Unauthenticated.Local.File.Inclusion HIGH" "flashy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "folo No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "folo No.known.fix Reflected.Cross-Site.Scripting HIGH" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "fitness-fse No.known.fix Missing.Authorization MEDIUM" "flap No.known.fix Business.WordPress.Theme.<=.1.5.-.Unauthenticated.PHP.Object.Injection CRITICAL" "festy No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "femme No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fitline No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "frames No.known.fix Missing.Authorization MEDIUM" "fleur No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "foodie No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "fullbase 1.2.1 Reflected.XSS HIGH" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "finance No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "freely No.known.fix Information.Disclosure HIGH" "felan-framework 1.1.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Activation/Deactivation.via.process_plugin_actions MEDIUM" "felan-framework 1.1.5 Hardcoded.Credentials HIGH" "farmagrico No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "flex-mag 3.6.0 Responsive.WordPress.News.Theme.<.3.6.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "filmax No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fixteam No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "fana 1.1.36 Unauthenticated.Local.File.Inclusion HIGH" "fana 1.1.36 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fana 1.1.29 Unauthenticated.Local.File.Inclusion CRITICAL" "goldenblatt 1.3.0 Unauthenticated.PHP.Object.Injection HIGH" "goza-theme 3.2.3 Nonprofit.Charity.WordPress.Theme.<.3.2.3.-.Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload.via.Plugin.Installation CRITICAL" "goza-theme 3.2.3 Nonprofit.Charity.WordPress.Theme.<.3.2.3.-.Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "gioia No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "genemy No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "grandblog 3.1.5 Unauthenticated.Server-Side.Request.Forgery HIGH" "gable No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "greenthumb No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "glossy-blog No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "grandnews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "green-planet No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "goodenergy No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "glamchic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gardis No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grandtour 5.6.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "grandtour No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "good-homes No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "greenorganic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "gostore 1.6.4 Reflected.Cross-Site.Scripting MEDIUM" "greeny No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "gauge No.known.fix Missing.Authorization MEDIUM" "gridiron No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "great-lotus No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "grandprix 1.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "greenify 2.3 Unauthenticated.Local.File.Inclusion HIGH" "grip No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "gravel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gustavo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "globallogistics No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "guff No.known.fix Missing.Authorization MEDIUM" "good-mood No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "gowilds No.known.fix Reflected.XSS HIGH" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "grillandchow 1.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glamer No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "golo No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "golo 1.7.5 Missing.Authorization MEDIUM" "golo 1.7.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "golo 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "golo 1.7.1 Authentication.Bypass.to.Account.Takeover CRITICAL" "golo 1.6.11 Directory.&.Listing,.Travel.WordPress.Theme.<.1.6.11.-.Missing.Authorization.to.Privilege.Escalation.via.Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gameplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gaspard No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "gotravel No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "grevo 2.5 Unauthenticated.Local.File.Inclusion HIGH" "gamezone No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "gracioza No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "gecko No.known.fix Responsive.Shopify.Theme.-.RTL.support.<=.1.9.8.-.Reflected.Cross-Site.Scripting MEDIUM" "gecko No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "genesis 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "grandmagazine 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "grace-mag No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "greenmart No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "greenmart 4.2.4 Unauthenticated.Local.File.Inclusion CRITICAL" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "grandspa 3.5.6 Reflected.Cross-Site.Scripting MEDIUM" "grit No.known.fix Life.Coach.&.Business.Coaching.WordPress.Theme.<=.1.0.1.-.Unauthenticated.Local.File.Inclusion HIGH" "grandconference 5.3.5 Reflected.Cross-Site.Scripting MEDIUM" "greenville No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grandrestaurant 7.0.11 Unauthenticated.PHP.Object.Injection HIGH" "grandrestaurant 7.0.9 Reflected.Cross-Site.Scripting MEDIUM" "grandrestaurant No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "grandrestaurant No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Deletion HIGH" "grandrestaurant No.known.fix Unauthenticated.PHP.Object.Injection.via.Path.Traversal CRITICAL" "grandrestaurant No.known.fix Cross-Site.Request.Forgery MEDIUM" "grandrestaurant No.known.fix Missing.Authorization MEDIUM" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "giardino No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ghostwriter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grandwedding No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "healsoul 2.2.4 Unauthenticated.Local.File.Inclusion CRITICAL" "homelancer 1.0.2 Missing.Authorization MEDIUM" "handyman-services No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "homeroofer 2.12.0 Unauthenticated.Local.File.Inclusion HIGH" "hendon 1.7 Unauthenticated.Local.File.Inclusion HIGH" "hmd 2.2 Reflected.Cross-Site.Scripting MEDIUM" "holmes No.known.fix Digital.Agency.WordPress.Theme.<=.1.7.-.Unauthenticated.Local.File.Inclusion HIGH" "holmes No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "hydro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "happy-baby No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "hyori No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hara 1.2.18 Unauthenticated.Local.File.Inclusion HIGH" "hara 1.2.18 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "hara 1.2.11 Unauthenticated.Local.File.Inclusion CRITICAL" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "healthfirst No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hotstar No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "hotstar No.known.fix Missing.Authorization MEDIUM" "harper No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hoverex No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hester No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hillter No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "hello-fse No.known.fix Missing.Authorization MEDIUM" "healthhub No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hostiko 94.3.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "hostiko 30.1 Hosting.WordPress.&.WHMCS.Theme.<.30.1.-.Reflected.Cross-Site.Scripting MEDIUM" "hostiko 30.1 Hosting.WordPress.&.WHMCS.Theme.<.30.1.-.Unauthenticated.Local.File.Inclusion HIGH" "heartstar No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "honor No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "home-services No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "homevillas-real-estate No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "humanum No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hostmev2 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "heart No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hanani No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "hypnotherapy No.known.fix Psychologist.Theme.<=.1.2.10.-.Unauthenticated.Local.File.Inclusion HIGH" "histudy 3.1.0 Online.Courses.&.Education.Template.<.3.1.0.-.Unauthenticated.SQL.Injection HIGH" "hobo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hoteller 6.8.9 Reflected.Cross-Site.Scripting MEDIUM" "helion No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "homey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "homey No.known.fix Unauthenticated.SQL.Injection HIGH" "homey 2.4.5 Booking.and.Rentals.WordPress.Theme.<.2.4.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Reservation.&.Post.Deletion MEDIUM" "homey 2.4.5 Booking.and.Rentals.WordPress.Theme.<.2.4.5.-.Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "homey 2.4.4 Limited.Authentication.Bypass HIGH" "homey 2.4.4 Cross-Site.Request.Forgery.to.User.Verification MEDIUM" "homey 2.4.3 Unauthenticated.Privilege.Escalation.in.homey_save_profile CRITICAL" "homey No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "horizon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hestia 3.2.11 Missing.Authorization MEDIUM" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hygia No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "houzez 4.1.7 Authenticated.