jc/wordpress_enumeration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
90026875a0d0673d98bcd647a29dd1dde9071102
wordpress_enumeration/enum.sh
T
jc 90026875a0 updated with scrap.py
2025-02-04 14:52:55 +00:00

173 lines
1.6 MiB
Plaintext
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# Optimize the scrapping plugins with a difference in slashes i.e https:\/\/ke.cicinsurancegroup.com\/wp-content\/plugins\/awsm-team-pro\/js
# Add gap seperating vulnerabilities section in script
# Add author-sitemap.xml as enumeration try out for users
# Optimize source code scraping -> URL Encoding e.g CIC%20Sliders
# change site-kit-by-google to google-site-kit and redux to redux-framework
# add the plugins found in capitalfm source code to consideration -> like tplugins
pp(){
len=30; for ((c=1; c<$(($len+1)); c++)); do echo -n "="; done; echo; echo "[+] $1"; for ((c=1; c<$(($len+1)); c++)); do echo -n "="; done; echo
}
ch(){
[[ `curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s -I $url $url/doesnotexist $url/wp-admin -k -L | grep -i "x-redirect-by\|x-powered-by\|link\|x-tec-api-root"` =~ (WordPress|WP|Strattic|Netlify|wp-json) ]] && return 0 || return 1
}
cf(){
[[ `file $file` =~ "gzip" ]] && { zcat $file > a; mv a $file; }
}
cwv(){
# check if the version of wordpress is outdated or not
[[ $wp_version == $lv ]] && { echo -n "Wordpress version: $wp_version "; cg_color bbg "(Up-to-date)"; return 1; }; for ((c=0; c<${#releases[@]}; c++)); do [[ ${releases[c]} =~ $wp_version ]] && break; done; b=c; a=(${releases[b]}); c=$(($c-1)); d=(${releases[c]}); if [[ ${d[0]} =~ ^[0-9]\.[0-9]$ || ${safe[@]} =~ $wp_version ]]; then echo -n "Wordpress version: $wp_version"; cg_color olbg " [SAFE] "; echo -n "(Outdated - Released: "; else echo -n "Wordpress version: $wp_version (Outdated - Released: "; fi; echo "${a[1]}, Latest version: $lv)"
}
cv(){
# compare versions
[[ $p == $v ]] && return 1
[[ $(echo $p | cut -d "." -f1) -gt $(echo $v | cut -d "." -f1) ]] && { flag+=($j); return 1; }
[[ ${#p} == ${#v} ]] && [[ $(printf "$p\n$v" | sort -rn | head -n1) == $p ]] && { flag+=($j); return 1; }
[[ $(echo $p | cut -d "." -f1) == $(echo $v | cut -d "." -f1) ]] && [[ $(echo $p | cut -d "." -f2) -gt $(echo $v | cut -d "." -f2) ]] && { flag+=($j); return 1; }
[[ $(echo $p | cut -d "." -f1) == $(echo $v | cut -d "." -f1) ]] && [[ $(echo $p | cut -d "." -f2) == $(echo $v | cut -d "." -f2) ]] && [[ ${#p} -gt ${#v} ]] && { flag+=($j); return 1; }
}
cg_color(){
[[ $1 == olbr ]] && echo -en "\e[1;31m$2\e[0m" || { [[ $1 == olbg ]] && echo -en "\e[1;92m$2\e[0m"; } || { [[ $1 == olbb ]] && echo -en "\e[1;94m$2\e[0m"; } || { [[ $1 == olby ]] && echo -en "\e[1;93m$2\e[0m"; } || { [[ $1 == olhr ]] && echo -en "\e[1;91m\e[0m"; } || { [[ $1 == bbr ]] && echo -e "\e[1;31m$2\e[0m"; } || { [[ $1 == bbg ]] && echo -e "\e[1;92m$2\e[0m"; } || { [[ $1 == bbb ]] && echo -e "\e[1;94m$2\e[0m"; } || { [[ $1 == bby ]] && echo -e "\e[1;93m$2\e[0m"; } || { [[ $1 == bhr ]] && echo -e "\e[1;91m$2\e[0m"; } || { [[ $1 == olbp ]] && echo -en "\e[1;95m$2\e[0m"; } || { [[ $1 == bbp ]] && echo -e "\e[1;95m$2\e[0m"; }
}
sapv(){
# search plugin in array and print if vulnerable or not
flag=(); for ((j=0; j<${#vulns_plugins[@]}; j++)); do g=(${vulns_plugins[j]}); p=${g[1]}; [[ ! ${g[0]} =~ ^$1$ ]] && continue; [[ $p == $v ]] && continue; cv; done; [[ ${flag[@]} ]] && { cg_color olbr " [VULNERABLE] "; flagz+=(${flag[@]}); } || cg_color olbg " [CLEAN] "
}
sap(){
# search plugin in array and print if outdated or not
[[ $# == 2 ]] && { a="$1-$2"; set -- "$a"; } || { [[ $# == 3 ]] && { a="$1-$2-$3"; set -- "$a"; }; } || { [[ $# == 4 ]] && { a="$1-$2-$3-$4"; set -- "$a"; }; }
[[ ! $v ]] && { echo "$1: Version not detected"; return 1; }; for ((x=0; x<${#releases_plugins[@]}; x++)); do w=(${releases_plugins[x]}); if [[ ${w[0]} =~ ^$1$ ]]; then u=(${releases_plugins[x]}); k=${u[1]}; kk=${u[0]}; [[ $v == $k ]] && { echo -n "$kk: "; echo -n $v; sapv $1; echo "(Up-to-date)"; } || { echo -n "$kk: "; echo -n $v; sapv $1; echo "(Outdated - Latest version: $k)"; }; break; fi; [[ $x == $((${#releases_plugins[@]}-1)) ]] && { echo -n "$1: $v"; sapv $1; echo; }; done
}
saptv(){
# search theme in array and print if vulnerable or not
flag=(); for ((j=0; j<${#vulns_themes[@]}; j++)); do g=(${vulns_themes[j]}); p=${g[1]}; [[ ! ${g[0]} =~ ^$1$ ]] && continue; [[ $p == $v ]] && continue; cv; done; [[ ${flag[@]} ]] && { cg_color olbr " [VULNERABLE] "; flagz+=(${flag[@]}); } || cg_color olbg " [CLEAN] "
}
sapt(){
# search theme in array and print if outdated or not
[[ ! $v ]] && { echo "$1: Version not detected"; return 1; }; for ((x=0; x<${#releases_themes[@]}; x++)); do w=(${releases_themes[x]}); if [[ ${w[0]} =~ ^$1$ ]]; then u=(${releases_themes[x]}); k=${u[1]}; kk=${u[0]}; [[ $v == $k ]] && { echo -n "$kk: "; echo -n $v; saptv $1; echo "(Up-to-date)"; } || { echo -n "$kk: "; echo -n $v; saptv $1; echo "(Outdated - Latest version: $k)"; }; break; fi; [[ $x == $((${#releases_themes[@]}-1)) ]] && { echo -n "$1: $v"; saptv $1; echo; }; done
}
rg(){
v=$(curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/$1/$2 -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1)
}
ver(){
lv=6.7.1
range=("6.4.3 - 6.6" "6.1.2 - 6.4.2" "5.8.3 - 6.1.1" "5.6.1 - 5.8.2" "5.3.3 - 5.6" "5.0.3 - 5.3.2")
releases=("6.7.1 21-11-2024" "6.7 12-11-2024" "6.6.2 10-09-2024" "6.6.1 23-07-2024" "6.6 16-07-2024" "6.5 24-06-2024" "6.5.5 05-06-2024" "6.5.4 07-05-2024" "6.5.3 09-04-2024" "6.5.2 02-04-2024" "6.5 24-06-2024" "6.4.5 09-04-2024" "6.4.4 30-01-2024" "6.4.3 06-12-2023" "6.4.2 09-11-2023" "6.4.1 07-11-2023" "6.4 24-06-2024" "6.3.5 09-04-2024" "6.3.4 30-01-2024" "6.3.3 12-10-2023" "6.3.2 29-08-2023" "6.3.1 08-08-2023" "6.3 24-06-2024" "6.2.6 09-04-2024" "6.2.5 30-01-2024" "6.2.4 12-10-2023" "6.2.3 20-05-2023" "6.2.2 16-05-2023" "6.2.1 29-03-2023" "6.2 24-06-2024" "6.1.7 09-04-2024" "6.1.6 30-01-2024" "6.1.5 12-10-2023" "6.1.4 20-05-2023" "6.1.3 16-05-2023" "6.1.2 15-11-2022" "6.1.1 02-11-2022" "6.1 24-06-2024" "6.0.9 10-04-2024" "6.0.8 30-01-2024" "6.0.7 12-10-2023" "6.0.6 20-05-2023" "6.0.5 16-05-2023" "6.0.4 17-10-2022" "6.0.3 30-08-2022" "6.0.2 12-07-2022" "6.0.1 24-05-2022" "6.0 24-06-2024" "5.9.10 30-01-2024" "5.9.9 12-10-2023" "5.9.8 20-05-2023" "5.9.7 16-05-2023" "5.9.6 17-10-2022" "5.9.5 30-08-2022" "5.9.4 05-04-2022" "5.9.3 11-03-2022" "5.9.2 22-02-2022" "5.9.1 25-01-2022" "5.9 24-06-2024" "5.8.10 30-01-2024" "5.8.9 12-10-2023" "5.8.8 16-05-2023" "5.8.7 17-10-2022" "5.8.6 30-08-2022" "5.8.5 11-03-2022" "5.8.4 06-01-2022" "5.8.3 10-11-2021" "5.8.2 09-09-2021" "5.8.1 20-07-2021" "5.8 24-06-2024" "5.7.12 30-01-2024" "5.7.11 12-10-2023" "5.7.10 16-05-2023" "5.7.9 17-10-2022" "5.7.8 30-08-2022" "5.7.7 11-03-2022" "5.7.6 06-01-2022" "5.7.5 10-11-2021" "5.7.4 09-09-2021" "5.7.3 12-05-2021" "5.7.2 15-04-2021" "5.7.1 09-03-2021" "5.7 24-06-2024" "5.6.14 30-01-2024" "5.6.13 12-10-2023" "5.6.12 16-05-2023" "5.6.11 17-10-2022" "5.6.10 30-08-2022" "5.6.9 11-03-2022" "5.6.8 06-01-2022" "5.6.7 10-11-2021" "5.6.6 09-09-2021" "5.6.5 12-05-2021" "5.6.4 15-04-2021" "5.6.3 22-02-2021" "5.6.2 03-02-2021" "5.6.1 08-12-2020" "5.6 24-06-2024" "5.5.15 30-01-2024" "5.5.14 12-10-2023" "5.5.13 16-05-2023" "5.5.12 17-10-2022" "5.5.11 30-08-2022" "5.5.10 11-03-2022" "5.5.9 06-01-2022" "5.5.8 10-11-2021" "5.5.7 09-09-2021" "5.5.6 12-05-2021" "5.5.5 15-04-2021" "5.5.4 30-10-2020" "5.5.3 29-10-2020" "5.5.2 01-09-2020" "5.5.1 11-08-2020" "5.5 24-06-2024" "5.4.16 30-01-2024" "5.4.15 12-10-2023" "5.4.14 16-05-2023" "5.4.13 17-10-2022" "5.4.12 30-08-2022" "5.4.11 11-03-2022" "5.4.10 06-01-2022" "5.4.9 10-11-2021" "5.4.8 09-09-2021" "5.4.7 12-05-2021" "5.4.6 15-04-2021" "5.4.5 30-10-2020" "5.4.4 29-10-2020" "5.4.3 10-06-2020" "5.4.2 29-04-2020" "5.4.1 31-03-2020" "5.4 24-06-2024" "5.3.18 30-01-2024" "5.3.17 12-10-2023" "5.3.16 16-05-2023" "5.3.15 17-10-2022" "5.3.14 30-08-2022" "5.3.13 11-03-2022" "5.3.12 06-01-2022" "5.3.11 10-11-2021" "5.3.10 11-09-2021" "5.3.9 12-05-2021" "5.3.8 15-04-2021" "5.3.7 30-10-2020" "5.3.6 29-10-2020" "5.3.5 10-06-2020" "5.3.4 29-04-2020" "5.3.3 18-12-2019" "5.3.2 12-12-2019" "5.3.1 12-11-2019" "5.3 24-06-2024" "5.2.21 30-01-2024" "5.2.20 12-10-2023" "5.2.19 16-05-2023" "5.2.18 17-10-2022" "5.2.17 30-08-2022" "5.2.16 11-03-2022" "5.2.15 06-01-2022" "5.2.14 10-11-2021" "5.2.13 09-09-2021" "5.2.12 12-05-2021" "5.2.11 15-04-2021" "5.2.10 30-10-2020" "5.2.9 29-10-2020" "5.2.8 10-06-2020" "5.2.7 29-04-2020" "5.2.6 12-12-2019" "5.2.5 14-10-2019" "5.2.4 05-09-2019" "5.2.3 18-06-2019" "5.2.2 21-05-2019" "5.2.1 07-05-2019" "5.2 24-06-2024" "5.1.19 30-01-2024" "5.1.18 12-10-2023" "5.1.17 16-05-2023" "5.1.16 17-10-2022" "5.1.15 30-08-2022" "5.1.14 11-03-2022" "5.1.13 06-01-2022" "5.1.12 21-09-2021" "5.1.11 13-05-2021" "5.1.10 15-04-2021" "5.1.9 30-10-2020" "5.1.8 29-10-2020" "5.1.7 10-06-2020" "5.1.6 29-04-2020" "5.1.5 29-04-2020" "5.1.4 14-10-2019" "5.1.3 05-09-2019" "5.1.2 13-03-2019" "5.1.1 21-02-2019" "5.1 24-06-2024" "5.0.22 30-01-2024" "5.0.21 12-10-2023" "5.0.20 16-05-2023" "5.0.19 17-10-2022" "5.0.18 30-08-2022" "5.0.17 11-03-2022" "5.0.16 06-01-2022" "5.0.15 21-09-2021" "5.0.14 13-05-2021" "5.0.13 15-04-2021" "5.0.12 29-10-2020" "5.0.11 10-06-2020" "5.0.10 29-04-2020" "5.0.9 12-12-2019" "5.0.8 14-10-2019" "5.0.7 05-09-2019" "5.0.6 13-03-2019" "5.0.4 09-01-2019" "5.0.3 19-12-2018" "5.0.2 13-12-2018" "5.0.1 06-12-2018" "5.0 24-06-2024" "4.9.26 30-01-2024" "4.9.25 12-10-2023" "4.9.24 16-05-2023" "4.9.23 17-10-2022" "4.9.22 30-08-2022" "4.9.21 11-03-2022" "4.9.20 06-01-2022" "4.9.19 13-05-2021" "4.9.18 15-04-2021" "4.9.17 29-10-2020" "4.9.16 10-06-2020" "4.9.15 29-04-2020" "4.9.14 12-12-2019" "4.9.13 14-10-2019" "4.9.12 05-09-2019" "4.9.11 13-03-2019" "4.9.10 13-12-2018" "4.9.9 02-08-2018" "4.9.8 05-07-2018" "4.9.7 17-05-2018" "4.9.6 03-04-2018" "4.9.5 06-02-2018" "4.9.4 05-02-2018" "4.9.3 16-01-2018" "4.9.2 29-11-2017" "4.9.1 16-11-2017" "4.9 24-06-2024" "4.8.25 30-01-2024" "4.8.24 12-10-2023" "4.8.23 16-05-2023" "4.8.22 17-10-2022" "4.8.21 30-08-2022" "4.8.20 11-03-2022" "4.8.19 06-01-2022" "4.8.18 13-05-2021" "4.8.17 15-04-2021" "4.8.16 29-10-2020" "4.8.15 10-06-2020" "4.8.14 29-04-2020" "4.8.13 12-12-2019" "4.8.12 14-10-2019" "4.8.11 05-09-2019" "4.8.10 13-03-2019" "4.8.9 13-12-2018" "4.8.8 05-07-2018" "4.8.7 03-04-2018" "4.8.6 16-01-2018" "4.8.5 29-11-2017" "4.8.4 31-10-2017" "4.8.3 19-09-2017" "4.8.2 02-08-2017" "4.8.1 08-06-2017" "4.8 24-06-2024" "4.7.29 30-01-2024" "4.7.28 12-10-2023" "4.7.27 16-05-2023" "4.7.26 17-10-2022" "4.7.25 30-08-2022" "4.7.24 11-03-2022" "4.7.23 06-01-2022" "4.7.22 13-05-2021" "4.7.21 15-04-2021" "4.7.20 29-10-2020" "4.7.19 10-06-2020" "4.7.18 29-04-2020" "4.7.17 12-12-2019" "4.7.16 14-10-2019" "4.7.15 05-09-2019" "4.7.14 13-03-2019" "4.7.13 13-12-2018" "4.7.12 05-07-2018" "4.7.11 03-04-2018" "4.7.10 16-01-2018" "4.7.9 29-11-2017" "4.7.8 31-10-2017" "4.7.7 19-09-2017" "4.7.6 16-05-2017" "4.7.5 20-04-2017" "4.7.4 06-03-2017" "4.7.3 26-01-2017" "4.7.2 11-01-2017" "4.7.1 06-12-2016" "4.7 24-06-2024" "4.6.29 30-01-2024" "4.6.28 12-10-2023" "4.6.27 16-05-2023" "4.6.26 17-10-2022" "4.6.25 30-08-2022" "4.6.24 11-03-2022" "4.6.23 06-01-2022" "4.6.22 13-05-2021" "4.6.21 29-10-2020" "4.6.20 10-06-2020" "4.6.19 29-04-2020" "4.6.18 12-12-2019" "4.6.17 14-10-2019" "4.6.16 05-09-2019" "4.6.15 13-03-2019" "4.6.14 13-12-2018" "4.6.13 05-07-2018" "4.6.12 03-04-2018" "4.6.11 16-01-2018" "4.6.10 29-11-2017" "4.6.9 31-10-2017" "4.6.8 19-09-2017" "4.6.7 16-05-2017" "4.6.6 20-04-2017" "4.6.5 06-03-2017" "4.6.4 26-01-2017" "4.6.3 11-01-2017" "4.6.2 07-09-2016" "4.6.1 16-08-2016" "4.6 24-06-2024" "4.5.32 30-01-2024" "4.5.31 12-10-2023" "4.5.30 16-05-2023" "4.5.29 17-10-2022" "4.5.28 30-08-2022" "4.5.27 11-03-2022" "4.5.26 06-01-2022" "4.5.25 13-05-2021" "4.5.24 29-10-2020" "4.5.23 10-06-2020" "4.5.22 29-04-2020" "4.5.21 12-12-2019" "4.5.20 14-10-2019" "4.5.19 05-09-2019" "4.5.18 13-03-2019" "4.5.17 13-12-2018" "4.5.16 05-07-2018" "4.5.15 03-04-2018" "4.5.14 16-01-2018" "4.5.13 29-11-2017" "4.5.12 31-10-2017" "4.5.11 19-09-2017" "4.5.10 16-05-2017" "4.5.9 20-04-2017" "4.5.8 06-03-2017" "4.5.7 26-01-2017" "4.5.6 11-01-2017" "4.5.5 07-09-2016" "4.5.4 21-06-2016" "4.5.3 06-05-2016" "4.5.2 26-04-2016" "4.5.1 12-04-2016" "4.5 24-06-2024" "4.4.33 30-01-2024" "4.4.32 12-10-2023" "4.4.31 16-05-2023" "4.4.30 17-10-2022" "4.4.29 30-08-2022" "4.4.28 11-03-2022" "4.4.27 06-01-2022" "4.4.26 13-05-2021" "4.4.25 29-10-2020" "4.4.24 10-06-2020" "4.4.23 29-04-2020" "4.4.22 12-12-2019" "4.4.21 14-10-2019" "4.4.20 05-09-2019" "4.4.19 13-03-2019" "4.4.18 13-12-2018" "4.4.17 05-07-2018" "4.4.16 03-04-2018" "4.4.15 16-01-2018" "4.4.14 29-11-2017" "4.4.13 31-10-2017" "4.4.12 19-09-2017" "4.4.11 16-05-2017" "4.4.10 20-04-2017" "4.4.9 06-03-2017" "4.4.8 26-01-2017" "4.4.7 11-01-2017" "4.4.6 07-09-2016" "4.4.5 21-06-2016" "4.4.4 06-05-2016" "4.4.3 02-02-2016" "4.4.2 06-01-2016" "4.4.1 08-12-2015" "4.4 24-06-2024" "4.3.34 30-01-2024" "4.3.33 12-10-2023" "4.3.32 16-05-2023" "4.3.31 17-10-2022" "4.3.30 30-08-2022" "4.3.29 11-03-2022" "4.3.28 06-01-2022" "4.3.27 13-05-2021" "4.3.26 29-10-2020" "4.3.25 10-06-2020" "4.3.24 29-04-2020" "4.3.23 12-12-2019" "4.3.22 14-10-2019" "4.3.21 05-09-2019" "4.3.20 13-03-2019" "4.3.19 13-12-2018" "4.3.18 05-07-2018" "4.3.17 03-04-2018" "4.3.16 16-01-2018" "4.3.15 29-11-2017" "4.3.14 31-10-2017" "4.3.13 19-09-2017" "4.3.12 16-05-2017" "4.3.11 20-04-2017" "4.3.10 06-03-2017" "4.3.9 26-01-2017" "4.3.8 11-01-2017" "4.3.7 07-09-2016" "4.3.6 21-06-2016" "4.3.5 06-05-2016" "4.3.4 02-02-2016" "4.3.3 06-01-2016" "4.3.2 15-09-2015" "4.3.1 18-08-2015" "4.3 24-06-2024" "4.2.38 30-01-2024" "4.2.37 12-10-2023" "4.2.36 16-05-2023" "4.2.35 17-10-2022" "4.2.34 30-08-2022" "4.2.33 11-03-2022" "4.2.32 06-01-2022" "4.2.31 13-05-2021" "4.2.30 29-10-2020" "4.2.29 10-06-2020" "4.2.28 29-04-2020" "4.2.27 12-12-2019" "4.2.26 14-10-2019" "4.2.25 05-09-2019" "4.2.24 13-03-2019" "4.2.23 13-12-2018" "4.2.22 05-07-2018" "4.2.21 03-04-2018" "4.2.20 16-01-2018" "4.2.19 29-11-2017" "4.2.18 31-10-2017" "4.2.17 19-09-2017" "4.2.16 16-05-2017" "4.2.15 20-04-2017" "4.2.14 06-03-2017" "4.2.13 26-01-2017" "4.2.12 11-01-2017" "4.2.11 07-09-2016" "4.2.10 21-06-2016" "4.2.9 06-05-2016" "4.2.8 02-02-2016" "4.2.7 06-01-2016" "4.2.6 15-09-2015" "4.2.5 04-08-2015" "4.2.4 23-07-2015" "4.2.3 07-05-2015" "4.2.2 27-04-2015" "4.2.1 23-04-2015" "4.2 24-06-2024" "4.1.41 30-01-2024" "4.1.40 12-10-2023" "4.1.39 16-05-2023" "4.1.38 17-10-2022" "4.1.37 30-08-2022" "4.1.36 11-03-2022" "4.1.35 06-01-2022" "4.1.34 13-05-2021" "4.1.33 29-10-2020" "4.1.32 10-06-2020" "4.1.31 29-04-2020" "4.1.30 12-12-2019" "4.1.29 14-10-2019" "4.1.28 05-09-2019" "4.1.27 13-03-2019" "4.1.26 13-12-2018" "4.1.25 05-07-2018" "4.1.24 03-04-2018" "4.1.23 16-01-2018" "4.1.22 29-11-2017" "4.1.21 31-10-2017" "4.1.20 19-09-2017" "4.1.19 16-05-2017" "4.1.18 20-04-2017" "4.1.17 06-03-2017" "4.1.16 26-01-2017" "4.1.15 11-01-2017" "4.1.14 07-09-2016" "4.1.13 21-06-2016" "4.1.12 06-05-2016" "4.1.11 02-02-2016" "4.1.10 06-01-2016" "4.1.9 15-09-2015" "4.1.8 04-08-2015" "4.1.7 23-07-2015" "4.1.6 07-05-2015" "4.1.5 27-04-2015" "4.1.4 23-04-2015" "4.1.3 21-04-2015" "4.1.2 18-02-2015" "4.1.1 18-12-2014" "4.1 30-11-2022" "4.0.38 17-10-2022" "4.0.37 30-08-2022" "4.0.36 11-03-2022" "4.0.35 06-01-2022" "4.0.34 13-05-2021" "4.0.33 29-10-2020" "4.0.32 10-06-2020" "4.0.31 29-04-2020" "4.0.30 12-12-2019" "4.0.29 14-10-2019" "4.0.28 05-09-2019" "4.0.27 13-03-2019" "4.0.26 13-12-2018" "4.0.25 05-07-2018" "4.0.24 03-04-2018" "4.0.23 16-01-2018" "4.0.22 29-11-2017" "4.0.21 31-10-2017" "4.0.20 19-09-2017" "4.0.19 16-05-2017" "4.0.18 20-04-2017" "4.0.17 06-03-2017" "4.0.16 26-01-2017" "4.0.15 11-01-2017" "4.0.14 07-09-2016" "4.0.13 21-06-2016" "4.0.12 06-05-2016" "4.0.11 02-02-2016" "4.0.10 06-01-2016" "4.0.9 15-09-2015" "4.0.8 04-08-2015" "4.0.7 23-07-2015" "4.0.6 06-05-2015" "4.0.5 27-04-2015" "4.0.4 23-04-2015" "4.0.3 21-04-2015" "4.0.2 20-11-2014" "4.0.1 04-09-2014" "4.0 30-11-2022" "3.9.40 17-10-2022" "3.9.39 30-08-2022" "3.9.37 11-03-2022" "3.9.36 06-01-2022" "3.9.35 13-05-2021" "3.9.34 29-10-2020" "3.9.33 10-06-2020" "3.9.32 29-04-2020" "3.9.31 12-12-2019" "3.9.30 14-10-2019" "3.9.29 05-09-2019" "3.9.28 13-03-2019" "3.9.27 13-12-2018" "3.9.26 05-07-2018" "3.9.25 03-04-2018" "3.9.24 16-01-2018" "3.9.23 29-11-2017" "3.9.22 31-10-2017" "3.9.21 19-09-2017" "3.9.20 16-05-2017" "3.9.19 20-04-2017" "3.9.18 06-03-2017" "3.9.17 26-01-2017" "3.9.16 11-01-2017" "3.9.15 07-09-2016" "3.9.14 21-06-2016" "3.9.13 06-05-2016" "3.9.12 02-02-2016" "3.9.11 06-01-2016" "3.9.10 15-09-2015" "3.9.9 04-08-2015" "3.9.8 23-07-2015" "3.9.7 07-05-2015" "3.9.6 23-04-2015" "3.9.5 21-04-2015" "3.9.4 20-11-2014" "3.9.3 06-08-2014" "3.9.2 08-05-2014" "3.9.1 16-04-2014" "3.9 30-11-2022" "3.8.41 17-10-2022" "3.8.40 30-08-2022" "3.8.39 11-03-2022" "3.8.38 06-01-2022" "3.8.37 13-05-2021" "3.8.36 29-10-2020" "3.8.35 10-06-2020" "3.8.34 29-04-2020" "3.8.33 12-12-2019" "3.8.32 14-10-2019" "3.8.31 05-09-2019" "3.8.30 21-03-2019" "3.8.29 13-12-2018" "3.8.28 05-07-2018" "3.8.27 03-04-2018" "3.8.26 16-01-2018" "3.8.25 29-11-2017" "3.8.24 31-10-2017" "3.8.23 19-09-2017" "3.8.22 16-05-2017" "3.8.21 20-04-2017" "3.8.20 06-03-2017" "3.8.19 26-01-2017" "3.8.18 11-01-2017" "3.8.17 07-09-2016" "3.8.16 21-06-2016" "3.8.15 06-05-2016" "3.8.14 02-02-2016" "3.8.13 06-01-2016" "3.8.12 15-09-2015" "3.8.11 04-08-2015" "3.8.10 23-07-2015" "3.8.9 07-05-2015" "3.8.8 23-04-2015" "3.8.7 21-04-2015" "3.8.6 20-11-2014" "3.8.5 06-08-2014" "3.8.4 14-04-2014" "3.8.3 08-04-2014" "3.8.2 23-01-2014" "3.8.1 12-12-2013" "3.8 30-11-2022" "3.7.41 17-10-2022" "3.7.40 30-08-2022" "3.7.39 11-03-2022" "3.7.38 06-01-2022" "3.7.37 13-05-2021" "3.7.36 29-10-2020" "3.7.35 10-06-2020" "3.7.34 29-04-2020" "3.7.33 12-12-2019" "3.7.32 14-10-2019" "3.7.31 05-09-2019" "3.7.30 21-03-2019" "3.7.29 13-12-2018" "3.7.28 05-07-2018" "3.7.27 03-04-2018" "3.7.26 16-01-2018" "3.7.25 29-11-2017" "3.7.24 31-10-2017" "3.7.23 19-09-2017" "3.7.22 16-05-2017" "3.7.21 20-04-2017" "3.7.20 06-03-2017" "3.7.19 26-01-2017" "3.7.18 11-01-2017" "3.7.17 07-09-2016" "3.7.16 21-06-2016" "3.7.15 06-05-2016" "3.7.14 02-02-2016" "3.7.13 06-01-2016" "3.7.12 15-09-2015" "3.7.11 04-08-2015" "3.7.10 23-07-2015" "3.7.9 07-05-2015" "3.7.8 23-04-2015" "3.7.7 21-04-2015" "3.7.6 20-11-2014" "3.7.5 06-08-2014" "3.7.4 14-04-2014" "3.7.3 08-04-2014" "3.7.2 29-10-2013" "3.7.1 24-10-2013" "3.7 11-09-2013" "3.6.1 01-08-2013" "3.6 21-06-2013" "3.5.2 24-01-2013" "3.5.1 11-12-2012" "3.5 06-09-2012" "3.4.2 27-06-2012" "3.4.1 13-06-2012" "3.4 27-06-2012" "3.3.3 20-04-2012" "3.3.2 03-01-2012" "3.3.1 12-12-2011" "3.3 12-07-2011" "3.2.1 04-07-2011" "3.2 29-06-2011" "3.1.4 25-05-2011" "3.1.3 26-04-2011" "3.1.2 04-04-2011" "3.1.1 23-02-2011" "3.1 26-04-2011" "3.0.6 07-02-2011" "3.0.5 29-12-2010" "3.0.4 08-12-2010" "3.0.3 30-11-2010" "3.0.2 29-07-2010" "3.0.1 17-06-2010" "3.0 15-02-2010" "2.9.2 04-01-2010" "2.9.1 18-12-2009" "2.9 12-11-2009" "2.8.6 20-10-2009" "2.8.5 12-08-2009" "2.8.4 03-08-2009" "2.8.3 20-07-2009" "2.8.2 09-07-2009" "2.8.1 11-06-2009" "2.8 10-02-2009" "2.7.1 10-12-2008" "2.7 25-11-2008" "2.6.5 23-10-2008" "2.6.3 08-09-2008")
pp "Version information"
wp_version=(`grep -oP "WordPress \K[\d.]+" $file || curl -k -L -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-links-opml.php | grep -oP "WordPress/\K[\d.]+"`)
[[ $wp_version && ${#wp_version} -le 7 ]] && cwv
if [[ ! $wp_version ]]; then year=$(curl -k -L -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/license.txt | grep -m1 -oP "Copyright [\d-]+" | cut -d " " -f2 | cut -d "-" -f2); [[ ! $year ]] && { echo "Wordpress version: Version not detected"; return 1; }; if [[ $year == 2024 ]]; then wp_version=${range[0]}; elif [[ $year == 2023 ]]; then wp_version=${range[1]}; elif [[ $year == 2022 ]]; then wp_version=${range[2]}; elif [[ $year == 2021 ]]; then wp_version=${range[3]}; elif [[ $year == 2020 ]]; then wp_version=${range[4]}; elif [[ $year == 2019 ]]; then wp_version=${range[5]}; else wp_version=$wp_version; fi; echo "Wordpress version: $wp_version"; fi
}
plugins(){
flagz=()
releases_plugins=("2kb-amazon-affiliates-store 2.1.5" "3d-cover-carousel 1.0" "1player 1.4" "123-chat-videochat 1.3.2" "360-product-rotation 1.5.8" "5-stars-rating-funnel 1.4.01" "8-degree-notification-bar 1.1.8" "10to8-online-booking 1.1.0" "404-error-monitor 1.1" "aesop-story-engine 2.3.3" "amtythumb 4.2.0" "bws-latest-posts 0.4" "bulk-change 1.0" "cookie-bar 2.1" "contact-form-with-captcha 1.6.8" "caret-country-access-limit 1.0.4" "church-admin 5.0.13" "duplicate-variations-for-woocommerce 1.0.1" "dofollow-case-by-case 3.5.1" "easy-fancybox 2.3.11" "exclusive-content-password-protect 1.1.0" "fusion-slider 1.6.5" "fast-checkout-for-woocommerce 1.1.18" "go-viral 1.8.2" "gamipress-vimeo-integration 1.0.9" "hipaatizer 1.3.6" "hide-admin-bar-based-on-user-roles 4.1.0" "icestats 1.3" "js-support-ticket 2.8.9" "keymaster-chord-notation-free 1.0.2" "kopa-nictitate-toolkit 1.0.2" "listamester 2.3.5" "login-with-cognito 1.5.2" "mejorcluster 1.1.16" "marketing-optimizer 20200925" "newsletter-by-supsystic 1.5.6" "ni-woocommerce-sales-report 3.8.0" "our-team-enhanced 4.4.2" "omnipress 1.5.4" "png-to-jpg 4.4" "product-recommendation-quiz-for-ecommerce 2.2.10" "qr-twitter-widget 0.2.3" "quotes-collection 2.5.2" "rvg-optimize-database 5.2.2" "reset-course-progress-for-learndash 1.3" "sniplets 1.4.5" "sticky-popup 1.2" "split-test-for-elementor 1.8.2" "spideranalyse 0.0.1" "tagmaker 0.2.2" "updraft 0.6.1" "ultraaddons-elementor-lite 1.1.9" "virtual-hdm-for-taxservice-am 1.1.2" "wp-nssuser-register 1.0.0" "wp-lightbox-2 3.0.6.7" "woo-myghpay-payment-gateway 3.2" "wangguard 1.7.3" "woocommerce-add-to-cart-custom-redirect 1.2.14" "wp-finance 1.3.6" "your-text-manager 0.3.0" "yeemail 2.1.6" "zajax-ajax-navigation 0.4" "zooom 1.1.0")