(Subscriber+).PHP.Object.Injection.via.Saved.Search MEDIUM" "houzez 4.1.7 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "houzez 4.2.0 Unauthenticated.Local.File.Inclusion HIGH" "houzez 4.1.4 Reflected.Cross-Site.Scripting MEDIUM" "houzez 4.1.4 Unauthenticated.Local.File.Inclusion HIGH" "houzez 4.1.4 Missing.Authorization MEDIUM" "houzez 4.1.1 Missing.Authorization MEDIUM" "houzez No.known.fix Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "houzez 4.0.8 Unauthenticated.Local.File.Inclusion HIGH" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.3.0 Subscriber+.Privilege.Escalation HIGH" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "healer No.known.fix Doctor,.Clinic.&.Medical.WordPress.<=.1.0.0.-.Unauthenticated.Local.File.Inclusion HIGH" "helvig No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "halpes No.known.fix Reflected.XSS HIGH" "hub No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).All.Plugins.Deactivated MEDIUM" "hello-fse-blog No.known.fix Missing.Authorization MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "isida No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "itok 1.1.43.1 Unauthenticated.Local.File.Inclusion HIGH" "insurance No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "invico No.known.fix WordPress.Consulting.Business.Theme.<=.1.9.-.Reflected.Cross-Site.Scripting MEDIUM" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "indutri 1.3.0 Unauthenticated.Local.File.Inclusion HIGH" "immiex No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "ivy-school 1.6.1 Unauthenticated.Local.File.Inclusion CRITICAL" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "ilex 1.4.2 Reflected.XSS HIGH" "imevent No.known.fix Missing.Authorization MEDIUM" "indoor-plants No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ipharm No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "invetex No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "innovio No.known.fix Multipurpose.Landing.Page.WordPress.Theme.<=.1.7.-.Unauthenticated.Local.File.Inclusion HIGH" "innovio No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "issabella No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ireca 1.8.6 Unauthenticated.Local.File.Inclusion HIGH" "itsulu 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "inspiro 2.1.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation HIGH" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "instantva 1.0.2 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "ironfit No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "impacto-patronus No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ippsum 1.2.1 Unauthenticated.PHP.Object.Injection HIGH" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "industrial 1.7.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "inset 1.21.0 Unauthenticated.Local.File.Inclusion HIGH" "industrial-lite No.known.fix Missing.Authorization MEDIUM" "integro No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "inhype No.known.fix Blog.&.Magazine.WordPress.<=.1.5.2.-.Unauthenticated.Local.File.Inclusion HIGH" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jarvis No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "jardi No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jack-well No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "joly 1.23.0 Unauthenticated.Local.File.Inclusion HIGH" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "justitia No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "jobify 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "jobify 4.2.8 Job.Board.WordPress.Theme.<.4.2.8.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery,.Arbitrary.Image.Upload,.and.Image.Generation MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Missing.Authorization MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Cross-Site.Request.Forgery MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Unauthenticated.Arbitrary.File.Read HIGH" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "js-paper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jnews No.known.fix Missing.Authorization MEDIUM" "jnews 11.6.7 WordPress.Newspaper.Magazine.Blog.AMP.Theme.<.11.6.7.-.Unauthorized.User.Registration MEDIUM" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jobzilla 2.0.1 Job.Board.WordPress.Theme.<.2.0.1.-.Cross-Site.Request.Forgery MEDIUM" "jannah No.known.fix Newspaper.Magazine.News.BuddyPress.AMP.<=.7.6.3.-.Unauthenticated.Local.File.Inclusion HIGH" "jannah 7.6.1 Unauthenticated.Local.File.Inclusion HIGH" "jannah 7.6.1 Unauthenticated.PHP.Object.Injection HIGH" "jannah 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "jannah 7.5.1 Unauthenticated.Local.File.Inclusion HIGH" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jude No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "justicia No.known.fix Lawyer.WordPress.Theme.<=.1.2.-.Unauthenticated.Local.File.Inclusion HIGH" "justicia No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "js-o3-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-o3-lite No.known.fix Reflected.XSS HIGH" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kata 1.2.9 Reflected.XSS HIGH" "kings-queens No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "keenarch 2.0.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "katerio No.known.fix Magazine.<=.1.5.1.-.Unauthenticated.Local.File.Inclusion HIGH" "kids-world No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "katelyn No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "kratz No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "kriya No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "kindlycare No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "karzo 2.6 Unauthenticated.Local.File.Inclusion HIGH" "kidsplanet 2.2.14.1 Unauthenticated.PHP.Object.Injection CRITICAL" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kingler No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "kayon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "kata-business No.known.fix Reflected.XSS HIGH" "kerge 4.1.4 Unauthenticated.Server-Side.Request.Forgery HIGH" "kleo 5.5.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "kleo 5.4.4 Missing.Authorization MEDIUM" "kleo 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "kingcabs 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.progressbarLayout.Parameter MEDIUM" "konte 2.4.7 Missing.Authorization MEDIUM" "kaffen 1.2.6 Unauthenticated.Local.File.Inclusion CRITICAL" "kossy No.known.fix Minimalist.eCommerce.WordPress.Theme.<=.1.45.-.Unauthenticated.Local.File.Inclusion HIGH" "kiamo 1.3.6 Responsive.Business.Service.WordPress.Theme.<.1.3.6.-.Unauthenticated.Local.File.Inclusion CRITICAL" "kahuna 1.7.0.1 Contributor+.Stored.XSS MEDIUM" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "kbase No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "kallyas 4.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kallyas No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "kallyas 4.23.0 Missing.Authorization MEDIUM" "kallyas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kallyas 4.23.0 Missing.Authorization MEDIUM" "kallyas 4.23.0 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "kallyas 4.22.0 Authenticated.(Contributor+).Arbitrary.Folder.Deletion HIGH" "kallyas 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "kitring No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "kicker No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "kata-app No.known.fix Reflected.XSS HIGH" "kinsley 3.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "krste 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "kalium 3.30 Missing.Authorization.to.Unauthenticated.Mail.Relay.via.kalium_vc_contact_form_request MEDIUM" "kalium 3.19 Missing.Authorization MEDIUM" "kalium 3.19 Cross-Site.Request.Forgery MEDIUM" "kalium 3.26 Unauthenticated.Arbitrary.Code.Execution CRITICAL" "kalium 3.19 Reflected.Cross-Site.Scripting MEDIUM" "kipso 1.3.5 Unauthenticated.Local.File.Inclusion HIGH" "krowd 1.5.0 Unauthenticated.Local.File.Inclusion CRITICAL" "laboom No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "legacy No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lafka No.known.fix Multi.Store.Burger.-.Pizza.&.Food.Delivery.WooCommerce.Theme.<=.4.5.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "lobo 2.8.6 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "lobo 2.8.7 Missing.Authorization MEDIUM" "laurent No.known.fix Elegant.Restaurant.WordPress.Theme.<=.3.1.-.Unauthenticated.Local.File.Inclusion HIGH" "laurent No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lunna No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "legal-stone No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lms 9.3 Unauthenticated.SQL.Injection HIGH" "lms 9.3 Reflected.Cross-Site.Scripting MEDIUM" "luique 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "luxury-wine No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "logtik 2.4 Reflected.Cross-Site.Scripting MEDIUM" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ludos-paradise No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logistics-hub No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "listeo 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.soundcloud.Shortcode MEDIUM" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "lingvico No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lekker No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lestin No.known.fix Reflected.XSS HIGH" "listihub No.known.fix Missing.Authorization MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "looki-lite 1.3.0 Reflected.XSS HIGH" "listingeasy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "law-office No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lettuce No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lendiz 2.0.1 Authenticated.(Subscriber+).Arbitrary.File.Upload MEDIUM" "lindo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lattice 1.1.4 Unspecified.XSS MEDIUM" "listingpro No.known.fix Missing.Authorization MEDIUM" "listingpro No.known.fix Missing.Authorization MEDIUM" "listingpro 2.9.10 Unauthenticated.Local.File.Inclusion HIGH" "listingpro 2.9.10 Missing.Authorization MEDIUM" "listingpro 2.9.10 Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.9.5 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro 2.9.5 Subscriber+.Local.File.Inclusion HIGH" "listingpro 2.9.5 Unauthenticated.SQL.Injection CRITICAL" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "listee 1.1.7 Unauthenticated.Privilege.Escalation CRITICAL" "legrand No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lella No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lasa 1.1.1 Unauthenticated.Local.File.Inclusion CRITICAL" "listingo No.known.fix Business.Listing.and.Directory.WordPress.Theme.<=.3.2.7.-.Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "listify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "listify No.known.fix Cross-Site.Request.Forgery MEDIUM" "leblix 2.5 Unauthenticated.Local.File.Inclusion HIGH" "lymcoin No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "luxedrive No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "listivo 2.3.68 Classified.Ads.WordPress.Theme.<.2.3.68.-.Reflected.Cross-Site.Scripting MEDIUM" "lovestory No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "little-birdies No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "larson 1.6.0 Unauthenticated.Local.File.Inclusion CRITICAL" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "letruffe No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "lorem-ipsum-books-media-store No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "lione No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "malta No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miion No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "miion No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "maxify No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "magazine-elite No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "magways 1.2.2 Unauthenticated.Local.File.Inclusion HIGH" "marra No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mamita No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "makeaholic 1.8.7 Missing.Authorization MEDIUM" "makeaholic 1.8.5 Unauthenticated.Local.File.Inclusion CRITICAL" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "motors 5.6.83 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "motors 5.6.68 Unauthenticated.Privilege.Escalation.via.Password.Update/Account.Takeover CRITICAL" "motors 5.6.66 Car.Dealer,.Rental.&.Listing.WordPress.theme.<.5.6.66.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "m2-ce No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "musico No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "muji No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mounthood No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "magone 8.9 Reflected.Cross-Site.Scripting MEDIUM" "medcity 1.1.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "marveland No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "medicare 2.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "myour No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "metro No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "metro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multioffice No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "muzicon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "moseter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moseter No.known.fix Reflected.XSS HIGH" "malgre No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "maia 1.1.16 Unauthenticated.Local.File.Inclusion CRITICAL" "modins No.known.fix Reflected.XSS HIGH" "madara 2.2.2.1 Unauthenticated.Local.File.Inclusion CRITICAL" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "my-white No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "manufactory No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "melodyschool No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "midi No.known.fix Sound.&.Music.WordPress.Theme.<=.1.14.-.Unauthenticated.Local.File.Inclusion HIGH" "magty 1.0.7 Unauthenticated.Local.File.Inclusion HIGH" "magazine-saga No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mella No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "massive-dynamic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mocho-blog No.known.fix Reflected.XSS HIGH" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "melos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "monki 2.0.6 Unauthenticated.Local.File.Inclusion HIGH" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "motorix No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "magze 1.0.10 Unauthenticated.Local.File.Inclusion HIGH" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "mr-cobbler No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "marcell No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "moveme No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "manoir No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mahogany No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "masterstudy 4.8.126 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "masterstudy 4.8.122 Missing.Authorization MEDIUM" "mr-murphy 1.2.12.1 Custom.Dress.Tailoring.Clothing.WordPress.Theme.<.1.2.12.1.-.Unauthenticated.PHP.Object.Injection HIGH" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "mTheme-Unus No.known.fix Local.File.Inclusion.(LFI) HIGH" "modernize No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modernize No.known.fix Missing.Authorization MEDIUM" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "meals-wheels No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "militarology No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "medicalequipment No.known.fix Missing.Authorization MEDIUM" "medizin 1.9.7 Unauthenticated.Local.File.Inclusion HIGH" "meta-news 1.1.8 Unauthenticated.Local.File.Inclusion CRITICAL" "mags 1.1.7 Unauthenticated.Local.File.Inclusion CRITICAL" "moneyflow No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "medicenter No.known.fix Health.Medical.Clinic.WordPress.Theme.<=.14.9.-.Reflected.Cross-Site.Scripting MEDIUM" "medicenter 15.2 Health.Medical.Clinic.<.15.2.-.Unauthenticated.PHP.Object.Injection HIGH" "medicenter 14.7 Health.Medical.Clinic.WordPress.Theme.<.14.7.-.Missing.Authorization MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "maxcube No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mega-store-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Page.Creation.and.Settings.Change MEDIUM" "meris No.known.fix Reflected.XSS HIGH" "modernhousewife No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "morning-records No.known.fix Music.Sound.Studio.WordPress.Theme.<=.1.2.-.Unauthenticated.PHP.Object.Injection HIGH" "melania No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mavix-education 1.1 Missing.Authorization.to.Authenticated.(Subscriber+).'Creativ.Demo.Importer'.Plugin.Activation MEDIUM" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "monolit 2.0.7 Reflected.XSS HIGH" "mbstore No.known.fix Digital.WooCommerce.WordPress.Theme.<=.2.3.-.Unauthenticated.Local.File.Inclusion CRITICAL" "musicplace No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "my-flatonica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minimog No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "minimog No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "minimog 3.9.1 Unauthenticated.Price.Manipulation MEDIUM" "minimog 3.8.0 Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "maxcoach 3.2.6 Unauthenticated.Local.File.Inclusion HIGH" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "morningtime-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "monyxi No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mandala No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "mckinney-politics No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "minamaze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mitech No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "mediclinic 2.2 Unauthenticated.Local.File.Inclusion CRITICAL" "miraculous 2.0.9 Unauthenticated.SQL.Injection HIGH" "miraculous 2.0.9 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "multifox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "molla 1.5.17 eCommerce.HTML5.Template.<.1.5.17.-.Unauthenticated.Local.File.Inclusion HIGH" "molla No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "mow 4.11 Cross-Site.Request.Forgery MEDIUM" "my-wooden-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "newsmash 1.0.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "newsy No.known.fix Reflected.Cross-Site.Scripting HIGH" "newsy No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "n7-golf-club No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "nuss No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "nuss No.known.fix Missing.Authorization MEDIUM" "nuss No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "newseqo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "neobeat No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "newsblogger 0.2.6 0.2.5.9.