vulns_plugins=("3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "99fy-core 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "99fy-core 1.2.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "5centscdn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "12-step-meeting-list 3.16.6 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "12-step-meeting-list 3.16.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "8-degree-notification-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "404-solution 2.35.20 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.18 Missing.Authentication.to.Sensitive.Information.Exposure MEDIUM" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "123-chat-videochat No.known.fix Video.Chat.<=.1.3.1.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "99robots-header-footer-code-manager-pro 1.0.17 Reflected.Cross-Site.Scripting.via.message MEDIUM" "3d-presentation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "3dvieweronline-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "3d-avatar-user-profile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "012-ps-multi-languages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "10centmail-subscription-management-and-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "4ecps-webforms No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "404-error-monitor No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.updatePluginSettings.Function MEDIUM" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "3d-flipbook-dflip-lite 2.3.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.3.42 Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "1003-mortgage-application No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "2d-tag-cloud-widget-by-sujin No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "360deg-javascript-viewer 1.7.30 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "404page 11.4.8 Reflected.Cross-Site.Scripting MEDIUM" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "3dprint-lite 2.1 Settings.Update.via.CSRF MEDIUM" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-woo-labels 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-widget-after-content 2.5 Admin+.Stored.XSS LOW" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "achilles-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "ajax-extend No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "announcer 6.0.1 Missing.Authorization MEDIUM" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "appexperts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "alley-elementor-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "arconix-shortcodes 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "advanced-custom-fields-pro 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "amr-personalise No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "accept-stripe-payments-using-contact-form-7 2.6 Unauthenticated.Information.Exposure MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "awesomepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-menu-organizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amen No.known.fix Admin+.Stored.XSS LOW" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "animated-number-counters No.known.fix Authenticated.(Editor+).Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ajar-productions-in5-embed 3.1.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Cross-Site.Request.Forgery.to.Activation.Status.Update MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "ashe-extra 1.3 Missing.Authorization MEDIUM" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "add-ribbon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "admin-cleanup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "amp-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "advanced-event-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "arcadeready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.7 Cross-Site.Request.Forgery MEDIUM" "attire-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "amazing-neo-icon-font-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "apa-banner-slider No.known.fix Cross-Site.Request.Forgery.to.SLQ.Injection HIGH" "awesome-tool-tip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "algori-pdf-viewer 1.0.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "axeptio-sdk-integration 2.5.5 Unauthenticated.Local.File.Inclusion CRITICAL" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "ancient-world-linked-data-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "administrator-z No.known.fix Subscriber+.SQL.Injection HIGH" "animated-counters No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "adirectory 1.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "advanced-form-integration 1.97.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.92.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "audio-comparison-lite 3.5 Contributor+.Stored.XSS MEDIUM" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "auxin-portfolio 2.3.5 Contributor+.Stored.XSS MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "auto-date-year-month 2.0.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "advanced-control-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-control-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "agendapress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "affiliateimportereb No.known.fix Reflected.XSS HIGH" "affiliateimportereb No.known.fix Reflected.XSS.via.Search HIGH" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "auto-featured-image-from-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "aryo-activity-log 2.11.2 Unauthenticated.Stored.XSS.via.Event.Context HIGH" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "appsplate No.known.fix Unauthenticated.SQL.Injection HIGH" "amadiscount No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "ai-engine 2.6.5 Admin+.SQLi MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "ajax-login-and-registration-modal-popup 2.25 Reflected.XSS MEDIUM" "ajax-login-and-registration-modal-popup 2.24 Author+.Stored.XSS MEDIUM" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "ai-site-builder No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation CRITICAL" "akismet-htaccess-writer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.22 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "amr-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "asgard No.known.fix Reflected.XSS HIGH" "azz-anonim-posting No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "arena-liveblog-and-chat-tool No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arena_embed_amp.Shortcode MEDIUM" "arena-liveblog-and-chat-tool 0.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "aicomments 1.4.2 Cross-Site.Request.Forgery MEDIUM" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "amberlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "authentication-via-otp-using-firebase No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "awesome-contact-form7-for-elementor 3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "amin-chat-button 1.4.2 Stored.XSS.via.CSRF HIGH" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "abcbiz-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-sms-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "arforms-form-builder 1.7.2 HTML.Injection MEDIUM" "arforms-form-builder 1.7.1 Unauthenticated.Stored.XSS MEDIUM" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "ar-for-wordpress 7.4 Missing.Authorization.to.Unauthenticated.Limited.File.Upload LOW" "ar-for-wordpress 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "add-image-to-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "atomchat 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atomchat.Shortcode MEDIUM" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "alert-me No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "advanced-cf7-database No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "ahime-image-printer No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "auto-post-thumbnail 4.1.3 Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 4.1.4 Author+.SSRF MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "abc-notation No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "addressbook No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "astra-sites 4.4.10 Cross-Site.Request.Forgery MEDIUM" "astra-sites 4.4.1 Author+.Stored.XSS MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "author-discussion No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "anonymize-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "alt-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "advanced-google-recaptcha 1.26 Brute.Force.Protection.IP.Unblock LOW" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "anchor-episodes-index 2.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor_episodes.Shortcode MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "ajax-content-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "appizy-app-embed 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arkhe-blocks 2.27.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block.attributes MEDIUM" "arkhe-blocks 2.27.0 Contributor+.Stored.XSS MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 8.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piechart_settings.Parameter MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "apply-online 2.6.7.2 Missing.Authorization MEDIUM" "apply-online 2.6.3 Unauthenticated.Application.File.Access MEDIUM" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "admin-site-enhancements-pro 7.6.3 Missing.Authorization MEDIUM" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "arca-payment-gateway 1.3.4 Stored.XSS.via.CSRF HIGH" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "ajax-search-lite 4.12.5 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.4 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-custom-google-tag-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "all-embed-addons-for-elementor 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "asmember No.known.fix Admin+.Stored.XSS LOW" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "avchat-3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "ach-invoice-app No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "awesome-studio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.3 Ajax.Load.More.<.7.1.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "access-code-feeder No.known.fix CSRF MEDIUM" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "accordion-slider 1.9.13 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "accordion-slider 1.9.12 Authenticted.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Attribute MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a4-barcode-generator 3.4.11 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "affiliate-toolkit-starter 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atkp_product.Shortcode MEDIUM" "affiliate-toolkit-starter 3.6 Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-dashboard-rss-feed No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "admin-renamer-extended No.known.fix CSRF MEDIUM" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "abcapp-creator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ab-categories-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-responsive-photo-gallery 2.1 Reflected.Cross-Site.Scripting MEDIUM" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration 7.87 Authenticated.(Administrator+).Arbitrary.PHP.Code.Injection HIGH" "all-in-one-wp-migration 7.87 Unauthenticated.Information.Disclosure.via.Error.Logs MEDIUM" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "auto-iframe 2.0 Contributor+.XSS.via.Shortcode MEDIUM" "auto-iframe 1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.tag.Parameter MEDIUM" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "aprils-call-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acnoo-flutter-api No.known.fix Authentication.Bypass CRITICAL" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ai-postpix 1.1.8.1 Subscriber+.Arbitrary.File.Upload HIGH" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "awesome-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "add-comments No.known.fix Admin+.Stored.XSS LOW" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "advertising-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db No.known.fix Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ai-content-generation 1.2.6 Missing.Authorization MEDIUM" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-notifications 1.2.8 Missing.Authorization MEDIUM" "activitytime 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "activitytime 1.1.0 Unauthenticated.SQL.Injection HIGH" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "api-bing-map-2018 5.0 CSRF MEDIUM" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "addons-for-divi 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "ai-wp-writer 3.8.4.5 Cross-Site.Request.Forgery MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "advanced-advertising-system No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "advanced-blog-post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auxin-elements No.known.fix Missing.Authorization MEDIUM" "auxin-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Staff.Widget MEDIUM" "auxin-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aux_contact_box.and.aux_gmaps.Shortcodes MEDIUM" "auxin-elements 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.and.Icon.Picker.Widgets MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements No.known.fix Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auphonic-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "appmaps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "additional-product-fields-for-woocommerce 1.2.134 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "awesome-fitness-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "add-rss No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "advanced-options-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "apk-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "alpha-price-table-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "ad-inserter 2.7.38 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "advanced-data-table-for-elementor 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "ameliabooking 1.2.5 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-woocommerce 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "authors-list 2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "ays-popup-box 4.9.8 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "ays-popup-box 4.7.8 Admin+.Stored.XSS LOW" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "adif-log-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "armember-membership 4.0.52 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "arforms No.known.fix Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "arforms No.known.fix Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "acf-images-search-and-insert No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "advanced-category-and-custom-taxonomy-image 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_tax_image.Shortcode MEDIUM" "article-directory No.known.fix Admin+.Stored.XSS LOW" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "adventure-bucket-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "animation-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Slider.and.Tabs.Widget.Elementor.Template MEDIUM" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "ajax-random-posts No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "aweber-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "aklamator-infeed No.known.fix Admin+.Stored.XSS LOW" "aklamator-infeed No.known.fix Reflected.XSS HIGH" "ask-me-anything-anonymously No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anonymous-restricted-content 1.6.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "autowp-ai-content-writer-rewriter 2.0.9 Cross-Site.Request.Forgery MEDIUM" "alphabetical-list No.known.fix Settings.Update.via.CSRF MEDIUM" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "atarim-visual-collaboration 4.0.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 4.1.0 Missing.Authorization.to.Authenticated.(Subscriber+).Project.Page/File.Deletion MEDIUM" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "affiliate-disclosure-statement No.known.fix Cross-Site.Request.Forgery MEDIUM" "ai-image 1.5.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3.6.3 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addfunc-mobile-detect No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-infos-to-the-events-calendar 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accept-authorize-net-payments-using-contact-form-7 2.3 Unauthenticated.Information.Exposure MEDIUM" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "aqua-svg-sprite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-bootstrap-blocks 1.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.20 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "awesome-progess-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-auto-tool 2.1.3 Missing.Authorization MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-floating-content 3.8.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anyguide No.known.fix Cross-Site.Request.Forgery MEDIUM" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "apply-with-linkedin-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apply-with-linkedin-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "aco-product-labels-for-woocommerce 1.5.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "adminify 4.0.1.7 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ad-blocking-detector No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-shortcodes-for-genesis No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "ajax-wp-query-search-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "accounting-for-woocommerce 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "amministrazione-aperta 3.8 Admin+.LFI LOW" "accordion-slider-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "advanced-fancybox No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "allpost-contactform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.7 Admin+.Stored.XSS LOW" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "analytics-cat 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Admin+.SQL.Injection MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "annie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "assist24it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "avif-support 1.1.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "avif-support 1.1.1 Author+.Stored.XSS.via.SVG.Uplaod MEDIUM" "aggregator-advanced-settings No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "allaccessible 1.3.5 Subscriber+.Privilege.Escalation HIGH" "allaccessible 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "advanced-what-should-we-write-about-next No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "advanced-what-should-we-write-about-next No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "athemes-addons-for-elementor-lite 1.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "appointmind 4.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "arprice No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "arprice No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "arprice No.known.fix Unauthenticated.SQL.Injection HIGH" "arprice No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "amazon-associate-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "analyse-uploads No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Private.Templates.Content.Disclosure MEDIUM" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "ai-responsive-gallery-album No.known.fix Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "authldap 2.6.2 Admin+.Stored.XSS LOW" "ai-quiz No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ai-quiz No.known.fix Missing.Authorization MEDIUM" "ajax-rating-with-custom-login No.known.fix Unauthenticated.SQL.Injection HIGH" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "affiliatex 1.2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "add-whatsapp-button 2.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "automatic-translation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acf-city-selector 1.15.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "accordion-title-for-elementor 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "auto-ftp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "allada-tshirt-designer-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "automatorwp 5.1.0 Reflected.Cross-Site.Scripting.via.a-0-o-search_field_value CRITICAL" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "aphorismus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "adifier-system 3.1.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "accordions 2.2.100 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "autocompleter No.known.fix Cross-Site.Request.Forgery MEDIUM" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "admin-management-xtended 2.4.7 Contributor+.Stored.XSS MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "altra-side-menu No.known.fix Admin+.SQL.Injection MEDIUM" "altra-side-menu No.known.fix Abitrary.Menu.Deletion.via.CSRF MEDIUM" "ai-for-seo 1.2.10 Missing.Authorization MEDIUM" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ahmeti-wp-guzel-sozler No.known.fix Cross-Site.Request.Forgery MEDIUM" "audiocase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 13.3 Authenticated.(Subscriber+).Limited.File.Upload.to.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "add-admin-css No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "auto-upload-images 3.3.1 CSRF MEDIUM" "ali2woo-lite 3.4.4 PHP.Object.Injection.via.CSRF HIGH" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.7 Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "automatic-internal-links-for-seo 1.2.2 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-video-player-with-analytics No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "affiliator-lite No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "automatically-hierarchic-categories-in-menu 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "atarapay-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "animategl No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "aajoda-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "anywhere-elementor 1.2.12 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anac-xml-viewer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "addon-elements-for-elementor-page-builder 1.14 Contributor+.Sensitive.Information.Disclosure LOW" "addon-elements-for-elementor-page-builder 1.13.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.table_saved_sections MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Missing.Authorization MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "app-builder 5.3.8 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "analytics-tracker 1.1.1 XSS MEDIUM" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "anant-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agile-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "advanced-pdf-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ayecode-connect 1.3.9 Missing.Authorization MEDIUM" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "autolisticle-automatically-update-numbered-list-articles 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "arabic-webfonts No.known.fix Missing.Authorization MEDIUM" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "acf-frontend-form-element 3.25.2 Unauthenticated.SQL.Injection MEDIUM" "acf-frontend-form-element 3.25.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "acf-frontend-form-element 3.25.1 Unauthenticated.Privilege.Escalation HIGH" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "ai-seo-translator 1.6.3 Cross-Site.Request.Forgery.via.update_integration_option MEDIUM" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "amilia-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.99.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animated-al-list No.known.fix Reflected.XSS HIGH" "azonbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "absolute-reviews 1.1.4 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Criteria.Name MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "advanced-online-ordering-and-delivery-platform No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "analytics-insights 6.3 Open.Redirect MEDIUM" "absolute-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attesa-extra 1.4.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-blocks-pro No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "awesome-support No.known.fix Missing.Authorization MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "ahathat No.known.fix Reflected.XSS.via.REQUEST_URI MEDIUM" "ahathat No.known.fix Admin+.SQL.Injection MEDIUM" "apa-register-newsletter-form No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aio-contact No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "aio-contact No.known.fix Missing.Authorization MEDIUM" "aa-audio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "amazon-product-price No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "add-categories-post-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ajax-awesome-css No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "additional-order-filters-for-woocommerce 1.22 Reflected.Cross-Site.Scripting MEDIUM" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "auction-nudge 7.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "altima-lookbook-free-for-woocommerce No.known.fix Refletced.Cross-Site.Scripting MEDIUM" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "adbuddy-adblocker-detection No.known.fix Admin+.Stored.XSS LOW" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "apppresser 4.4.7 Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "apppresser 4.4.5 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "adwork-media-ez-content-locker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "abbs-bing-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.18 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "acl-floating-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "admin-site-enhancements 7.6.3 Missing.Authorization LOW" "admin-site-enhancements 7.5.2 Authenticated.Stored.Cross-Site.Scripting.via.SVG MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "autopilot 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ahmeti-wp-timeline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "ai-content-generator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ai-post-generator No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Post/Page.Deletion MEDIUM" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-filter-posts 3.4.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ajax-filter-posts No.known.fix Missing.Authorization.to.Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.12 Contributor+.Stored.XSS MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "ars-affiliate-page 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automation-web-platform 3.0.18 Unauthenticated.Privilege.Escalation CRITICAL" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "build-app-online No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "b-testimonial 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bstone-demo-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.7.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "boat-rental-system No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "bitcoin-lightning-publisher 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "bp-greeting-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "blaze-online-eparcel-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "blur-text 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "booking-calendar-contact-form 1.2.56 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbp-core 1.2.6 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buying-buddy-idx-crm No.known.fix PHP.Object.Injection.via.CSRF HIGH" "bitformpro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "bitformpro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "brand-my-footer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bne-gallery-extended 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.gallery.Shortcode MEDIUM" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "board-election No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "beaver-builder-lite-version 2.8.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.3 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Widget MEDIUM" "beaver-builder-lite-version 2.8.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3.7 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Group.Module MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "backlink-monitoring-manager No.known.fix Reflected.XSS HIGH" "brizy-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "banner-system No.known.fix Missing.Authorization MEDIUM" "banner-system No.known.fix Privilege.Escalation HIGH" "banner-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "booking-system-trafft 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.3.0 Reflected.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "bebetter-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "better-wp-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "bubble-menu 4.0.3 Cross-Site.Request.Forgery MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "banner-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "biltorvet-dealer-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bold-pagos-en-linea 3.1.5 Reflected.Cross-Site.Scripting HIGH" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "bitly-linker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beam-me-up-scotty 1.0.22 Reflected.Cross-Site.Scripting MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.28 Contributor+.Stored.XSS.via.beds24-link.Shortcode MEDIUM" "beds24-online-booking 2.0.26 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.25 Contributor+.Stored.XSS MEDIUM" "buddypress-docs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "bitcoin-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "bdthemes-element-pack-lite 5.10.15 Addons.for.Elementor.<.5.10.15.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.13 Missing.Authorization MEDIUM" "bdthemes-element-pack-lite 5.10.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Lightbox.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+.Stored.Cross-Site.Scripting.via.Open.Map.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "bible-embed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "bp-member-type-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "beek-widget-extention No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "blocks No.known.fix Admin+.Stored.XSS LOW" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "buddyforms 2.8.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.13 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms 2.8.10 Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.3 Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "blockmeister 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-bp-registration No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulk-me-now No.known.fix Reflected.XSS HIGH" "bulk-me-now No.known.fix Message.Deletion.via.CSRF MEDIUM" "bulk-me-now No.known.fix Stored.XSS.via.Shortcode HIGH" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Export MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Order.Deletion MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Import MEDIUM" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bigmart-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "board-document-manager-from-chuhpl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "boldgrid-backup 1.16.7 Authenticated.(Administrator+).Remote.Code.Execution.via.Backup.Settings HIGH" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "bizapp-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bluetrait-event-viewer No.known.fix Settings.Update.via.CSRF MEDIUM" "breeze 2.1.15 Missing.Authorization MEDIUM" "breeze 2.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "bet-wc-2018-russia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "booking 10.9.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'booking'.Shortcode MEDIUM" "booking 10.6.5 Admin+.Stored.XSS LOW" "booking 10.6.3 Admin+.Stored.XSS LOW" "booking 10.6.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "beacon-for-helpscout No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "bulk-delete-users-by-email No.known.fix User.Deletion.via.CSRF HIGH" "bulk-delete-users-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "basepress-migration-tools No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booking-calendar-pro 11.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "blrt-wp-embed No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "bricksable 1.6.60 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "best-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "bradmax-player 1.1.28 Contributor+.Stored.XSS MEDIUM" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).SQL.Injection.via.tab.Parameter MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "bannerlid No.known.fix Reflected.XSS HIGH" "bug-library 2.1.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "betterlinks 2.1.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bamazoo-button-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dgs.Shortcode MEDIUM" "background-animation-blocks No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "bdthemes-prime-slider-lite 3.16.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.15.19 Addons.For.Elementor.(Revolution.of.a.slider,.Hero.Slider,.Ecommerce.Slider.<.3.15.19.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Blog.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "basepress 2.16.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Database.Update MEDIUM" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress 14.2.1 Authenticated.(Subscriber+).Directory.Traversal HIGH" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "b-slider 1.1.24 Gutenberg.Slider.Block.for.WP.<.1.1.24.-.Authenticated.(Contributor+).Private.Post.Disclosure.via.bsb-slider.Shortcode MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "boot-modal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "bread-butter 7.5.880 Contributor+.Stored.XSS MEDIUM" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "bamboo-enquiries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-link-tracker No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "bmlt-tabbed-map 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "bg-patriarchia-bu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "borderless No.known.fix Authenticated.(Administrator+).Remote.Code.Execution HIGH" "borderless No.known.fix Missing.Authorization.to.Icon.Font.Deletion MEDIUM" "borderless 1.5.9 Editor+.Stored.XSS MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "bulk-editor 1.0.8.4 Authenticated.(Editor+).CSV.Path.Traversal LOW" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "be-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "button-generation 3.1.2 Cross-Site.Request.Forgery MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 2.7.60 Private.Comment.Exposure.via.IDOR MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "blocks-post-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "book-press 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brodos-net-onlineshop No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bookingpress-appointment-booking 1.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.23 Unauthenticated.Export.File.Download MEDIUM" "bookingpress-appointment-booking 1.1.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "bverse-convert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "bonway-static-block-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "broken-link-finder 2.5.1 Authenticated.(Author+).Blind.Server-Side.Request.Forgery MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "booking-calendar 3.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "booking-calendar 3.2.20 Authenticated.(Contributor+).SQL.Injection MEDIUM" "booking-calendar 3.2.16 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "block-controller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blizzard-quotes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bootstrap-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "boom-fest 2.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "better-author-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bit-form 2.17.5 Authenticated.(Administrator+).Server-Side.Request.Forgery LOW" "bit-form 2.17.4 Missing.Authorization.to.Authenticated.(Subscriber+).Form.Submission.Disclosure MEDIUM" "bit-form 2.15.3 Admin+.Arbitrary.File.Read LOW" "bit-form 2.13.12 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.13.11 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.13.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "bizlibrary No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blogger-image-import No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bp-activity-plus-reloaded 1.1.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "bmlt-meeting-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map 2.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "better-protected-pages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "backup-database No.known.fix Admin+.Stored.XSS LOW" "b-banner-slider No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "bwd-elementor-addons 4.3.19 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "bard-extra 1.2.8 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "button-block 1.1.6 Missing.Authorization MEDIUM" "button-block No.known.fix Contributor+.Stored.XSS MEDIUM" "button-block 1.1.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "button-block 1.1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "bloom 1.1.1 Privilege.Escalation HIGH" "brid-video-easy-publish 3.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.brid_override_yt.Shortcode MEDIUM" "brid-video-easy-publish 3.8.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "bulk-role-change No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "bridge-core 3.3.1 Missing.Authorization MEDIUM" "bridge-core 3.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bridge-core 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bridge-core 3.1.0 Reflected.XSS HIGH" "bulk-resize-media No.known.fix CSRF MEDIUM" "broadstreet 1.51.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.zone.Parameter MEDIUM" "bp-better-messages 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bulletin-announcements 3.12 Reflected.Cross-Site.Scripting HIGH" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bp-email-assign-templates 1.6 Reflected.XSS HIGH" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "book-a-place No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "banner-garden No.known.fix Reflected.XSS HIGH" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "background-control No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "bu-section-editing No.known.fix Reflected.XSS HIGH" "bu-section-editing No.known.fix Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buooy-sticky-header No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "background-takeover 4.1.5 Directory.Traversal HIGH" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "browsing-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "beautiful-taxonomy-filters No.known.fix Unauthenticated.SQL.Injection HIGH" "black-widgets 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bukza 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "build-private-store-for-woocommerce 1.1 Missing.Authorization MEDIUM" "build-private-store-for-woocommerce 1.1 Cross-Site.Request.Forgery MEDIUM" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "broken-link-checker 2.4.2 Admin+.SSRF MEDIUM" "broken-link-checker 2.4.1 Reflected.XSS HIGH" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.6 Authenticated.(Editor+).Path.Traversal LOW" "bold-page-builder 5.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.4 Missing.Authorization MEDIUM" "bold-page-builder 5.1.1 -.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "booking-and-rental-manager-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bu-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "bodi0s-easy-cache 0.9 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "bus-ticket-booking-with-seat-reservation 5.4.4 Cross-Site.Request.Forgery MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "blogger-301-redirect No.known.fix Unauthenticated.SQL.Injection.via.br HIGH" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "bus-booking-manager 4.2.3 Administrator+.Stored.XSS LOW" "button-contact-vr 4.7.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "blog-summary No.known.fix Contributor+.Stored.XSS MEDIUM" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bet-sport-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "backup-backup 1.4.6.1 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialize_replace' HIGH" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url MEDIUM" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "better-user-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookster 1.2.0 Unauthenticated.Appointment.Status.Update MEDIUM" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "boostify-header-footer-builder 1.3.7 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bookalet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bounce-handler-mailpoet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "branda-white-labeling 3.4.22 Reflected.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "bsk-gravityforms-blacklist 4.0 SQLi.via.CSRF MEDIUM" "bsk-gravityforms-blacklist 3.9 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "browser-theme-color No.known.fix Cross-Site.Request.Forgery.via.btc_settings_page MEDIUM" "bulkpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "bonjour-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "basticom-framework 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "boombox-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5..Unauthenticated.Blind.Stored.XSS MEDIUM" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "bvd-easy-gallery-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bpmnio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "biagiotti-membership 1.1 Authentication.Bypass.via.biagiotti_membership_check_facebook_user CRITICAL" "bot-for-telegram-on-woocommerce No.known.fix Authenticated.(Subscriber+).Telegram.Bot.Token.Disclosure.to.Authentication.Bypass HIGH" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "block-editor-bootstrap-blocks 6.6.2 Reflected.Cross-Site.Scripting.via.tab MEDIUM" "ba-book-everything 1.6.21 Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Cross-Site.Request.Forgery.to.Email.Address.Update/Account.Takeover HIGH" "ba-book-everything 1.6.21 Unauthenticated.Arbitrary.User.Password.Reset MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "booking-system No.known.fix Missing.Authorization MEDIUM" "booking-system 2.9.9.5.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Stored.XSS.via.CSRF HIGH" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "best-bootstrap-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "buk-appointments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "bilingual-linker 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "bulk-image-resizer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Options.Update MEDIUM" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.16 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "branding No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "cozy-addons 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "cf7-styler No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.9 Reflected.XSS MEDIUM" "cf7-styler 1.6.9 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "consensu-io 1.0.4 Unauthenticated.Settings.Update MEDIUM" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "country-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "country-blocker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-syndication-toolkit-reader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "coins-marketcap 5.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "chatroll-live-chat 2.6.0 Contributor+.Stored.XSS MEDIUM" "copy-the-code 4.0.4 Contributor+.Stored.XSS MEDIUM" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "contact-form-to-email 1.3.53 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "convert-docx2post No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "css-js-files 1.5.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-icons-for-elementor 0.3.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "check-pincode-for-woocommerce 1.2 Reflected.Cross-Site.Scripting MEDIUM" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "coub No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-master No.known.fix Reflected.XSS HIGH" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "crm2go No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Missing.Authorization MEDIUM" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "contact-form-to-any-api 1.2.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form HIGH" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "cab-grid 1.6 Admin+.Stored.XSS LOW" "collapsing-categories 3.0.9 Unauthenticated.SQL.Injection HIGH" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "category-d3-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "cities-shipping-zones-for-woocommerce 1.2.8 Authenticated.(Shop.Manager+).Local.File.Inclusion HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "captcha 4.4.5 Backdoored MEDIUM" "cart-lift 3.1.6 Reflected.XSS HIGH" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "cryptocurrency-price-widget 1.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "creative-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-slider-block 3.1.6 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "contact-page-with-google-map No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "customer-reviews-woocommerce 5.62.0 Missing.Authorization.to.Authenticated.(Subscriber+).Import.Cancellation MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "cm-header-footer-script-loader 1.2.2 Reflected.XSS HIGH" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "captchelfie-captcha-by-selfie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "csv-to-html 3.15 Reflected.Cross-Site.Scripting HIGH" "csv-to-html 3.27 Subscriber+.Arbitrary.File.Upload CRITICAL" "comments-on-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clasify-classified-listing No.known.fix Reflected.XSS HIGH" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copy-move-posts No.known.fix Missing.Authorization MEDIUM" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "cookielay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cookielay.Shortcode MEDIUM" "categorycustomfields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "coupon-referral-program No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "coupon-referral-program No.known.fix Sensitive.Information.Disclosure MEDIUM" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "cm-video-lesson-manager 1.8.3 Reflected.XSS HIGH" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-reply-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "compare-ninja-comparison-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "clyp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "clicksend-lead-capture-form No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Message.Deletion MEDIUM" "companion-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-telegram 0.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Subscription.Approve/Pause/Refuse MEDIUM" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comfino-payment-gateway 4.1.2 Reflected.Cross-Site.Scripting HIGH" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "coschool No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "cubewp-forms No.known.fix Missing.Authorization MEDIUM" "cubewp-forms 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "carrrot No.known.fix Admin+.Stored.XSS LOW" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Creation MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Updates/Deletions MEDIUM" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "campaign-monitor-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "ce21-suite 2.2.1 Unauthenticated.Privilege.Escalation CRITICAL" "ce21-suite No.known.fix JWT.Token.Disclosure CRITICAL" "ce21-suite 2.2.1 Authentication.Bypass CRITICAL" "ce21-suite No.known.fix Missing.Authorization.to.Unauthenticated.Plugin.Settings.Change MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cm-table-of-content 1.2.4 Stored.XSS.via.CSRF HIGH" "cm-table-of-content 1.2.3 Settings.Reset.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "connect-contact-form-7-to-constant-contact-v3 1.5 Reflected.Cross-Site.Scripting MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-anti-spambot No.known.fix Missing.Authorization MEDIUM" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "clients No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.livesite-pay.Shortcode MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cf7-multi-step 2.7.8 Unauthenticated.SQL.Injection HIGH" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "create-flipbook-from-pdf No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked-pro 1.8.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cooked-pro 1.8.0 Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "comment-emailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "content-blocks-builder 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.288 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "conditional-menus 1.2.1 Reflected.XSS HIGH" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "cc-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "cosmosfarm-share-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.75 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.77 Admin+.Stored.XSS.via.Custom.Styles LOW" "cp-polls 1.0.77 Admin+.Stored.Cross-Site.Scripting LOW" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "ck-and-syntaxhighlighter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "copyright-safeguard-footer-notice No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-mollie No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "cf7-mollie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.4.5 Multiple.Issues HIGH" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "common-tools-for-site No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "cs-element-bucket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "cookie-consent-autoblock No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clearfy 2.2.5 Missing.Authorization MEDIUM" "clearfy No.known.fix Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "charitydonation-thermometer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "csv-wc-product-import-export No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "countdown-timer-block No.known.fix Contributor+.Stored.XSS MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.confetti-fall-animation.Shortcode MEDIUM" "classified-listing 3.1.16 Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update HIGH" "classified-listing 3.1.17 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "cresta-addons-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "continue-shopping-from-cart-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization.to.Authenticated.