-.Arbitrary.Plugin.Installation.via.CSRF HIGH" "newsblogger 0.2.5.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "newsblogger 0.2.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation HIGH" "nothing-personal No.known.fix Reflected.XSS HIGH" "navian No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "newsmunch 1.0.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "neoocular 1.2 Unauthenticated.Local.File.Inclusion HIGH" "networker 1.2.2 Unauthenticated.Local.File.Inclusion HIGH" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "netmix No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "neptunus No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "news-magazine-x 1.2.51 Missing.Authorization MEDIUM" "news-magazine-x 1.2.38 Unauthenticated.Local.File.Inclusion HIGH" "newscrunch 1.8.4.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "newscrunch 1.8.4.1 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "nightlife No.known.fix CSRF.File.Upload HIGH" "newscard 1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "noo-yogi 2.9.3 Health.Beauty.&.Yoga.<.2.9.3.-.Reflected.Cross-Site.Scripting MEDIUM" "noo-yogi 2.9.3 Health.Beauty.&.Yoga.<.2.9.3.-.Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "news-event 1.0.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "noo-citilights 3.7.2 Real.Estate.WordPress.Theme.<.3.7.2.-.Reflected.Cross-Site.Scripting MEDIUM" "noo-citilights 3.7.2 Missing.Authorization MEDIUM" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "nokri No.known.fix Cross-Site.Request.Forgery MEDIUM" "nokri 1.6.4 Subscriber+.Privilege.Escalation HIGH" "nokri 1.6.3 Unauthenticated.Arbitrary.Password.Change CRITICAL" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "nuts No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "nrgfashion No.known.fix Model.Agency.One.Page.Beauty.Theme.<=.1.4.4.-.Unauthenticated.PHP.Object.Injection CRITICAL" "nirvana No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "nelson No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "nexter 2.0.4 Missing.Authorization MEDIUM" "neighborly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "neuronet 1.14.0 Unauthenticated.Local.File.Inclusion HIGH" "noo-wemusic 1.9.2 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "noo-wemusic 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "nika 1.2.15 Unauthenticated.Local.File.Inclusion HIGH" "nika 1.2.15 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nika 1.2.9 Unauthenticated.Local.File.Inclusion CRITICAL" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newsdaily No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nrgbusiness No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "nrgbusiness No.known.fix Missing.Authorization MEDIUM" "neom-blog 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "neresa-wp 1.4 Unauthenticated.Local.File.Inclusion HIGH" "nutrie 2.0.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "noo-jobmonster 4.8.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "noo-jobmonster 4.8.2 Authentication.Bypass HIGH" "noo-jobmonster 4.7.9 Reflected.Cross-Site.Scripting MEDIUM" "noo-jobmonster 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "noo-jobmonster 4.8.1 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "noo-jobmonster 4.8.0 Authentication.Bypass CRITICAL" "noo-jobmonster 4.7.9 Reflected.Cross-Site.Scripting MEDIUM" "noo-jobmonster 4.7.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster 4.7.6 Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nioland 1.2.7 Reflected.Cross-Site.Scripting.via.s MEDIUM" "north-wp No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "north-wp No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "nestin 1.2.6 Unauthenticated.PHP.Object.Injection HIGH" "noisa 2.6.3 Unauthenticated.PHP.Object.Injection HIGH" "noisa 2.6.2 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "newsup 5.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Installation MEDIUM" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "notarius No.known.fix Legal.Advisor.WordPress.Theme.<=.1.9.-.Unauthenticated.Local.File.Inclusion HIGH" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "opstore No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "offset-writing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offset-writing No.known.fix Reflected.XSS HIGH" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "onelife No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "ostende No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "oyster No.known.fix Photography.WordPress.<=.4.4.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ozisti No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "olivia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ofiz No.known.fix WordPress.Business.Consulting.Theme.<=.2.0.-.Reflected.Cross-Site.Scripting MEDIUM" "ochahouse No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "ober 1.3.4 Unauthenticated.Local.File.Inclusion CRITICAL" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "orgarium No.known.fix Reflected.XSS HIGH" "optimizewp 2.4 Unauthenticated.Local.File.Inclusion HIGH" "onleash No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "oshin No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "oceanwp 4.1.2 Subscriber+.Limited.Option.Update MEDIUM" "oceanwp 4.1.2 4.1.1.-.Ocean.Extra.Plugin.Installation.via.CSRF MEDIUM" "oceanwp 3.6.1 Contributor+.Stored.XSS MEDIUM" "oceanwp 4.1.0 Contributor+.Stored.XSS.via.Select.HTML.Tag MEDIUM" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "organic-beauty No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "oxpitan 1.3.6 Unauthenticated.Local.File.Inclusion CRITICAL" "oneline-lite 6.7 Missing.Authorization MEDIUM" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "otaku No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "overton No.known.fix Creative.WordPress.Theme.for.Agencies.and.Freelancers.<=.1.3.-.Unauthenticated.Local.File.Inclusion HIGH" "overton No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "ogami 1.61.1 Unauthenticated.Local.File.Inclusion CRITICAL" "oxygen No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "orchid-store No.known.fix Missing.Authorization MEDIUM" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "onepress No.known.fix Contributor+.DOM-Based.Stored.XSS.via.lightGallery.Library MEDIUM" "onepress No.known.fix Missing.Authorization MEDIUM" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "overworld No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "pinzolo 1.2.10 Reflected.XSS HIGH" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "photobox No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "photobox No.known.fix Reflected.Cross-Site.Scripting HIGH" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "patiotime 2.1 Unauthenticated.PHP.Object.Injection HIGH" "patiotime 2.1 Unauthenticated.Local.File.Inclusion HIGH" "panda No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "pizzahouse No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "puzzles 4.2.5 Unauthenticated.PHP.Object.Injection HIGH" "puzzles 4.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "puzzles 4.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "phlox 2.17.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'data-caption'.HTML.Attribute MEDIUM" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "poloray No.known.fix Unauthenticated.Information.Exposure MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "petclub No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "pubzinne No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "power-mag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prisma No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "pin-wp 7.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "paragon No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "pawfriends No.known.fix Pet.Shop.and.Veterinary.WordPress.<=.1.3.-.Unauthenticated.Local.File.Inclusion HIGH" "pawfriends No.known.fix Pet.Shop.and.Veterinary.WordPress.<=.1.3.-.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "pawfriends No.known.fix Pet.Shop.and.Veterinary.WordPress.<=.1.3.-.Cross-Site.Request.Forgery MEDIUM" "planmyday No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "powerlift 3.2.1 Unauthenticated.Local.File.Inclusion HIGH" "powerlift 3.2.1 Missing.Authorization MEDIUM" "press-grid No.known.fix Frontend.Publish.Reaction.&.Multimedia.Theme.<=.1.3.1.-.Unauthenticated.PHP.Object.Injection CRITICAL" "photome 5.7.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "photome No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "photome 5.7.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "pimp No.known.fix Creative.MultiPurpose.<=.1.7.-.Unauthenticated.PHP.Object.Injection CRITICAL" "playful No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "plato 1.1.9 Reflected.XSS HIGH" "progress No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "pool-services No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "pearsonspecter No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "playa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "prestige 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "prestige 1.4.1 Unauthenticated.PHP.Object.Injection HIGH" "plank No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parkivia No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "pressroom 7.1 News.Magazine.WordPress.Theme.<.7.1.-.Reflected.Cross-Site.Scripting MEDIUM" "partymaker No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "prolingua No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "posterity No.known.fix Contributor+.Stored.XSS MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "piqes No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "palatio No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "peakshops 1.5.9 Unauthenticated.Local.File.Inclusion HIGH" "peakshops No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "point-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "pathfinder No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "porto No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "pennews 6.7.4 Missing.Authorization MEDIUM" "pennews 6.7.3 Unauthenticated.Local.File.Inclusion HIGH" "pantry No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "pj No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "printy No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "photolia No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "police-department No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "pont No.known.fix Privilige.Escalation HIGH" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "petermason No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "plain-post 1.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "photography No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "photography 7.7.5 Unauthenticated.Local.File.Inclusion HIGH" "photography 7.7.4 Reflected.Cross-Site.Scripting MEDIUM" "photography No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "photography No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "photography No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "photography No.known.fix Missing.Authorization MEDIUM" "prider No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "petsworld No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "pisole No.known.fix Reflected.XSS HIGH" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pippo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "puca No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "puca 2.6.34 Unauthenticated.Local.File.Inclusion HIGH" "petsland No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "plant No.known.fix Gardening.&.Houseplants.WordPress.Theme.<=.1.0.0.-.Unauthenticated.Information.Exposure MEDIUM" "pressmart 1.2.17 Modern.Elementor.WooCommerce.WordPress.Theme.<.1.2.17.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "prowess No.known.fix Fitness.and.Gym.WordPress.Theme.<=.1.8.1.-.Unauthenticated.Local.File.Inclusion HIGH" "prowess No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "prowess No.known.fix Missing.Authorization MEDIUM" "palladio No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "promo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pearl 3.4.8 Corporate.Business.<.3.4.8.-.Unauthenticated.Local.File.Inclusion CRITICAL" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pubnews 1.0.8 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "paroti No.known.fix Reflected.XSS HIGH" "polka-dots No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinevale No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "quasar 2.0 Privilege.Escalation HIGH" "qizon No.known.fix Reflected.XSS HIGH" "qt-kentharadio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quanzo No.known.fix Creative.Portfolio.Template.Kit.<=.1.0.10.-.Unauthenticated.Local.File.Inclusion HIGH" "quantum No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "quota 1.2.5 Unspecified.XSS MEDIUM" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "qempo No.known.fix Reflected.XSS HIGH" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "renden No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title MEDIUM" "racquet No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "realhomes 4.4.1 Real.Estate.WordPress.Theme.<.4.4.1.-.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "realhomes 4.3.7 Privilege.Escalation CRITICAL" "reconstruction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "revolution 2.5.8 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "roseta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realtyelite No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "ruza 1.0.8 Unauthenticated.Local.File.Inclusion CRITICAL" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "rozy No.known.fix Flower.Shop.<=.1.2.25.-.Unauthenticated.Local.File.Inclusion HIGH" "renewal No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rockon 3.4 Reflected.Cross-Site.Scripting MEDIUM" "reprizo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rhythmo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "rainbownews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realestate-7 3.5.3 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.5.5 Authenticated.(Custom).Arbitrary.File.Upload HIGH" "realestate-7 3.5.2 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "rashy No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "roisin No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "run-gran No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "revo No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "rexcoin No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafeteria No.known.fix Subscriber+.Arbitrary.Plugin.Installation/Activation MEDIUM" "road-fighter No.known.fix Unauthenticated.Information.Exposure MEDIUM" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "reales-wp-real-estate-wordpress-theme No.known.fix Real.Estate.WordPress.Theme.<=.2.1.2.-.Missing.Authorization.to.Unauthenticated.Attachment.Deletion.and.Favorite.Property.Updates MEDIUM" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "rentic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "roam No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "rightway No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ruizarch 1.2.0 Unauthenticated.Local.File.Inclusion CRITICAL" "rezo No.known.fix Reflected.Cross-Site.Scripting HIGH" "rezo No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "redy No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rareradio No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rapyd-payments 1.2.1 Unauthenticated.PHP.Object.Injection CRITICAL" "rally No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rosalinda No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rf No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "ratatouille No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "resido 3.6.1 Real.Estate.WordPress.Theme.<.3.6.1.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery.and.API.Key.Settings.Update MEDIUM" "real-spaces 3.6 WordPress.Properties.Directory.Theme.<.3.6.-.Authenticated.(Subscriber+).Privilege.Escalation.to.Administrator.via.'change_role_member' HIGH" "real-spaces 3.6.1 WordPress.Properties.Directory.Theme.<.3.6.1.-.Unauthenticated.Privilege.Escalation.to.Administrator.via.'imic_agent_register' CRITICAL" "resca 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "rehub-theme 19.9.9.2 Unauthenticated.Information.Exposure MEDIUM" "rehub-theme 19.9.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rehub-theme 19.9.8 Unauthenticated.Arbitrary.Shortcode.Execution.via.re_filterpost HIGH" "rehub-theme 19.9.8 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "rozario No.known.fix Missing.Authorization MEDIUM" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "rhodos No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "riode No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "remons 1.3.5 Unauthenticated.Local.File.Inclusion HIGH" "rosebud No.known.fix Flower.Shop.and.Florist.WordPress.Theme.<=.1.4.-.Unauthenticated.Local.File.Inclusion HIGH" "rosebud No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "restaurante 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "restaurt No.known.fix Authenticated.(subscriber+).Arbitrary.File.Upload HIGH" "redart 3.9 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "rethink No.known.fix Unauthenticated.Information.Exposure MEDIUM" "seil No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "sober No.known.fix Missing.Authorization MEDIUM" "sober 3.5.12 Unauthenticated.Information.Exposure MEDIUM" "spa-and-salon 1.3.3 Missing.Authorization MEDIUM" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "save-life No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "searchgo 2.8.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "search-and-go No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "search-and-go 2.8 Authentication.Bypass.to.Privilege.Escalation HIGH" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "stratus No.known.fix Missing.Authorization MEDIUM" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "stallion No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "saxon No.known.fix Viral.Content.Blog.&.Magazine.Marketing.WordPress.<=.1.9.3.-.Unauthenticated.Local.File.Inclusion HIGH" "sala 1.1.7 Unauthenticated.Local.File.Inclusion HIGH" "sala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sala No.known.fix Missing.Authorization MEDIUM" "sala No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "sala No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "snssimen No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "sirat No.known.fix Missing.Authorization MEDIUM" "strux No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "snsavaz No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "scientia No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "snowmountain No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "style No.known.fix Information.Disclosure HIGH" "spock No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "storebiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "sydney 2.57 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Theme.Options.Update MEDIUM" "sounder No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "soho No.known.fix Photography.WordPress.