(Contributor+).PHP.Object.Injection HIGH" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization MEDIUM" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "cmsmasters-content-composer 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "custom-settings No.known.fix Admin+.Stored XSS LOW" "cf7-dynamics-crm 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "custom-skins-contact-form-7 No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Update.and.Skin.Creation MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "caching-compatible-cookie-optin-and-javascript 0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "cf7save-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "client-power-tools 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "cmsmasters-elementor-addon 1.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "chalet-montagne-com-tools No.known.fix Reflected.XSS HIGH" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "cardealerpress 6.7.2411.00 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cubewp-framework 1.1.16 Missing.Authorization MEDIUM" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "codepen-embedded-pen-shortcode 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "cpt-to-map-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-shortcode-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "conversion-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "code-explorer No.known.fix Authenticated.(Admin+).External.File.Reading MEDIUM" "coupon-lite 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coupon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "computer-repair-shop 3.8120 Authenticated.(Customer+).Privilege.Esclation.via.Account.Takeover CRITICAL" "computer-repair-shop 3.8122 Missing.Authorization.to.Account.Takeover/Privilege.Escalation HIGH" "computer-repair-shop 3.8116 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "crudlab-google-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "content-protector 4.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "cj-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "changyan No.known.fix Missing.Authorization MEDIUM" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "cricket-score No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "custom-twitter-feeds 2.2.4 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.2.3 Admin+.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "crazy-call-to-action-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "co-marquage-service-public 0.5.77 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "checkout-mestres-wp 8.6.1 Authenticated.(Admin+).Local.File.Inclusion HIGH" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.type.Parameter MEDIUM" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "contest-gallery 25.1.2 Authenticated.(Author+).SQL.Injection MEDIUM" "contest-gallery 24.0.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 24.0.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "contest-gallery 24.0.4 Unauthenticated.SQL.Injection CRITICAL" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "cleantalk-spam-protect 6.45 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.44 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "crafty-social-buttons 1.5.8 XSS MEDIUM" "customer-area 8.2.5 Event.Log.Deletion.via.CSRF MEDIUM" "customer-area 8.2.5 Bulk.Delete.via.CSRF MEDIUM" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "coblocks 3.1.14 Missing.Authorization MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "content-security-policy-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-wp-rest-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-campaign-monitor-extension No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "critical-site-intel-stats No.known.fix Unauthenticated.SQL.Injection CRITICAL" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "codecolorer 0.10.1 CodeColorer.<.0,10,1..Admin+.Stored.Cross-Site.Scripting LOW" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "custom-banners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "custom-css 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "canvasflow No.known.fix Reflected.XSS HIGH" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "custom-url-shorter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "create-with-code 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "contact-form-7-mailchimp-extension No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Update MEDIUM" "chatbot-chatgpt 2.1.9 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Assistant.Modification MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Addition MEDIUM" "chatbot-chatgpt 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Deletion MEDIUM" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "cart66-lite 1.5.5 XSS MEDIUM" "category-posts 4.9.18 Admin+.Stored.XSS LOW" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cm-email-blacklist 1.5.4 Reflected.XSS HIGH" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "create-custom-dashboard-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-custom-dashboard-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "clickwhale 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cm-answers 3.2.7 Missing.Authorization MEDIUM" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "cardgate 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "crelly-slider 1.4.7 Admin+.Stored.XSS LOW" "crelly-slider 1.4.6 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cm-pop-up-banners 1.7.6 Reflected.XSS HIGH" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "customize-my-account-for-woocommerce 2.7.30 Reflected.Cross-Site.Scripting.via.tab.Parameter MEDIUM" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "call-now-button 1.4.14 Cross-Site.Request.Forgery MEDIUM" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "charity-addon-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "charity-addon-for-elementor 1.3.3 Contributor+.Stored.XSS MEDIUM" "charity-addon-for-elementor 1.3.2 .Contributor+.Stored.XSS MEDIUM" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "custom-admin-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "cryout-serious-slider 1.2.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "cwd-3d-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-simple-rss 2.0.7 CSRF MEDIUM" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "currency-converter-widget-pro 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "category-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "car-demon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "code-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "chronoforms No.known.fix CSRF MEDIUM" "croma-music 3.6.1 Authenticated.(Subscriber+).Arbitrary.Options.Update.in.ironMusic_ajax HIGH" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "call-me-now No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "cf7-constant-contact No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "christian-science-bible-lesson-subjects 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "cultbooking-booking-engine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.2.64 Denial.of.Service MEDIUM" "calculated-fields-form 5.2.46 HTML.Injection MEDIUM" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "chameleon-jobs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cost-calculator-builder-pro 3.2.16 Unauthenticated.SQL.Injection.via.data HIGH" "cost-calculator-builder-pro No.known.fix .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "configure-conference-room No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "countdown-wpdevart-extended 1.8.3 Admin+.Stored.XSS LOW" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "chamber-dashboard-business-directory 3.3.11 Missing.Authorization MEDIUM" "chamber-dashboard-business-directory 3.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "custom-post-type-lockdown No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "combo-wp-rewrite-slugs No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "control-horas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "card-games No.known.fix CSRF.Bypass NONE" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "chessgame-shizzle 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "clicksold-wordpress-plugin No.known.fix Admin+.XSS LOW" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "contentlock No.known.fix Groups/Emails.Deletion.via.CSRF MEDIUM" "contentlock No.known.fix Settings.Update.via.CSRF MEDIUM" "contentlock No.known.fix Email.Adding.via.CSRF MEDIUM" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "cm-on-demand-search-and-replace 1.4.3 Reflected.XSS HIGH" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "connatix-video-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "conversational-forms 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "course-migration-for-learndash No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "course-booking-system No.known.fix Unauthenticated.SQL.Injection HIGH" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "codesnips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-summary-and-print 1.2.6 Settings.Update.via.CSRF MEDIUM" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "custom-login-page No.known.fix Reflected.XSS HIGH" "cab-fare-calculator 1.1.7 Admin+.Stored.XSS LOW" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cookie-notice 2.4.18 Admin+.Stored.XSS LOW" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "chained-quiz 1.3.3 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "cognito-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "curatorio 1.9.2 Contributor+.Stored.XSS MEDIUM" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.5 XSS MEDIUM" "custom-field-template 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "custom-post-limits No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "cf7-repeatable-fields 2.0.2 Repeatable.Fields.<.2.0.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.field_group.Shortcode MEDIUM" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "custom-field-manager No.known.fix Reflected.XSS.Vulnerability HIGH" "category-ajax-filter 2.8.3 Unauthenticated.Local.File.Inclusion CRITICAL" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cf7-google-sheets-connector 5.0.18 Missing.Authorization MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "custom-post-type-gui No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "charitable 1.8.3.1 Reflected.Cross-Site.Scripting MEDIUM" "charitable 1.8.1.15 Insecure.Direct.Object.Reference.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.5.14 Unauthorised.Access HIGH" "country-flags-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "custom-database-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "calendar No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "cbxpetition No.known.fix Unauthenticated.SQLi HIGH" "court-reservation 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cj-change-howdy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contest-code-checker 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cyan-backup 2.5.4 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "cookie-scanner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cardealer 4.48 Missing.Authorization MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "code-generator-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "countdown-time 1.2.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "compact-wp-audio-player 1.9.15 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "compact-wp-audio-player 1.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_embed_player.Shortcode MEDIUM" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "custom-widget-classes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.43 Settings.update.via.CSRF MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cp-contact-form-with-paypal 1.3.53 Cross-Site.Request.Forgery MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "comments-import-export-woocommerce 2.3.9 Authenticated.(Author+).Arbitrary.File.Read.via.Directory.Traversal MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "correosoficial No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "clickbank-storefront No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chart-builder 2.9.6 Unauthenticated.Local.File.Inclusion.via.source CRITICAL" "chart-builder 2.7.7 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "cnzz51la-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chesstempoviewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "custom-field-for-wp-job-manager 1.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "collect-and-deliver-interface-for-woocommerce 5.5.6 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "cms-press No.known.fix Admin+.Stored.XSS LOW" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "crm-memberships No.known.fix Admin+.Stored.XSS LOW" "cm-business-directory 1.4.2 Reflected.XSS HIGH" "counter-box 2.0.6 Cross-Site.Request.Forgery MEDIUM" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "captcha-bank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chative-live-chat-and-chatbot 1.2 Channel/Org.ID.Update.via.CSRF MEDIUM" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-post-type-templates-for-elementor 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "clevernode-related-content 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "classic-editor-and-classic-widgets 1.4.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "category-icon 1.0.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "coming-soon 6.18.4 Editor+.Stored.XSS MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "css-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "content-audit-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Editor+).Local.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Contributor+).Limited.Local.PHP.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "crypto 2.16 Cross-Site.Request.Forgery.to.Authentication.Bypass HIGH" "crypto 2.19 Authentication.Bypass.via.log_in CRITICAL" "crypto 2.20 Authentication.Bypass.via.register CRITICAL" "copyscape-premium 1.4.0 Stored.XSS.via.CSRF HIGH" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cc-canadian-mortgage-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "clover-online-orders 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.moo_receipt_link.Shortcode MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "colour-smooth-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "catch-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "competition-form No.known.fix Reflected.XSS HIGH" "competition-form No.known.fix Competition.Deletion.via.CSRF MEDIUM" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-list-table-example No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "capitalize-my-title No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "cf-geoplugin 8.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin 8.7.0 Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "category-post-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "codebard-help-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codebard-help-desk 1.1.2 Cross-Site.Request.Forgery MEDIUM" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "content-no-cache 0.1.3 Unauthenticated.Private.Content.Disclosure MEDIUM" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto No.known.fix Unauthenticated.Blind.SSRF MEDIUM" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "contact-form-generator No.known.fix Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "campus-explorer-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "cluevo-lms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Cross-Site.Request.Forgery.to.Module.Deletion MEDIUM" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "custom-registration-form-builder-with-submission-manager 6.0.2.7 Unauthenticated.Privilege.Escalation.via.Password.Recovery CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "crafthemes-demo-import No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload.in.process_uploaded_files HIGH" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "case-study No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captivatesync-trade 2.0.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "classy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cssjockey-add-ons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "cf7-conditional-fields 2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked..Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "church-admin 5.0.9 Missing.Authorization MEDIUM" "church-admin 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "cookiebot 3.6.1 CSRF.&.XSS LOW" "contests-from-rewards-fuel 2.0.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "cliptakes 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "common-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cpo-content-types 1.1.1 Admin+.Stored.XSS LOW" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "chat-viber 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-forms 1.9.5 Missing.Authorization.to.Unauthenticated.Form.Submission.Download MEDIUM" "contact-forms 1.9.3 Cross-Site.Request.Forgery.via.process_bulk_action.Function MEDIUM" "contact-forms 1.9.1 Admin+.Stored.XSS LOW" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "customizable-captcha-and-contact-us-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "cryptocurrency-widgets-for-elementor 1.6.5 Unauthenticated.Local.File.Inclusion HIGH" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "caldera-smtp-mailer No.known.fix Missing.Authorization MEDIUM" "contact-form-7-dynamic-text-extension 5.0.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-dynamic-text-extension 4.5.1 Information.Disclosure.via.Shortcode MEDIUM" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "cf7-email-add-on No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatplusjp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "connections No.known.fix Authenticated.(Admin+).Arbitrary.Directory.Deletion MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "community-yard-sale No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "candifly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "contact-form-by-supsystic 1.7.29 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Admin+).Remote.Code.Execution HIGH" "contact-form-by-supsystic 1.7.28 CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "clipart No.known.fix Reflected.XSS HIGH" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "cf7-cc-avenue-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "constant-contact-forms-by-mailmunch 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "contact-forms-anti-spam 2.2.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Change MEDIUM" "contact-forms-anti-spam 2.1.3 Advanced.Spam.protection.<.2.1.3.-.Admin+.Stored.XSS LOW" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "contact-form-7-paypal-add-on 2.3.2 PayPal.&.Stripe.Add-on.<.2.3.2.-.Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "clickdesigns 2.0.0 Missing.Authorization.to.API.Key.Modification.or.Removal MEDIUM" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "devrix-dark-site 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "darkmysite No.known.fix Cross-Site.Request.Forgery MEDIUM" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dynamic-url-seo 1.2 Cross-Site.Request.Forgery MEDIUM" "dynamic-url-seo 1.2 Reflected.XSS HIGH" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "devoluciones-packback No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "donations-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "depay-payments-for-woocommerce 2.12.18 Missing.Authorization.to.Information.Exposure MEDIUM" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "dashing-memberships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devexhub-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dejureorg-vernetzungsfunktion 1.98.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "debug-tool No.known.fix Missing.Authorization MEDIUM" "debug-tool No.known.fix Unauthenticated.Arbitrary.File.Creation CRITICAL" "debug-tool No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "drop-shadow-boxes 1.7.15 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "devnex-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "dp-intro-tours 6.5.3 Reflected.Cross-Site.Scripting MEDIUM" "dp-addthis No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "ds-site-message No.known.fix Cross-Site.Request.Forgery MEDIUM" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "device-detector 4.2.1 Reflected.Cross-Site.Scripting.via.id MEDIUM" "dollie 6.2.1 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "disable-admin-notices No.known.fix Cross-Site.Request.Forgery MEDIUM" "dn-shipping-by-weight 1.2 Settings.Update.via.CSRF MEDIUM" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "debrandify 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "different-shipping-and-billing-address-for-woocommerce 1.3 Unauthenticated.SQL.Injection HIGH" "dc-woocommerce-multi-vendor 4.2.15 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "dc-woocommerce-multi-vendor 4.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Cross-Site.Request.Forgery.to.Vendor.Updates MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Missing.Authorization.to.Forged.Vendor.Profile.Deletion.Email.Sending MEDIUM" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "depicter 3.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Missing.Authorization MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "directorypress 3.6.20 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "directorypress 3.6.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "directorypress 3.6.11 Contributor+.SQL.Injection HIGH" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "dancepress-trwa No.known.fix Cross-Site.Request.Forgery MEDIUM" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "debounce-io-email-validator 5.6.6 Reflected.Cross-Site.Scripting MEDIUM" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "documentpress-display-any-document-on-your-site No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-future-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 IP.Spoofing MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "display-widgets 2.7 Backdoored MEDIUM" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28..Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "debug 1.11 CSRF MEDIUM" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "dtc-documents No.known.fix Cross-Site.Request.Forgery MEDIUM" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "duogeek-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "dental-optimizer-patient-generator-app No.known.fix Reflected.XSS HIGH" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "dr-affiliate No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "dforms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "datasets-manager-by-arttia-creative No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "delucks-seo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "disabler 4.0.0 CSRF MEDIUM" "dark-mode 1.7 Stored.XSS MEDIUM" "dynamic-product-categories-design 1.1.