<=.3.0.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skillate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starto No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "sevenstars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sevenstars No.known.fix Cross-Site.Request.Forgery MEDIUM" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sapa 1.1.15 Unauthenticated.Local.File.Inclusion CRITICAL" "seventrees No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "snsnitan No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "spacious 1.9.12 Missing.Authorization.to.Autheticated.(Subscriber+).Demo.Data.Import MEDIUM" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "soleil No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sidepane No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "sidepane No.known.fix Reflected.Cross-Site.Scripting HIGH" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "savoy 3.0.9 Unauthenticated.Information.Exposure MEDIUM" "solar No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "smartit No.known.fix Information.Disclosure HIGH" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "solaris No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "spark-multipurpose No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snsevon No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "sean-lite 1.4.6 Reflected.XSS HIGH" "sonaar 4.27.5 Subscriber+.Privilege.Escalation HIGH" "sonaar 4.27.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sevenhills No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "stargaze No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simplecharm 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "sweet-dessert 1.1.13 Unauthenticated.PHP.Object.Injection CRITICAL" "single-property No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "setsail No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "saul 1.1.0 Reflected.XSS HIGH" "stockholm No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stockholm No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "scape No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "smart-mag 10.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "smart-mag 10.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snsanton No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "samex No.known.fix Clean,.Minimal.Shop.WooCommerce.WordPress.Theme.<=.2.6.-.Unauthenticated.Local.File.Inclusion HIGH" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "samantha 1.2.0 Unauthenticated.Local.File.Inclusion CRITICAL" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "sparkle-fse No.known.fix Missing.Authorization MEDIUM" "saveo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "shieldgroup No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "simpolio No.known.fix Privilige.Escalation HIGH" "shopire 1.0.58 Subscriber+.Limited.Plugin.Install MEDIUM" "struktur No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "struktur No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "snsvicky No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "solace No.known.fix Missing.Authorization MEDIUM" "socialv 2.0.16 Social.Network.and.Community.BuddyPress.Theme.<.2.0.16.-.Missing.Authorization.to.Arbitrary.File.Download MEDIUM" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "storepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "snow-monkey 29.1.6 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "sominx No.known.fix Reflected.XSS HIGH" "streamit 4.0.3 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Email.Change/Account.Takeover HIGH" "streamit 4.0.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "streamit 4.0.2 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "sanger No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sweetjane No.known.fix Delightful.Cake.Shop.Theme.<=.1.2.-.Unauthenticated.Local.File.Inclusion HIGH" "sweetjane No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "septera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "spare No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "spare No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spare No.known.fix Cross-Site.Request.Forgery MEDIUM" "splendour No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "sweetdate 4.0.1 Unauthenticated.PHP.Object.Injection HIGH" "sweetdate 3.8.0 Unauthenticated.Privilege.Escalation CRITICAL" "soho-hotel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparkling 2.4.10 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "shift-cv No.known.fix Blog.\.Resume.\.Portfolio.\.WordPress.Theme.<=.3.0.14.-.Unauthenticated.Local.File.Inclusion HIGH" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "specialist No.known.fix CSRF.File.Upload HIGH" "salient 17.4.0 Missing.Authorization MEDIUM" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "saaslauncher 1.3.1 Missing.Authorization MEDIUM" "smash No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "simplish No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "softme No.known.fix Missing.Authorization MEDIUM" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "sahifa 5.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "spabiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shaha No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "smilepure 1.8.5 Unauthenticated.Local.File.Inclusion HIGH" "smartseo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "smartseo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "shopo No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "shopo No.known.fix Reflected.Cross-Site.Scripting HIGH" "savory 2.6 Unauthenticated.Local.File.Inclusion HIGH" "sailing 4.4.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "store-commerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slide No.known.fix Reflected.Cross-Site.Scripting HIGH" "slide No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "sofass No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "shk-corporate No.known.fix Missing.Authorization MEDIUM" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shuttle No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "salient-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soledad No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soledad No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "soledad 8.6.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "soledad 8.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "soledad 8.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soledad 8.6.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "soledad 8.6.8 Authenticated.(Contributor+).Local.File.Inclusion.via.'header_layout' HIGH" "soledad 8.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'pcsml_smartlists_h' MEDIUM" "soledad 8.6.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "soleng No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "togo 1.0.4 Authenticated.(subscriber+).Privilege.Escalation HIGH" "togo 1.0.4 Missing.Authorization MEDIUM" "togo 1.0.4 Missing.Authorization MEDIUM" "togo 1.0.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "togo 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "t1 No.known.fix Open.Redirect MEDIUM" "tantum No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "the-mounty No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tobel No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themia-lite No.known.fix Unauthenticated.Information.Exposure MEDIUM" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "towny No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "triple-seven No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "tastyc 2.5.2 Unauthenticated.Local.File.Inclusion CRITICAL" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tijaji No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.XSS HIGH" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "theissue 1.6.12 Unauthenticated.Local.File.Inclusion HIGH" "the-ultralight No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "tinysalt 3.10.0 Unauthenticated.Local.File.Inclusion HIGH" "tinysalt 3.10.0 Unauthenticated.PHP.Object.Injection HIGH" "tinysalt 3.10.0 Unauthenticated.PHP.Object.Injection.in.ajax_handler CRITICAL" "tweaker5 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "tripgo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "turitor 1.5.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tiger-claw No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "tourimo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "tribe No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "thegem-elementor 5.10.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "thegem-elementor 5.10.5.1 Missing.Authorization MEDIUM" "thegem-elementor 5.10.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "thegem 5.10.5.1 Missing.Authorization MEDIUM" "thegem 5.10.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "thegem 5.10.3.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "thegem 5.10.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Theme.Options.Update MEDIUM" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "th-shop-mania 1.5.0 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "translogic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "theflash No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "the-wound No.known.fix Unauthenticated.LFI HIGH" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "tiger No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "tiger No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "tiger No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "tiger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "triton-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "triompher No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "traveltour 5.2.4 Reflected.XSS HIGH" "triply No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "tuning No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "tint No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "traveler 3.2.