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "domain-sharding No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "dzs-enable-debug No.known.fix Cross-Site.Request.Forgery MEDIUM" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "dino-game 1.2.0 Contributor+.Stored.XSS MEDIUM" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.3.04 Missing.Authorization MEDIUM" "download-manager 3.3.04 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "download-manager 3.3.04 Unauthenticated.Download.of.Password-Protected.Files MEDIUM" "download-manager 3.3.03 Admin+.Stored.XSS LOW" "download-manager 3.3.00 Contributor+.Stored.XSS LOW" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.99 Admin+.Stored.XSS LOW" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.51 Open.Redirect HIGH" "document-data-automation 1.6.2 Cross-Site.Request.Forgery MEDIUM" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "datamentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "data-tables-generator-by-supsystic 1.10.37 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "digipass No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "debranding No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "debranding No.known.fix Privilege.Escalation HIGH" "dynamic-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "do-that-task No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "df-draggable No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "demo-importer-plus 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "doofinder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dvk-social-sharing 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.6.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "da-reactions 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "digital-lottery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "daily-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "dsdownloadlist No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "dpt-oauth-client No.known.fix CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "deny-all-firewall 1.1.7 CSRF HIGH" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "download-monitor 5.0.14 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "download-monitor 5.0.13 Missing.Authorization.to.API.Key.Manipulation MEDIUM" "download-monitor 5.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Shop.Enable MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "duplicate-pp 3.5.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "droip No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "droip No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ds-cf7-math-captcha 3.0.1 Reflected.XSS HIGH" "dk-pdf 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "dominion-domain-checker-wpbakery-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "dynamic-post-grid-elementor-addon 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dynamic-to-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "daily-proverb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "don8 No.known.fix Admin+.Stored.XSS LOW" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.22 Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator No.known.fix Subscriber+.SQL.Injection HIGH" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "display-medium-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_medium_posts.Shortcode MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "designer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "designer 1.5.0 Contributor+.Local.File.Inclusion HIGH" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "definitive-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-plugin 2.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).User.Metadata.and.Comment.Download MEDIUM" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "database-backup 2.33 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dx-auto-save-images No.known.fix CSRF MEDIUM" "display-metadata No.known.fix Contributor+.Stored.XSS MEDIUM" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "dd-roles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "duplicate-theme No.known.fix CSRF MEDIUM" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "dr-widgets-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daily-prayer-time-for-mosques 2024.09.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Stored.XSS.via.CSRF HIGH" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "dynamictags No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "duplicate-title-validate 1.4 Subscriber+.SQL.Injection HIGH" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.47 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "debt-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "drozd-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "disc-golf-manager No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-terms-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "dts-simple-share No.known.fix Admin+.XSS LOW" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.6 Limited.Arbitrary.File.Deletion MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dsgvo-all-in-one-for-wp 4.7 Cross-Site.Request.Forgery.to.Account.Deletion MEDIUM" "dsgvo-all-in-one-for-wp 4.6 Contributor+.Stored.XSS MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dont-break-the-code No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "directorist 8.1 Unauthenticated.User.Information.Exposure MEDIUM" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "drop-in-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "donate-me No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "etemplates No.known.fix Unauthenticated.SQL.Injection CRITICAL" "envo-elementor-for-woocommerce 1.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-form-builder 3.8.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-youtube-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "eventer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Bookings.Export MEDIUM" "eventer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "eventer No.known.fix Missing.Authorization.to.Unauthenticated.Event.Ticket.Download MEDIUM" "eventer 3.9.9 Unauthenticated.SQL.Injection HIGH" "eventer 3.9.8 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "ect-social-share No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.5.4 Admin+.Stored.XSS LOW" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "ect-homepage-products No.known.fix Reflected.XSS HIGH" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Arbitrary.File.Upload HIGH" "enable-svg-webp-ico-upload 1.0.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.44 Admin+.SQL.Injection MEDIUM" "email-subscribers 5.7.35 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "email-subscribers 5.7.35 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "embed-ispring No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "extender-all-in-one-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eyewear-prescription-form 4.0.19 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "emailshroud No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "easy-tiktok-feed 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "external-videos No.known.fix Admin+.Stored.XSS LOW" "easy-replace No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "endomondowp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "eventify No.known.fix Admin+.Stored.XSS LOW" "elite-notification No.known.fix Missing.Authorization MEDIUM" "event-calendars No.known.fix Unauthenticated.Arbitrary.Calendar.Deletion MEDIUM" "email-on-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "eewee-admincustom No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "eewee-admincustom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "easy-menu-manager-wpzest No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "easy-tweet-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "eexamhall No.known.fix CSRF MEDIUM" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ezyonlinebookings-online-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "editor-custom-color-palette 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "embed-power-bi-reports 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "enteraddons 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.2.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons 2.2.0 Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "email-suscripcion No.known.fix Unauthenticated.SQL.Injection HIGH" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "events-calendar No.known.fix Admin+.Stored.XSS LOW" "extensions-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "envira-gallery-lite 1.8.16 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "elementskit 3.7.9 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "elo-rating-shortcode 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventon 4.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.7.-.Cross-Site.Request.Forgery.via.admin_test_email MEDIUM" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "easy-real-estate No.known.fix Privilege.Escalation CRITICAL" "easy-real-estate No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "event-tickets 5.18.1.1 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "easy-fancybox 2.3.4 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-fancybox 2.3.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "eventprime-event-calendar-management 4.0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Ticket.Category.and.Ticket.Type.Name HIGH" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Transaction.Log MEDIUM" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.4.6 Open.Redirect MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.5.0 .Subscriber+.Arbitrary.booking.settings.update MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-eu-cookie-law No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs No.known.fix Contributor+.Local.File.Inclusion HIGH" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ezplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "event-monster 1.4.4 Information.Exposure.Via.Visitors.List.Export MEDIUM" "event-monster 1.4.4 Unauthenticated.Information.Exposure MEDIUM" "event-monster 1.4.0 Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster No.known.fix Admin+.Stored.XSS LOW" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "explara-membership No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "exam-matrix No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ebecas No.known.fix Admin+.Stored.XSS LOW" "easyevent No.known.fix Admin+.Stored.XSS LOW" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "email-newsletter No.known.fix SQL.Injection CRITICAL" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.8 Missing.Authorization MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Title MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "easy-digital-downloads 3.3.5 3.3.4.-.Improper.Authorization.to.Paywall.Bypass LOW" "easy-digital-downloads 3.3.4 Authenticated.(Admin+).PHAR.Deserialization HIGH" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "encyclopedia-lexicon-glossary-wiki-dictionary 1.7.61 Reflected.Cross-Site.Scripting MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce No.known.fix Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "easy-code-snippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "export-users No.known.fix CSV.Injection MEDIUM" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "elfsight-telegram-chat-cc No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "enquiry-quotation-for-woocommerce 2.2.33.34 Authenticated.(Author+).PHP.Object.Injection.in.enquiry_detail.php HIGH" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "enable-shortcodes-inside-widgetscomments-and-experts No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "echoza No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "easy-faqs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.height.and.width.Parameters MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "event-post 5.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.events_cal.Shortcode MEDIUM" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post No.known.fix Post.Metadata.Update.via.CSRF MEDIUM" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "events-manager-pro-extended No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-liveblogs 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-shortcode-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "easy-blocks-pro No.known.fix Missing.Authorization HIGH" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-csv-importer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "events-calendar-for-google 3.0.0 Contributor+.Local.File.Inclusion HIGH" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 2.12.14 Missing.Authorization MEDIUM" "eu-vat-for-woocommerce 2.12.14 Reflected.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 3.0.0 Reflected.Cross-Site.Scripting HIGH" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "extensions-for-cf7 3.2.1 Authenticated.(Admin+).Sever-Side.Request.Forgery LOW" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "exclusive-divi No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "explara-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elevio No.known.fix Cross-Site.Request.Forgery MEDIUM" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "extra-privacy-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "elementary-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "error-notification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "email-capture-lead-generation No.known.fix Missing.Authorization MEDIUM" "eg-attachments No.known.fix Reflected.XSS HIGH" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-notifier 1.2.1 XSS MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "epoll-wp-voting No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic No.known.fix Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "event-tickets-with-ticket-scanner 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.12 Authenticated.(Author+).Remote.Code.Execution HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecommerce-product-catalog 3.3.44 Cross-Site.Request.Forgery.to.Password.Reset HIGH" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "easy-popup-lightbox-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "elementor-pro 3.25.11 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "everest-backup 2.2.14 Unauthenticated.Backup.Download HIGH" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "export-import-menus 1.9.2 Missing.Authorization.to.Unauthenticated.Menu.Export MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "edunext-openedx-integrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "email-template-customizer-for-woo 1.2.9.2 Shop.manager+.Stored.XSS LOW" "exit-notifier 1.10.6 Reflected.Cross-Site.Scripting MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "easy-post-types No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-post-types No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "event-espresso-decaf 5.0.31.decaf Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "easy-waveform-player 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "endless-posts-navigation 2.2.8 Cross-Site.Request.Forgery MEDIUM" "external-database-based-actions No.known.fix Authenticated.(Subscriber+).Authentication.Bypass HIGH" "ethereumico 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ethereum-ico.Shortcode MEDIUM" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eduadmin-booking 5.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox-premium No.known.fix Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "embedpress 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'provider_name' MEDIUM" "embedpress 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "estatik-mortgage-calculator 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "easy-social-sharebar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "error-log-viewer-wp 1.0.4 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "easy-site-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emoji-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "esb-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-block 1.2.5 Missing.Authorization MEDIUM" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "ele-blog No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Submission MEDIUM" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-real-estate 5.1.9 Cross-Site.Request.Forgery MEDIUM" "essential-real-estate 5.1.7 Missing.Authorization.to.Authenticated.(Contributor+).Information.Exposure MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-pricing-tables 3.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fontFamily.Attribute MEDIUM" "easy-pricing-tables 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "elemenda No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "evernote-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "erocket 1.2.5 Admin+.Stored.XSS LOW" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "external-featured-image-from-bing No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "embed-documents-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-twitter-feeds No.known.fix Authenticated.(Contributor+).Post.Exposure MEDIUM" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-form-under-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enable-accessibility No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-accessibility 1.4.1 CSRF MEDIUM" "exclusive-content-password-protect No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "eelv-redirection 1.5.1 Cross-Site.Request.Forgery.to.Arbitrary.Site.Redirect MEDIUM" "easy-paypal-events-tickets 1.2.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-post-to-post-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "ebook-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ebook-store No.known.fix Reflected.Cross-Site.Scripting.via.'step' MEDIUM" "ebook-store No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "ebook-store 5.78 Admin+.Stored.XSS LOW" "events-addon-for-elementor 2.2.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "events-addon-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 2.2.1 Contributor+.Stored.XSS MEDIUM" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-address-obfuscation 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "easy-youtube-gallery 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit-lite 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "ebook-download 1.2 Directory.Traversal HIGH" "export-woocommerce 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "ekc-tournament-manager 2.2.2 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ekc-tournament-manager 2.2.2 Delete.Tournaments.via.CSRF MEDIUM" "ekc-tournament-manager 2.2.2 Admin+.Arbitrary.File.Download LOW" "ekc-tournament-manager 2.2.2 Create.Tournaments/Teams.via.CSRF MEDIUM" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "elementor 3.25.10 Contributor+.Stored.XSS.via.Typography.Settings MEDIUM" "elementor 3.25.8 Contributor+.Stored.XSS MEDIUM" "elementor 3.24.6 Contributor+.Information.Exposure.via.get_image_alt LOW" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "elastik-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "express-pay 1.1.9 Unauthenticated.SQL.Injection.via.type_id HIGH" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ect-add-to-cart-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "etsy-importer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envato-elements 2.0.15 Author+.Server-Side.Request.Forgery MEDIUM" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "erp 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "essential-blocks 5.1.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SMTP.Header.Injection MEDIUM" "e-shops-cart2 No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.24 Authenticated.(Administrator+).SQL.Injection MEDIUM" "email-subscribe 1.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.print_email_subscribe_form.Shortcode MEDIUM" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "etruel-del-post-copies No.known.fix Missing.Authorization MEDIUM" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "email-obfuscate-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "easy-language-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "edoc-easy-tables No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-svg-upload No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "emc2-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ect-product-carousel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.12 Reflected.XSS HIGH" "enhanced-tooltipglossary 4.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.4 Admin+.Stored.XSS LOW" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "easy-tynt No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "easy-social-share-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "element-ready-lite 6.4.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "element-ready-lite 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "element-ready-lite 6.4.3 .Open.Redirect MEDIUM" "element-ready-lite 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ekiline-block-collection 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-twine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-demo-importer 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "event-registration-calendar-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-customers-data 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "everest-forms 3.0.8.1 Admin+.Stored.XSS LOW" "everest-forms 3.0.4.2 Admin+.Stored.XSS LOW" "everest-forms 3.0.3.1 Admin+.Stored.XSS LOW" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Author+).Sensitive.Information.Exposure.to.Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "extra-options-favicons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "eveeno 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization MEDIUM" "elementinvader-addons-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization.to.Arbitrary.Options.Read MEDIUM" "elementinvader-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementinvader-addons-for-elementor 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "event-countdown-timer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.7.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "exclusive-addons-for-elementor 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exhibit-to-wp-gallery No.known.fix Reflected.XSS HIGH" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "eelv-newsletter No.known.fix Cross-Site.Request.Forgery MEDIUM" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "evergreen-content-poster 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "emails-verification-for-woocommerce 2.9.0 Unauthenticated.SQL.Injection HIGH" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "essential-wp-real-estate No.known.fix Reflected.XSS HIGH" "essential-wp-real-estate No.known.fix Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "flower-delivery-by-florist-one 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fd-elementor-button-plus No.known.fix Contributor+.Stored.XSS MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "food-store No.known.fix Reflected.Cross-Site.Scripting HIGH" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "faltu-testimonial-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "featured-posts-scroll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-contact 2.8 Admin+.Stored.XSS LOW" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "front-editor 4.4.8 Admin+.Stored.XSS LOW" "front-editor 4.4.5 Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "filedownload No.known.fix Multiple.Issues CRITICAL" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "firework-videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "full-screen-page-background-image-slideshow No.known.fix Admin+.Stored.XSS LOW" "file-manager-advanced 5.2.14 5.2.13.-.Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.11 Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.fma_locale MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Limited.File.Upload MEDIUM" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "favicon-my-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin..FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "fancybox-for-wordpress 3.3.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "fwdmsp 8.0 Unauthenticated.Arbitrary.File.Read/Download HIGH" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "formidable 6.16.2 Reflected.Cross-Site.Scripting.via.Custom.HTML.Form.Parameter MEDIUM" "formidable 6.14.1 Admin+.Stored.XSS LOW" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "freshmail-newsletter 1.6 Unauthenticated.SQL.Injection HIGH" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "flash-show-and-hide-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "feedburner-optin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "fancy-user-listing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "forumwp 2.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "forumwp 2.1.3 Reflected.Cross-Site.Scripting HIGH" "forumwp 2.1.3 Reflected.Cross-Site.Scripting.via.url.Parameter HIGH" "forumwp 2.1.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "fare-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "files-download-delay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "forms-by-made-it 2.8.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "floatbox-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "float-block No.known.fix Admin+.Stored.XSS.via.Widget LOW" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "friendstore-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "fraudlabs-pro-sms-verification 1.10.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fonto 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "faq-builder-ays 1.7.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "fabrica-reusable-block-instances 1.0.9 Reflected.Cross-Site.Scripting HIGH" "featured-image-pro 5.15 Reflected.XSS HIGH" "flashcounter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-select-control-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "fediverse-embeds 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "featured-product-by-category-name No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.79.262 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.79.262 Missing.Authorization MEDIUM" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "flattr No.known.fix Admin+.Stored.XSS LOW" "fancy-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "flexmls-idx 3.14.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.API.parameters MEDIUM" "flexmls-idx 3.14.23 Reflected.Cross-Site.Scripting MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fantastic-elasticsearch No.known.fix Reflected.XSS HIGH" "filestack-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-action-buttons 1.0.1 Missing.Authorization MEDIUM" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "football-leagues-by-anwppro 0.16.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "fluent-smtp 2.2.81 Cross-Site.Request.Forgery MEDIUM" "fluent-smtp 2.2.83 Unauthenticated.PHP.Object.Injection HIGH" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "faq-and-answers 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flipping-cards 1.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "ferma-ru-net-checkout No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "falcon 2.8.4 Missing.Authorization MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "friendly-functions-for-welcart 1.2.5 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "fv-wordpress-flowplayer 7.5.48.7212 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection MEDIUM" "fancy-elementor-flipbox 2.5.2 Contributor+.Stored.XSs.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting HIGH" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "formaloo-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "footer-flyout-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "flashnews-fading-effect-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Cross-Site.Request.Forgery MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "fotomoto No.known.fix Reflected.XSS HIGH" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery-premium 2.4.27 Authenticated.(Contributor+).Directory.Traversal HIGH" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-data-collector 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "flexible-shipping-ups 3.0.0 Missing.Authorization.to.Plugin.API.key.reset MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "forminator 1.38.3 Reflected.XSS.via.Title.Parameter HIGH" "forminator 1.38.3 Admin+.Stored.XSS LOW" "forminator 1.36.1 Unauthenticated.Arbitrary.Quiz.Submissions.Update MEDIUM" "forminator 1.36.0 Missing.Authorization.to.Authenticated.(Contributor+).Form.Update.and.Creation HIGH" "forminator 1.36.0 Draft.Custom.Form.Creation.via.CSRF MEDIUM" "forminator 1.36.0 Draft.Quiz.Creation.via.CSRF MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "fintelligence-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "free-stock-photos-foter No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "feed-comments-number No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "fw-integration-for-emailoctopus No.known.fix Contributor+.Stored.XSS MEDIUM" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "feed-changer 0.3 Admin+.Stored.XSS LOW" "filebird 6.3.4 Missing.Authorization MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "full-customer 3.1.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "full-customer 3.1.23 Reflected.Cross-Site.Scripting MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "f4-improvements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.2.7 Unauthenticated.Stored.XSS.via.Form.Subject HIGH" "fluentform 5.2.1 Admin+.Stored.XSS LOW" "fluentform 5.1.20 Form.Manager+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "fontawesomeio-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flo-forms 1.0.43 Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "file-upload-types 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "full-circle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fundpress 2.0.7 Unauthenticated.PHP.Object.Injection HIGH" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "full-screen-menu-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "fast-video-and-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "fancy-product-designer 6.4.4 Unauthenticated.SQL.Injection HIGH" "fancy-product-designer 6.4.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "forms-3rdparty-post-again No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fat-rat-collect 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "free-wp-booster-by-ads-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fp-rss-category-excluder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "finance-calculator-with-application-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "friends 3.2.2 Missing.Authorization MEDIUM" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "facebook-conversion-pixel 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "fileorganizer 1.1.5 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "fileorganizer 1.1.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "fat-services-booking No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fat-services-booking No.known.fix Unauthenticated.SQL.Injection HIGH" "filester 1.8.7 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "filester 1.8.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "filester 1.8.6 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "flash-album-gallery 2.72 "s".Cross-Site.Scripting HIGH" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "fast-tube No.known.fix Reflected.XSS HIGH" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "futurio-extra 2.0.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.header_size.tag MEDIUM" "futurio-extra 2.0.14 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "futurio-extra 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "featured-page-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "flying-twitter-birds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 3.11.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "fusion-builder 3.11.13 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF MEDIUM" "feather-login-page 1.1.2 Missing.Authorization.to.Non-Arbitrary.User.Deletion HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "fs-poster No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "flat-ui-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.flatbtn.Shortcode MEDIUM" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "fish-and-ships 1.6 Reflected.Cross-Site.Scripting MEDIUM" "form-maker 1.15.33 .Admin+.Stored.XSS LOW" "form-maker 1.15.31 Admin+.Stored.XSS LOW" "form-maker 1.15.28 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "form-maker 1.15.31 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "form-maker 1.15.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Reflected.XSS HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "file-manager 6.5.8 Authenticated.(Subscriber+).Limited.JavaScript.File.Upload MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-download-manager No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "funnelforms-free No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "fws-ajax-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "facebook-like-send-button 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "fancy-roller-scroller 1.4.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "foundation-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "floating-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "flaming-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "flaming-forms No.known.fix Reflected.XSS HIGH" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "fifthsegment-whitelist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fluent-support 1.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fluent-support 1.8.1 Insufficient.Authorization.on.Email.Verification MEDIUM" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "fv-descriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "find-your-reps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "fruitcake-horsemanager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "fence-url No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "folder-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexible-coupons 1.10.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "formafzar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "guten-free-options No.known.fix Reflected.XSS HIGH" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-cse No.known.fix Admin+.Stored.XSS LOW" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "geoflickr 1.4 Reflected.Cross-Site.Scripting MEDIUM" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 5.0.06 XSS MEDIUM" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_do_shortcode().Function HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_ajax_get_logs.Function HIGH" "gamipress 7.2.2 Unauthenticated.SQL.Injection.via.orderby.Parameter HIGH" "gamipress 7.1.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_get_user_earnings HIGH" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "gtg-advanced-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "gutentor 3.4.4 Contributor+.Stored.XSS MEDIUM" "gutentor 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "green-wp-telegram-bot-by-teplitsa No.known.fix Telegram.Bot.for.WP.<=.1.3.-.Telegram.Bot.Token.Disclosure HIGH" "gdpr-personal-data-reports No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "get-post-content-shortcode No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.post_content.Shortcode MEDIUM" "guten-post-layout 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "geo-mashup 1.13.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.geo_mashup_visible_posts_list.Shortcode MEDIUM" "geo-mashup 1.13.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "getwid 2.1.12 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "getwid 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "gwolle-gb 4.7.2 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Cross-Site.Request.Forgery.(CSRF) CRITICAL" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "gmaps-for-visual-composer-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "gmap-point-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gulri-slider 3.5.9 Reflected.Cross-Site.Scripting MEDIUM" "gold-addons-for-elementor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).License.Activation/Deactivation MEDIUM" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "graph-lite No.known.fix Missing.Authorization MEDIUM" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "gs-instagram-portfolio No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Injection MEDIUM" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "gpx-viewer 2.2.10 Subscriber+.Arbitrary.File.Creation HIGH" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "grid-view-gallery No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "gt3-photo-video-gallery 2.7.7.25 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.25.-.Reflected.Cross-Site.Scripting MEDIUM" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "geodatasource-country-region-dropdown 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "geo-targetly-geo-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gianism 5.2.1 Admin+.Stored.XSS LOW" "goqsmile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "geodirectory 2.3.85 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "gallery-videos 2.4.3 Authenticated.(Administrator+).SQL.Injection HIGH" "gallery-videos 2.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "gs-portfolio 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "google-visualization-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gd-rating-system 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.extra_class.Parameter MEDIUM" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "golf-tracker No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gmap-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goodlayers-core 2.1.3 Subscriber+.Stored.XSS.via.SVG.Upload HIGH" "goodlayers-core 2.0.10 Contributor+.Stored.XSS MEDIUM" "goodlayers-core 2.0.8 Reflected.Cross-Site.Scripting.via.'font-family' MEDIUM" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "garden-gnome-package 2.4.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "garden-gnome-package 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "gallery-images-ape No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "greencon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gravity-forms-toolbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geotagged-media No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "glomex-oembed 0.9.2 Contributor+.Stored.XSS MEDIUM" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-and-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "gn-publisher 1.5.6 Reflected.XSS HIGH" "gift-cards-for-woocommerce-pro 2.9.2 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "gmw-premium-settings 3.1 Admin+.Arbitrary.File.Upload MEDIUM" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "google-maps-travel-route No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "google-plus-share-and-plusone-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "groundhogg 3.7.3.6 Authenticated.(Author+).Arbitrary.File.Upload.via.gh_big_file_upload.Function HIGH" "groundhogg 3.7.3.4 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 1.3.11.8 Authenticated.SQL.Injection HIGH" "google-typography No.known.fix Missing.Authorization MEDIUM" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "greenshift-animation-and-page-builder-blocks 9.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Server-Side.Request.Forgery.and.Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.9.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "greenshift-animation-and-page-builder-blocks 9.8 Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "g-meta-keywords No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-lightbox-slider 1.0.0.41 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "gum-elementor-addon 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "gou-wc-account-tabs 1.0.1.9 Missing.Authorization MEDIUM" "giga-messenger-bots No.known.fix Reflected.XSS HIGH" "globe-gateway-e4 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "google-docs-rsvp-guestlist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "gsheetconnector-forminator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-org-chart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gmo-social-connection No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "gtm-server-side 2.1.20 Reflected.Cross-Site.Scripting MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "git-sync No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "genesis-style-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gboy-custom-google-map No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "gdpr-consent-manager 1.0.1 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks 3.1.4 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "gdpr-cookie-consent 3.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Whitelist.Script MEDIUM" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed No.known.fix Unauthenticated.Settings.Update MEDIUM" "google-website-translator 1.4.12 Google.Website.Translator.<.1.4.12.-.Authenticated.(Admin+).PHP.Object.Injection CRITICAL" "guardgiant No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "gerryworks-post-by-mail No.known.fix Contributor+.Privilege.Escalation HIGH" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_prompts HIGH" "gpt3-ai-content-generator 1.8.97 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_ai_forms HIGH" "gpt3-ai-content-generator 1.8.97 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "gpt3-ai-content-generator 1.8.90 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "gym-management 67.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gym-management 67.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "gravatarlocalcache No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "glofox-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "giveaways-contests-by-promosimple No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "give 3.19.4 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.3 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.0 Reflected.XSS HIGH" "give 3.16.4 Unauthenticated.PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "give 3.16.2 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.16.2 Authenticated.(GiveWP.Manager+).SQL.Injection.via.order.Parameter MEDIUM" "give 3.16.0 Cross-Site.Request.Forgery MEDIUM" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "google-listings-and-ads 2.8.7 Information.Disclosure.via.Publicly.Accessible.PHP.Info.File MEDIUM" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "get-a-quote-button-for-woocommerce 1.5 Unauthenticated.Arbitrary.Shortcode.Execution.via.fire_contact_form HIGH" "gatormail-smart-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "google-map-professional No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-map-professional No.known.fix Reflected.XSS HIGH" "geolocator No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "goqmieruca No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "giveaway-boost No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gs-projects 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "gf-multi-uploader No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "gallery-for-ultimate-member 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "gallery-for-ultimate-member 1.1.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gutensee 1.0.7 Contributor+.Stored.XSS MEDIUM" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "grid-plus No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.via.grid_plus_load_by_category HIGH" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "graphicsly No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "genoo 6.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "geoportail-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gaxx-keywords No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting HIGH" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "glossy No.known.fix Reflected.XSS HIGH" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "get-a-quote-for-woocommerce No.known.fix Unauthenticated.Quote.PDF.and.CSV.Download MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "grid-accordion-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "goanimate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "greek-namedays-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-custom-style No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "go-social No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "guild-armory-roster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "gdreseller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "googledrive-folder-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenbergs.wordpress/url.package MEDIUM" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "gravityforms 2.9.2 Unauthenticated.Stored.Cross-Site.Scripting.via.'alt'.parameter HIGH" "gravityforms 2.9.2 2.9.1.3.-.Unauthenticated.Stored.Cross-Site.Scripting.via.'style_settings'.parameter MEDIUM" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "goldstar No.known.fix Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 8.2.0 Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "gs-dribbble-portfolio 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "gutenkit-blocks-addon 2.1.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "grey-owl-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getresponse 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gtpayment-donation No.known.fix Stored.XSS.via.CSRF HIGH" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "genki-announcement No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.1 Missing.Authorization.via.get_field_options_ajax MEDIUM" "geo-my-wp 4.5 Admin+.Arbitrary.File.Upload MEDIUM" "geo-my-wp 4.5.0.4 Reflected.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "gdy-modular-content 0.9.93 Reflected.Cross-Site.Scripting MEDIUM" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "gap-hub-user-role No.known.fix Cross-Site.Request.Forgery MEDIUM" "gs-coach 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-logo-slider 3.7.1 Settings.Update.via.Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "gallerio No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "google-map-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "gift-voucher 4.4.5 Author+.Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "ganohrs-toggle-shortcode 0.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gantry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "geocache-stat-bar-widget No.known.fix Admin+.Stored.XSS LOW" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenium No.known.fix Contributor+.Stored.XSS MEDIUM" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "hipaatizer 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "hello-in-all-languages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "hm-testimonial 1.5 Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "header-footer-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-virtual-classroom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "heat-trackr 1.01 XSS MEDIUM" "ht-builder 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hestia-nginx-cache 2.4.1 Missing.Authorization MEDIUM" "hide-links No.known.fix Unauthenticated.Shortcode.Execution MEDIUM" "hybrid-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hash-form 1.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Form.Style.Creation MEDIUM" "hash-form 1.2.0 Drag.&.Drop.Form.Builder.<.1.2.0.-.Unauthenticated.Limited.File.Upload MEDIUM" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hostfact-bestelformulier-integratie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hits-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "hide-my-wp 5.3.02 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.47 Contributor+.Stored.XSS.via.Page.Title.Widget MEDIUM" "header-footer-elementor 1.6.46 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "header-footer-elementor 1.6.44 Authenticated.