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "traveler 3.2.7 Missing.Authorization MEDIUM" "traveler No.known.fix Missing.Authorization MEDIUM" "traveler 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "traveler 3.2.6 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "traveler 3.2.6 Unauthenticated.Local.File.Inclusion HIGH" "traveler 3.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "traveler 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "traveler 3.2.2 Unauthenticated.SQL.Injection HIGH" "traveler 3.2.1 Unauthenticated.SQL.Injection HIGH" "traveler 3.2.1 Missing.Authorization MEDIUM" "traveler 3.2.1 Missing.Authorization MEDIUM" "traveler 3.2.1 Unauthenticated.PHP.Object.Injection HIGH" "traveler 3.1.9 Reflected.Cross-Site.Scripting MEDIUM" "traveler 3.1.9 Unauthenticated.Local.File.Inclusion.via.hotel_alone_load_more_post CRITICAL" "traveler 3.2.0 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "traveler 3.1.7 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "traveler 3.1.7 Unauthenticated.SQL.Injection.via.order_id HIGH" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "top-store 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "tuaug4 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "triss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tm-moody No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "teardrop No.known.fix Privilige.Escalation HIGH" "the-qlean No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tennis-sportclub No.known.fix Tennis.Sports.Events.WordPress.Theme.<=.1.2.3.-.Unauthenticated.PHP.Object.Injection HIGH" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "tooth-fairy No.known.fix Dentist.&.Dental.Clinic.WordPress.Theme.<=.1.16.-.Unauthenticated.Local.File.Inclusion HIGH" "tails No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "typify No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "tantyyellow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tantyyellow No.known.fix Reflected.XSS HIGH" "tiki-time No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "travelicious 1.6.7 Unauthenticated.PHP.Object.Injection HIGH" "thebe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "topscorer No.known.fix Sports.WordPress.<=.1.2.-.Unauthenticated.Local.File.Inclusion HIGH" "tripster No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "topfit No.known.fix Fitness.and.Gym.WordPress.<=.1.9.-.Unauthenticated.Local.File.Inclusion HIGH" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "tornados No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "travel-monster 1.3.4 Missing.Authorization MEDIUM" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "thena No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tevily No.known.fix Reflected.XSS HIGH" "thebi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "takeout No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "thecs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tediss No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "taina 0.2.5 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "thegig No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "theaisle 2.9.1 Unauthenticated.Local.File.Inclusion HIGH" "theaisle 2.9.1 Missing.Authorization MEDIUM" "tacticool No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "unitravel No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "umberto No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "urna 2.5.13 Unauthenticated.Local.File.Inclusion HIGH" "urna 2.5.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "urna 2.5.8 Unauthenticated.Local.File.Inclusion HIGH" "u-design No.known.fix Responsive.WordPress.Theme.<=.4.14.0.-.Reflected.Cross-Site.Scripting MEDIUM" "u-design 4.13.6 Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "ultrapress No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "uncode 2.9.4.4 Reflected.Cross-Site.Scripting MEDIUM" "uncode 2.9.1.7 Unauthenticated.Arbitrary.File.Read.in.uncode_admin_get_oembed HIGH" "uncode 2.9.1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.mle-description MEDIUM" "uncode 2.9.1.7 Subscriber+.Arbitrary.File.Read.in.uncode_recordMedia MEDIUM" "upstore 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unicamp 2.7.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "unicamp 2.6.4 Unauthenticated.Local.File.Inclusion HIGH" "unlimited 1.46 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unica No.known.fix Event.Planning.&.Wedding.WordPress.Theme.<=.1.4.1.-.Unauthenticated.Local.File.Inclusion HIGH" "unlimhost No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "upfrontwp No.known.fix Reflected.XSS HIGH" "udesign 4.11.3 Missing.Authorization MEDIUM" "ultralight No.known.fix Reflected.XSS HIGH" "ureach No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "unseen-blog No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vocal No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "vikinger 1.9.33 Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.vikinger_delete_activity_media_ajax.Function HIGH" "vikinger 1.9.31 Authenticated.(Subscriber+).Privilege.Escalation.via.'vikinger_user_meta_update_ajax' HIGH" "venice-lite 1.5.5 Reflected.XSS HIGH" "viala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "videopro No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "vidorev No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "verbosa 1.2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "victo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "vw-storefront 1.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "vapester No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "visual-arts No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "verdure No.known.fix Organic.Tea.Shop.WordPress.Theme.<=.1.6.-.Unauthenticated.Local.File.Inclusion HIGH" "verdure No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "vixus No.known.fix Business.Startup.Elementor.Template.Kit.<=.1.0.16.-.Unauthenticated.Local.File.Inclusion HIGH" "verse No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "vizeon 1.2.1 Business.Consulting.<.1.2.1.-.Unauthenticated.Local.File.Inclusion CRITICAL" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "viburno 1.3.2 Reflected.XSS HIGH" "veil No.known.fix Wedding.&.Photographer.WordPress.Theme.<=.1.9.-.Unauthenticated.Local.File.Inclusion HIGH" "valenti No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "veda No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "veda No.known.fix MultiPurpose.WordPress.Theme.<=.4.2.-.Authenticated.(Subscriber+).PHP.Object.Injection CRITICAL" "villar 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vernissage 1.3 Privilige.Escalation HIGH" "valen No.known.fix Sport,.Fashion.WooCommerce.WordPress.Theme.<=.2.4.-.Unauthenticated.Local.File.Inclusion CRITICAL" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "vw-automobile-lite No.known.fix Missing.Authorization MEDIUM" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vidmov 2.3.9 Authenticated.(Subscriber+).Path.Traversal MEDIUM" "vidmov No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "vango No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "vivagh No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "vegadays No.known.fix Vegetarian.Food.Festival.&.Eco.Event.WordPress.Theme.<=.1.2.0.-.Unauthenticated.Local.File.Inclusion HIGH" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vireo No.known.fix Missing.Authorization MEDIUM" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "weddingalbum No.known.fix Information.Disclosure HIGH" "wanderic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wiguard 2.0.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpresidence 5.3.2.1 Missing.Authorization MEDIUM" "winnex No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "workscout 4.1.08 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "wigi No.known.fix Contributor+.Arbitrary.File.Upload HIGH" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpjobster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpjobster No.known.fix Unauthenticated.SQL.Injection HIGH" "williamson No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "woodmart 8.3.8 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woodmart 8.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woodmart 8.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woodmart 8.2.7 Unauthenticated.Cart.Manipulation MEDIUM" "woodmart 8.2.6 Unauthenticated.Post.Disclosure MEDIUM" "woodmart 8.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woodmart 8.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woodmart 8.2.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woodmart 8.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "wproject 5.8.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wproject 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wproject 5.8.0 Missing.Authorization.to.Unauthenticated.Content.Modification.and.Deletion MEDIUM" "wealthco No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "woffice 5.4.31 Reflected.Cross-Site.Scripting MEDIUM" "woffice 5.4.22 Authentication.Bypass.via.Registration.Role CRITICAL" "woffice 5.4.15 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "wprentals 3.16.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wprentals No.known.fix Cross-Site.Request.Forgery MEDIUM" "welowe No.known.fix Reflected.XSS HIGH" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-foodbakery No.known.fix Cross-Site.Request.Forgery.in.Multiple.Functions HIGH" "wp-foodbakery 4.8 Missing.Authorization.in.Multiple.Functions HIGH" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-weixin 1.3.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wellspring 2.8 Unauthenticated.Local.File.Inclusion HIGH" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "winger No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wishful-blog No.known.fix Reflected.XSS HIGH" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "wanderland No.known.fix Travel.Blog.<=.1.5.-.Unauthenticated.Local.File.Inclusion HIGH" "wanderland No.known.fix Missing.Authorization MEDIUM" "wanderland 1.7.2 Unauthenticated.Local.File.Inclusion CRITICAL" "work-travel-company No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wd No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wlow 1.2.7 Reflected.XSS HIGH" "wizors-investments No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "woopy No.known.fix Multipurpose.Store.WooCommerce.WordPress.Shop.Theme.<=.1.2.-.Unauthenticated.Local.File.Inclusion HIGH" "wilmer 3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wilmer 3.4.2 Unauthenticated.Local.File.Inclusion CRITICAL" "wedding-bride 1.0.2 Reflected.XSS HIGH" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "whitish-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "wolmart No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wolmart 1.8.12 Unauthenticated.Arbitrary.Shortcode.Execution.in.wolmart_loadmore HIGH" "woo-tour 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "window-ac-services No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "whiterabbit No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wp-moose 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woostify No.known.fix Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woostify 1.9.2 CSRF.Bypass MEDIUM" "wastia 1.1.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "windsor No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "weedles No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "woohoo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "werkstatt 4.8.3 Unauthenticated.Local.File.Inclusion HIGH" "welldone No.known.fix Sports.Store.WordPress.Theme.<=.2.4.-.Unauthenticated.Local.File.Inclusion HIGH" "wplms 4.971 Missing.Authorization MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Instructor+).SQL.Injection MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wplms 1.9.9.5 Unauthenticated.Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wplms 1.9.9.1 Missing.Authorization.to.Unauthenticated.User.Token.Generation MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5 Authenticated.(Student+).Remote.Code.Execution HIGH" "wplms 1.9.9.1 Unauthenticated.Privilege.Escalation CRITICAL" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.Directory.Deletion HIGH" "wplms 4.963 Unauthenticated.Arbitrary.File.Read.and.Deletion CRITICAL" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "wireless-butler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "wabi-sabi No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "xin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xstore 9.6 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xstore 9.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "xstore 9.6.1 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xstore 9.6.1 Reflected.Cross-Site.Scripting MEDIUM" "xstore 9.6 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xsmart No.known.fix Missing.Authorization MEDIUM" "xsmart No.known.fix Subscriber+.Privilege.Escalation HIGH" "xsmart No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xsmart No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "xews-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "xinterio 4.3 Unauthenticated.Local.File.Inclusion HIGH" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "xcare 6.5 Unauthenticated.Local.File.Inclusion HIGH" "yacht-rental No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "yottis No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "yokoo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "yozi 2.0.66.1 Unauthenticated.Local.File.Inclusion CRITICAL" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "yungen No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "yolox No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "yogi 2.9.3 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "zilom No.known.fix Reflected.XSS HIGH" "zass No.known.fix WooCommerce.Theme.for.Handmade.Artists.and.Artisans.<=.3.9.9.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "zioalberto No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "zox-news 3.17.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zegen No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "zegen No.known.fix Church.WordPress.Theme.<=.1.1.9.-.Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Options.Updates MEDIUM" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zota 1.3.15 Unauthenticated.Local.File.Inclusion HIGH" "zota 1.3.15 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "zota 1.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "zorka No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zorka No.known.fix Missing.Authorization MEDIUM" "zakra 4.1.6 Missing.Authorization.to.Subscriber+.Demo.Import MEDIUM" "zentrum No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "ziston 1.4.5 Unauthenticated.Local.File.Inclusion HIGH" "zita No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL")
pp "Theme: Version"
rthemes=(`grep -oP ".*/wp-content/themes/\K[a-zA-Z0-9-_.]+" $file | sort -u`)
d=true; [[ ! ${rthemes[@]} ]] && d=false || d=true
if ! "$d"; then cg_color bbg "No themes detected"; return 1; fi
links=($(len=${#rthemes[@]}; for ((c=0; c<$len; c++)); do if [[ $(grep -oP "<(script|link).*/wp-content/themes/${rthemes[c]}/.*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+" | sort -u | wc -l) == 1 ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/[a-zA-Z-_/.?]+=([\d]+\.[\d.]+|[\d]+)" $file; continue; fi; k=0; vz=(`grep -oP "<script.*/wp-content/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+"`); l=${#vz[@]}; for ((i=0; i<$l-1; i++)); do if [[ ${vz[i]} == ${vz[i+1]} ]]; then ((k++)); fi; done; if [[ $k == $(($l-1)) ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=${vz[0]}" $file && continue; elif [[ $k > 0 && $k > $(($(($l-1))/2)) ]]; then y=$(grep -oP "^<script.*/wp-content/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+|[\d]+)" $file | sort | uniq -cd | sort | tail -n 1 | cut -d " " -f8); grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/wp-content/themes/${rthemes[c]}/.*ver=$y" $file; continue; fi; grep -m1 -oP "<script.*src=.*/wp-content/themes/${rthemes[c]}/.*id='${rthemes[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || grep -m1 -oP "<script.*src=.*/wp-content/themes/${rthemes[c]}/.*id=\"${rthemes[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || if [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rthemes[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; fi; done))
i=0; len=${#rthemes[@]}; for ((c=0; c<$len; c++)); do if [[ ${links[i]} =~ ${rthemes[c]} ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sapt ${rthemes[c]}; ((i++)); continue; else echo "${rthemes[c]}: Version not detected"; fi; done
pp "Vulnerabilities"
if [[ ${flagz[@]} ]]; then for ((c=0; c<${#flagz[@]}; c++)); do hh=(${vulns_themes[${flagz[c]}]}); cg_color olbb "(${hh[0]}) "; echo -n ${hh[2]} | tr "." " "; if [[ ${hh[3]} == "CRITICAL" ]]; then cg_color bbr " [${hh[3]}]"; elif [[ ${hh[3]} == "HIGH" ]]; then cg_color bhr " [${hh[3]}]"; elif [[ ${hh[3]} == "MEDIUM" ]]; then cg_color bby " [${hh[3]}]"; elif [[ ${hh[3]} == "LOW" ]]; then cg_color bbp " [${hh[3]}]"; fi; done; else cg_color bbg "No vulnerabilities detected"; fi
}
users(){
pp "Users"
resp=$(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/\?rest_route=/wp/v2/users/ -k -L)
if [[ ! $resp =~ (rest_user_cannot_view|WordPress) ]] && [[ ! ${#resp} < 5 ]]; then
users=($(echo $resp | grep -oP "slug\":\"[a-zA-Z90-9-_]+" | cut -c 8- | tr "\n" " "))
for ((c=0; c<((${#users[@]}-1)); c++)); do cg_color olbb "${users[c]}, "; done
cg_color bbb ${users[-1]}
elif [[ $resp =~ (rest_user_cannot_view|WordPress) ]]; then
users=($(curl -s $url/\?rest_route=/wp/v2/posts | grep -oP '"author":"\K[\w-]+"' | sort -u | rev | cut -c 2- | rev))
if [[ ${users[@]} ]]; then
for ((c=0; c<((${#users[@]}-1)); c++)); do cg_color olbb "${users[c]}, "; done
cg_color bbb ${users[-1]}
else
cg_color bbg "No users discovered"
fi
else
cg_color bbg "No users discovered"
fi
}
do_it(){
echo "--> Scanning $url"
# Save file
file=$(echo $url | grep -oP "://(www.\K[a-z0-9]+|\K[a-z0-9]+)")".html"
# Check if site is live
s=$(date +"%s")
curl --connect-timeout 7 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url -k -L -o $file
e=$(date +"%s")
t=$(($e-$s))
[[ $t>=7 ]] && { echo "Site might not be live"; return 1; }
# Check if the site is running wordpress
ch || { echo "Site is not running Wordpress"; return 1; }
# Check filetype
cf
# Enumerate Wordpress version
ver
# Enumerate Plugins
plugins
# Enumerate themes
themes
# Enumerate users
users
}
# Syntax
[[ $# < 1 ]] && { echo "Syntax: ./enum.sh [url]"; exit; }
# Check if URL is valid
if [[ $# == 1 && $1 =~ ^(http|https)://.* ]]; then
url=`echo $1 | grep -oP "[a-z]+://[a-z0-9-_.]+\.[a-z.]+|[a-z]+://[\d.]+:[\d]+|[a-z]+://[\d.]+"`
do_it
elif [[ $# > 1 ]]; then
for url in $@; do
do_it
echo
done
else
echo "Invalid url"
exit
fi
Reference in New Issue View Git Blame Copy Permalink