(Contributor+).Information.Disclosure.via.Shortcode MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "hide-category-by-user-role-for-woocommerce 2.2 Subscriber+.Arbitrary.Content.Deletion MEDIUM" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "hoo-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "html5-video-player 2.5.36 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.heading.Parameter MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "hurrytimer 2.11.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Publication MEDIUM" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "hq-rental-software No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "hover-video-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hotlink2watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "hyve-lite 1.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "hunk-companion 1.9.0 Unauthenticated.Plugin.Installation CRITICAL" "hunk-companion 1.8.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "help-scout No.known.fix Missing.Authorization MEDIUM" "hitpay-payment-gateway No.known.fix Information.Exposure.via.Log.Files MEDIUM" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "happy-elementor-addons 3.15.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison MEDIUM" "happy-elementor-addons 3.12.4 Missing.Authorization MEDIUM" "happy-elementor-addons 3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hash-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hash-elements 1.4.8 Missing.Authorization.to.Unauthenticated.Draft.Post.Title.Exposure MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "host-php-info No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "highlight 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "haxcan No.known.fix CSRF.Bypass MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "horoscope-and-tarot 1.3.1 Contributor+.Stored.XSS MEDIUM" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "hack-me-if-you-can No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "hotspots No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "helloasso 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "horizontal-line-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "house-manager No.known.fix Reflected.XSS HIGH" "history-collection No.known.fix Arbitraty.File.Download HIGH" "hebrewdates 2.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "halfdata-optin-downloads No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "https-links-in-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "helloprint 2.0.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hello-world 2.2.0 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "hello-event-widgets-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "hyperlink-group-block 1.17.6 Contributor+.Stored.XSS MEDIUM" "hurrakify 8.0.1 Unauthenticated.Server-Side.Request.Forgery HIGH" "html-forms 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "hb-audio-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "heateor-social-login 1.1.36 Authentication.Bypass HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hrm 2.2.6 Multiple.Issues HIGH" "happiness-reports-for-help-scout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "helpie-faq 1.28 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hacklog-downloadmanager No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "happyforms 1.26.3 Admin+.Stored.XSS LOW" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "hive-support 1.1.7 Missing.Authorization MEDIUM" "hive-support 1.1.3 Cross-Site.Request.Forgery MEDIUM" "hive-support 1.1.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hive-support 1.1.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "htaccess-file-editor 1.0.20 Unauthenticated.Information.Exposure MEDIUM" "htaccess-file-editor 1.0.19 Missing.Authorization MEDIUM" "hls-player 1.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "hq60-fidelity-card No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "hero-banner-ultimate No.known.fix Author+.Local.File.Inclusion HIGH" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "hms-testimonials 2.0.11 CSRF MEDIUM" "ht-team-member 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htteamember.Shortcode MEDIUM" "html5-lyrics-karaoke-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "hola-free-video-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "horizontal-scroll-image-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "ht-mega-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block_css.and.inner_css MEDIUM" "ht-mega-for-elementor 2.6.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.template_id MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "huurkalender-wp 1.6.0 Contributor+.Stored.XSS MEDIUM" "hide-shipping-method-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hd-quiz-save-results-light 0.6 Missing.Authorization MEDIUM" "ht-contactform 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hack-info 3.18 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ht-event No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.HT.Event:.Sponsor MEDIUM" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "houzez-login-register 3.3.0 Subscriber+.Privilege.Escalation.via.Account.Takeover HIGH" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "inpost-gallery 2.1.4.3 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.inpost_gallery_get_shortcode_template MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.38.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "ithemelandco-woo-report 1.5.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-elementor-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "inline-click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "increase-sociability No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "inline-svg-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "if-menu 0.19.2 Missing.Authorization.to.License.Key.Update MEDIUM" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "internal-link-shortcode No.known.fix Unauthenticated.SQL.Injection HIGH" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "ia-map-analytics-basic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instabot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "imbachat-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "i-plant-a-tree 1.7.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "i-plant-a-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "isee-products-extractor 2.1.4 .Reflected.Cross-Site.Scripting HIGH" "imagemagick-engine 1.7.11 Administrator+.OS.Command.Injection MEDIUM" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "ip-loc8 No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "images-optimize-and-upload-cf7 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "instant-chat-wp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "idealien-category-enhancements No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "if-so 1.9.2.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.8.0.3 Contributor+.Shortcode.Stored.XSS MEDIUM" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "image-gallery-box-by-crudlab No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "image-horizontal-reel-scroll-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "iphone-webclip-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ink-official No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "infinite-scroll No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "intelly-posts-footer-manager 2.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Admin+.Stored.XSS LOW" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "icon-widget-with-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "iframe-to-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iteras No.known.fix Cross-Site.Request.Forgery MEDIUM" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 2.2.5 Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ibryl-switch-user No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "iksweb 3.8 Admin+.Stored.XSS LOW" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "icestats No.known.fix Cross-Site.Request.Forgery MEDIUM" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress No.known.fix Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress No.known.fix Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "intelliwidget-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "ipblocklist No.known.fix CSRF MEDIUM" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "image-gallery 1.3.0 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Post.Title.Update MEDIUM" "image-mapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "increase-upload-file-size-maximum-execution-time-limit 3.0 Reflected.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "image-carousel-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "ibtana-visual-editor 1.2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "icons-enricher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "incredible-font-awesome No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "invoice-payment-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "ifolders 1.5.1 Admin+.XSS MEDIUM" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icegram 3.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.32 Author+.Stored.XSS MEDIUM" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "infinite-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-export-for-woocommerce No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "import-users-to-mailchimp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "iconize No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "imagenius No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-export No.known.fix Directory.Traversal CRITICAL" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "instantio 1.2.6 CSRF.Bypass MEDIUM" "imagerecycle-pdf-image-compression 3.1.17 Reflected.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.28.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.29.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "ics-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "image-alt-text 3.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Image.Alt.Text.Update MEDIUM" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "ignitiondeck 1.10.0 Missing.Authorization MEDIUM" "image-classify No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "idonate 2.0.0 Admin+.Stored.XSS LOW" "ichart 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "iwp-client 1.13.1 Unauthenticated.Limited.Directory.Traversal.to.Arbitrary..txt.File.Reading MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "import-external-images No.known.fix CSRF MEDIUM" "image-magnify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iamport-payment No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-uk-map 3.4.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integration-dynamics 1.3.24 Contributor+.RCE.and.Arbitrary.File.Read CRITICAL" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "inline-tweets No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "image-map-pro 6.0.21 Missing.Authorization.to.Authenticated.(Contributor+).Map.Project.Add/Update/Delete MEDIUM" "image-map-pro 6.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "image-widget 4.4.11 Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "import-eventbrite-events 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "ims-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infographic-and-list-builder-ilist 5.0.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "immotoolbox-connect 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "iworks-pwa 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "inline-footnotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insert-php 2.5.1 Woody.code.snippets..Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "import-spreadsheets-from-microsoft-excel 10.1.5 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this No.known.fix CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "icdsoft-reseller-store 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "internal-link-builder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "indeed-membership-pro 12.8 Reflected.Cross-Site.Scripting HIGH" "indeed-membership-pro 12.8 Unauthenticated.PHP.Object.Injection HIGH" "indeed-membership-pro 12.8 Unauthenticated.Privilege.Escalation CRITICAL" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ideapush 8.72 Missing.Authorization.to.Board.Term.Deletion MEDIUM" "ideapush 8.71 Cross-Site.Request.Forgery MEDIUM" "ideapush 8.69 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "idx-broker-platinum 3.2.3 Contributor+.Stored.XSS MEDIUM" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "indeed-learning-pro No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Unauthenticated.SQL.Injection HIGH" "insertify No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "import-users-from-csv-with-meta 1.27.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "import-users-from-csv-with-meta 1.27.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "ider-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "infility-global 2.9.9 Reflected.XSS HIGH" "infility-global 2.9.9 Reflected.XSS.via.set_type.Parameter HIGH" "infility-global 2.9.9 Subscriber+.Plugin.Settings.Update MEDIUM" "issuu-panel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "integrate-firebase 0.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "include-mastodon-feed 1.9.6 Contributor+.Stored.XSS MEDIUM" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ibuildapp No.known.fix Reflected.XSS HIGH" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "indeed-wp-superbackup 2.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "indeed-wp-superbackup 2.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "indeed-wp-superbackup 2.4 Missing.Authorization MEDIUM" "indeed-wp-superbackup 2.4 Missing.Authorization.to.Unauthenticated.Back-Up.File.Download HIGH" "indeed-wp-superbackup 2.4 Reflected.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Migrate.for.WordPress.<.2.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "js-support-ticket 2.8.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "js-support-ticket 2.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2..Authenticated.SQL.Injection HIGH" "justified-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "jibu-pro No.known.fix Stored.XSS MEDIUM" "jt-express 2.0.15 Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "jf3-maintenance-mode 2.1.0 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jb-horizontal-scroller-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "jiangqie-free-mini-program No.known.fix Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "jigoshop-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "jw-player-7-for-wp No.known.fix Missing.Authorization MEDIUM" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "jetpackcrm-ext-woo-connect 2.13 Unauthorized.Invoice.Disclosure LOW" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "joomsport-sports-league-results-management 5.6.18 Reflected.Cross-Site.Scripting.via.page HIGH" "joomsport-sports-league-results-management 5.6.4 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "joy-of-text No.known.fix Missing.Authorization MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "job-postings 2.7.8 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "job-board-manager 2.1.60 Cross-Site.Request.Forgery MEDIUM" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "jupiterx-core 4.8.8 Authenticated.(Contributor+).SVG.Upload.to.Local.File.Inclusion.(Remote.Code.Execution) HIGH" "jupiterx-core 4.8.6 Missing.Authorization.to.Authenticated.Library.Sync MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Unauthenticated.Popup.Template.Export MEDIUM" "jupiterx-core 4.7.8 Limited.Unauthenticated.Authentication.Bypass.to.Account.Takeover HIGH" "jupiterx-core 4.6.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 4.6.9 Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jigoshop-store-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jemployee No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "justrows-free No.known.fix Reflected.XSS HIGH" "job-board-light 1.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jlayer-parallax-slider-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.sg_content_template MEDIUM" "jeg-elementor-kit 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jetwidgets-for-elementor 1.0.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "jk-html-to-pdf No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jet-footer-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "jalbum-bridge 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ar.Parameter MEDIUM" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jcarousel-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "just-writing-statistics 4.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "jwp-a11y No.known.fix Admin+.Stored.XSS LOW" "jc-importer 2.14.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "jet-elements 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "jet-engine 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.list_tag.Parameter MEDIUM" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "jayj-quicktag 1.3.2 CSRF HIGH" "jet-skinner-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jetpack-boost 3.4.8 Contributor+.Stored.XSS MEDIUM" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "justified-image-grid No.known.fix Unauthenticated.Server-Side.Request.Forgery MEDIUM" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jsp-store-locator No.known.fix Deletion.via.Missing.CSRF MEDIUM" "jsp-store-locator No.known.fix Contributor+.SQL.Injection HIGH" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "jsm-show-post-meta 4.6.1 Missing.Authorization MEDIUM" "jobboardwp 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jetpack 14.1-a.1 Unauthenticated.DOM-XSS MEDIUM" "jetpack 11.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.8.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.2.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.3.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.0.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.5.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.4.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.0.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.3.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.7.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.6.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.1.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.5.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.2.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.8.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.9.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.7.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.4.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.0.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.7.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.3.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 3.9.10 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8 Contributor+.Stored.XSS MEDIUM" "jetpack 13.8 Unauthenticated.Arbitrary.Block.&.Shortcode.Execution MEDIUM" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "kopa-nictitate-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "king-ie No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "kangu 2.2.10 Reflected.XSS HIGH" "kama-clic-counter 3.5.0 XSS MEDIUM" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "kings-tab-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "knowledgebase 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keymaster-chord-notation-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kvcore-idx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "kadence-blocks 3.3.2 Missing.Authorization MEDIUM" "kadence-blocks 3.4.3 Authenticated.(contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "kadence-blocks 3.2.54 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.54 Admin+.Stored.XSS LOW" "kadence-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Widget MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kb-support 1.6.8 Unauthenticated.Open.Redirect MEDIUM" "kb-support 1.6.7 Subscriber+.Multiple.Administrator.Actions HIGH" "kb-support 1.6.7 Unauthenticated.Ticket.Reply.Exposure MEDIUM" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.10.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kivicare-clinic-management-system 3.6.5 Unauthenticated.SQL.Injection HIGH" "kivicare-clinic-management-system 3.6.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.5 Authenticated.(Doctor/Receptionist+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.7 Patient+.Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "koalendar-free-booking-widget 1.0.3 Contributor+.Stored.XSS.via.height.Parameter MEDIUM" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting.via.'add_query_arg' MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "kento-ads-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "kh-easy-user-settings No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kapost-byline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "kama-spamblock 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "kata-plus 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kata-plus 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kineticpay-for-woocommerce 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knr-author-list-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "kevins-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "keep-backup-daily No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kbucket 4.2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kbucket 4.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kredeum-nfts 1.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kubio 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "koko-analytics 1.3.13 Reflected.Cross-Site.Scripting MEDIUM" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "ksher-payment 1.1.2 Missing.Authorization MEDIUM" "kundgenerator 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "kintpv-connect No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "listamester 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "lh-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "ledenbeheer-external-connection 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "last-viewed-posts 1.0.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subsciber+).Log.Deletion.and.Session.Termination MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+)Privilege.Escalation HIGH" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "login-logout-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "latex2html 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "latex2html 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leyka 3.31.7 Missing.Authorization MEDIUM" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "logs-de-connexion No.known.fix Log.Deletion.via.CSRF MEDIUM" "logs-de-connexion No.known.fix Admin+.SQL.Injection LOW" "linear No.known.fix Cross-Site.Request.Forgery.to.Cache.Reset MEDIUM" "linear No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linear 2.8.1 Contributor+.Stored.XSS MEDIUM" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "leenkme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "label-grid-tools 1.3.59 Reflected.Cross-Site.Scripting MEDIUM" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Stored.Cross-Site.Scripting.via.Ask.a.Question.Functionality MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Missing.Authorization.to.Privilege.Escalation HIGH" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "list-category-posts 0.90.3 Author+.Stored.XSS LOW" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "legull No.known.fix Reflected.XSS HIGH" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "leira-cron-jobs 1.2.10 Reflected.Cross-Site.Scripting MEDIUM" "lodgixcom-vacation-rental-listing-management-booking-plugin No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "lis-video-gallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "likebot No.known.fix Admin+.Stored.XSS.via.CSRF LOW" "logo-manager-for-enamad No.known.fix Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad No.known.fix Stored.XSS.via.CSRF HIGH" "lsd-google-maps-embedder No.known.fix Cross-Site.Request.Forgery.Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "lh-copy-media-file 1.09 Reflected.Cross-Site.Scripting MEDIUM" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "linked-variation-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "linkid No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "legalweb-cloud 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "luzuk-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loggedin 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "like-on-vkontakte No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "list-pages-at-depth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.5 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "len-slider No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "lazyload-background-images No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "local-sync 1.1.7 Missing.Authorization MEDIUM" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.16 Authenticated.Blind.SQL.Injection CRITICAL" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Contact/Widget.Toggle MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "lastudio-element-kit 1.4.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "lastudio-element-kit 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "loginizer 1.9.3 Authentication.Bypass HIGH" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "lock-user-account No.known.fix User.Lock.Bypass MEDIUM" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "lenxel-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lenxel-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lenxel-core 1.2.5 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "leaderboard-lite No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "list-one-category-of-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "lu-radioplayer 6.24.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lu-radioplayer 6.24.11.07 Unauthenticated.Arbitrary.File.Read HIGH" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "login-with-vipps 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "language-switcher 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "litespeed-cache 6.5.2 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.5.1 Author+.Path.Traversal MEDIUM" "litespeed-cache 6.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5.1 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "liquid-blocks 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "live-support-tickets 1.11.1 Unauthenticated.Information.Disclosure MEDIUM" "lgpd-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "load-more-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "linkz-ai 1.2.0 Unauthenticated.Plugin.Settings.Update MEDIUM" "linkz-ai 1.2.0 Subscriber+.Plugin.Settings.Update MEDIUM" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "l-squared-hub-wp-virtual-device No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "linet-erp-woocommerce-integration 3.5.8 Cross-Site.Request.Forgery MEDIUM" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "landing-page-cat 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.5 Missing.Authorization MEDIUM" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "lws-affiliation 2.3.5 Missing.Authorization MEDIUM" "luckywp-table-of-contents 2.1.7 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Contributor+.Stored.XSS MEDIUM" "luckywp-table-of-contents 2.1.5 Admin+.Stored.XSS MEDIUM" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder No.known.fix Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "location-click-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "leanpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "launchpage-app-importer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "ldap-login-password-and-role-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "lh-qr-codes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "laika-pedigree-tree No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "library-management-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "library-management-system No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "link-library 7.7.3 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "luckywp-scripts-control 1.2.2 Missing.Authorization MEDIUM" "luckywp-scripts-control 1.2.2 CSRF.via.multiple.AJAX.actions LOW" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "luzuk-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "link-whisper 0.7.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "lifterlms 7.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "leader No.known.fix Missing.Authorization MEDIUM" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "login-sidebar-widget No.known.fix Open.Redirect MEDIUM" "locateandfilter 1.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "login-recaptcha 1.7 IP.Check.Bypass LOW" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "lemonade-sna-pinterest-edition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "loan-comparison 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting.via.remove_query_arg.Parameter MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "loginplus No.known.fix Missing.Authorization MEDIUM" "loginplus No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "logo-slider-wp 4.6.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Author+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.1.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "leadboxer 1.4 Reflected.XSS HIGH" "loginizer-security 1.9.3 Authentication.Bypass HIGH" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "latepoint 5.0.13 Authentication.Bypass HIGH" "latepoint 5.0.12 Unauthenticated.Arbitrary.User.Password.Change.via.SQL.Injection CRITICAL" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "likebtn-like-button 2.6.54 Cross-Site.Request.Forgery MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "luzuk-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lucidlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "lh-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "limit-login-attempts-plus No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "locatoraid 3.9.51 Unauthenticated.PHP.Object.Injection CRITICAL" "locatoraid 3.9.48 Reflected.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "lazy-load-videos-and-sticky-control No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-stock-prices-for-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.2.7.5.1 Authenticated.(LP.Instructor+).Stored.Cross-Site.Scripting.via.Lesson.Name MEDIUM" "learnpress 4.2.7.2 Authenticated.(Subscriber+).Open.Redirect MEDIUM" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.4 Course.Material.Sensitive.Information.Exposure.via.REST.API MEDIUM" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "leira-roles 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "leopard-wordpress-offload-media 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "lucas-string-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "linklaunder-seo-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Unauthenticated.SQL.Injection HIGH" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-flight-radar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "listdom 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode.Parameter MEDIUM" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "listapp-mobile-manager No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "localgrid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "leads-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "moka-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-firebase-sms-otp-verification 3.6.1 Authentication.Bypass HIGH" "miniorange-firebase-sms-otp-verification 3.6.1 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Privilege.Escalation.via.Registration.due.to.Administrator.Default.User.Role.Value CRITICAL" "mejorcluster 1.1.16 Contributor+.Stored.XSS MEDIUM" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "map-addons-for-elementor-waze-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "mobilize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mytweetlinks No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "medma-matix No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "multi-feed-reader No.known.fix Cross-Site.Request.Forgery MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "magicpost 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wb_share_social.Shortcode MEDIUM" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "marketing-performance No.known.fix Reflected.XSS HIGH" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "meta-store-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "market-360-viewer No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "my-contador-wp 2.1 Missing.Authorization.to.Unauthenticated.User.Registration.CSV.Export MEDIUM" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "metricool 1.18 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Limited.Settings.Update MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "metasync 1.8.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "multimanager-wp 1.1.0 Authentication.Bypass.via.User.Impersonation CRITICAL" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "memberlite-shortcodes 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.memberlite_accordion.Shortcode MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "music-player-for-elementor 2.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Template.Import MEDIUM" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "my-tickets 2.0.10 Missing.Authorization MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mightyforms 1.3.10 Missing.Authorization MEDIUM" "mightyforms 1.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "muslim-prayer-time-bd 2.5 Settings.Reset.via.CSRF MEDIUM" "media-library-assistant 3.24 Reflected.Cross-Site.Scripting.via.smc_settings_tab,.unattachfixit-action,.and.woofixit-action.Parameters MEDIUM" "media-library-assistant 3.20 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "myanime-widget No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation CRITICAL" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "mobile-friendly-flickr-slideshow 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress 1.11.35 Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "multifox-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-the-gathering-card-tooltips 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "multi-step-form 1.7.24 Missing.Authorization.to.Unauthenticated.Limited.File.Upload MEDIUM" "multi-step-form 1.7.22 Missing.Authorization.via.fw_delete_files MEDIUM" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "multi-column-tag-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mctagmap.Shortcode MEDIUM" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "mark-new-posts 7.6 Missing.Authorization.via.save_options MEDIUM" "mg-post-contributors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "mark-posts 2.2.5 Missing.Authorization MEDIUM" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "mobile-banner 1.6 CSRF MEDIUM" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-slider 1.4.0 Missing.Authorization MEDIUM" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "multilang-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapplic-lite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "meteor-slides No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "marmoset-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "mstore-api 4.16.5 Authenticated.(Subscriber+).HTML.File.Upload.(Stored.Cross-Site.Scripting) MEDIUM" "mstore-api 4.15.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "mighty-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "my-wp-brand 1.1.3 Missing.Authorization MEDIUM" "maintenance-and-noindex-nofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "my-reading-library No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "mas-addons-for-elementor 1.1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "mas-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menus-plus No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "member-database No.known.fix Reflected.XSS HIGH" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "magicform No.known.fix WordPress.Form.Builder.<=.1.6.2.-.Missing.Authorization MEDIUM" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mh-board No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "mailchimp-for-wp 4.9.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.9.17 4.9.16.-.Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mitm-bug-tracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mins-to-read No.known.fix Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "monitor-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-downloader 0.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mangboard 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "mailclient No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-wp-as-saml-idp 1.15.7 Authenticated.(Administrator+).SQL.Injection HIGH" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "maan-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "metadata-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maximum-products-per-user-for-woocommerce 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "media-modal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mynx-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "morkva-ua-shipping 1.0.20 Unauthenticated.Local.File.Inclusion CRITICAL" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "mycred 2.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_send.Shortcode MEDIUM" "mycred 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_link.Shortcode MEDIUM" "mycred 2.7.4 Missing.Authorization.to.Unauthenticated.Database.Upgrade MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "mycurator 3.79 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "mcjh-button-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meinturnierplande-widget-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "mp3-music-player-by-sonaar 5.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Podcast.RSS.Feed MEDIUM" "mp3-music-player-by-sonaar 5.9 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "my-favorites 1.4.3 Contributor+.Stored.XSS MEDIUM" "my-favorites No.known.fix Contributor+.Stored.XSS MEDIUM" "mailchimp-subscribe-sm 4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.8 Editor+.Stored.XSS LOW" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "modal-window 6.1.5 Cross-Site.Request.Forgery.to.Settings.Ipdate MEDIUM" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "mainwp-child 5.3 Authentication.Bypass HIGH" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "modula-best-grid-gallery 2.11.11 Author+.Arbitrary.File.Upload HIGH" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mlr-audio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "mage-eventpress 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "my-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mindvalley-pagemash No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "mind-doodle-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mipl-wc-multisite-sync 1.1.6 Unauthenticated.Arbitrary.File.Download HIGH" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "material-design-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mdi-icon.Shortcode MEDIUM" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "mercadolibre-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "media-category-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-auctions-allegro-free-edition 3.6.19 Reflected.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.18 Reflected.Cross-Site.Scripting MEDIUM" "mtphr-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "mailin 3.1.88 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "marquee-style-rss-news-ticker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "maanstore-api No.known.fix Authentication.Bypass CRITICAL" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-slider-and-carousel-with-lightbox 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch No.known.fix Reflected.XSS HIGH" "miniorange-login-with-eve-online-google-facebook 6.26.4 Authentication.Bypass HIGH" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "mailchimp-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Form.Color.Parameters MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "mailoptin 1.2.70.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "memeone No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "marketing-and-seo-booster No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "meks-themeforest-smart-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "mhr-custom-anti-copy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "mindmeister-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiline-files-for-contact-form-7 2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Deactivation MEDIUM" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Cross-Site.Request.Forgery MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.5 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "meeting-scheduler-by-vcita 4.5 Subscriber+.Settings.Update.&.Stored.XSS MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Unauthenticated.Stored.XSS CRITICAL" "meeting-scheduler-by-vcita 4.5.2 Denial.of.Service.via.CSRF MEDIUM" "mailchimp-forms-by-mailmunch 3.2.4 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "meetup No.known.fix Authentication.Bypass CRITICAL" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "mdc-comment-toolbar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.6.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "muzaara-adwords-optimize-dashboard No.known.fix Information.Exposure MEDIUM" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "mega-elements-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "multiple-pages-generator-by-porthas 4.0.6 Authenticated.(Editor+).Server-Side.Request.Forgery.via.fileUrl MEDIUM" "multiple-pages-generator-by-porthas 4.0.3 Authenticated.(Editor+).Directory.Traversal.to.Limited.File.Deletion LOW" "multiple-pages-generator-by-porthas 4.0.2 Missing.Authorization MEDIUM" "multiple-pages-generator-by-porthas 3.4.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "mailup-auto-subscribtion 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "masjidal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "mwp-herd-effect 6.2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "musicbox No.known.fix Reflected.XSS HIGH" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mfolio-lite 1.2.2 Missing.Authorization.to.Authenticated.(Author+).File.Upload.via.EXE.and.SVG.Files CRITICAL" "master-slider 3.10.5 Editor+.Stored.XSS LOW" "master-slider 3.10.0 CSRF.to.slider.deletion MEDIUM" "master-slider 3.10.5 Reflected.Cross-Site.Scripting HIGH" "master-slider 3.10.0 Contributor+.Stored.XSS.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Editor+.Stored.XSS.via.slider.callback LOW" "master-slider 3.10.0 Sliders.Deletion.via.CSRF MEDIUM" "master-slider 3.10.0 Contributor+.Stored.XSS MEDIUM" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "minify-html-markup 2.1.11 -.Regular.Expressions.Denial.of.Service MEDIUM" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "masy-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "more-link-modifier No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "magic-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "most-and-least-read-posts-widget 2.5.19 Cross-Site.Request.Forgery.via.most_and_least_read_posts_options MEDIUM" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "manage-user-columns 1.0.6 Cross-Site.Request.Forgery MEDIUM" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Text.Color LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Button.Width LOW" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "master-addons 2.0.6.8 Free.Widgets,.Hover.Effects,.Toggle,.Conditions,.Animations.for.Elementor.<.2.0.6.8.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.Module MEDIUM" "master-addons No.known.fix Author+.Stored.XSS MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "mailpoet 5.3.2 Admin+.Stored.XSS LOW" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "moving-users 1.10 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "magic-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mfplugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "mage-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "mobile-kiosk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.3.0 Reflected.XSS HIGH" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "medical-addon-for-elementor 1.6.3 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "medical-addon-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "my-geo-posts-free No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "move-addons 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "move-addons 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilevel-referral-plugin-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "media-library-tools 1.5.0 Author+.Stored.XSS.via.SVG MEDIUM" "mas-static-content 1.0.9 Authenticated.(Contributor+).Private.Static.Content.Page.Disclosure MEDIUM" "mashsharer No.known.fix Missing.Authorization MEDIUM" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "master-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "min-and-max-quantity-for-woocommerce 2.1.0 Missing.Authorization MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "movie-database No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "mail-picker 1.0.15 Unauthenticated.PHP.Object.Injection CRITICAL" "mail-picker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "member-access No.known.fix Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "map-store-location No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "monkee-boy-wp-essentials No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "multiple-admin-emails No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "metrika No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "masterbip-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "magical-addons-for-elementor 1.2.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.25 Missing.Authorization MEDIUM" "myorderdesk 3.3.0 Contributor+.Stored.XSS MEDIUM" "mailchimp-top-bar 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "mass-custom-fields-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "maxslider 1.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "md-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "meta-tag-manager No.known.fix Missing.Authorization MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "mshop-npay 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mnp_purchase.Shortcode MEDIUM" "motor-racing-league No.known.fix Admin+.XSS LOW" "moreads-se 1.4.7 XSS MEDIUM" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "my-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "motors-car-dealership-classified-listings 1.4.44 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Custom.Title MEDIUM" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "magazine-blocks 1.3.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mass-messaging-in-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minical No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mt-addons-for-elementor 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-votes-in-one-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "mdr-webmaster-tools No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'marketplace'.Shortcode MEDIUM" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "macme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.add_plus_friends.and.add_plus_talk.Shortcodes MEDIUM" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "my-wp 1.24.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "mycred-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "manycontacts-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "myweather No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-wp-responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mybb-last-topics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "mappress-google-maps-for-wordpress 2.94.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Map.Block MEDIUM" "mappress-google-maps-for-wordpress 2.93 Admin+.Stored.XSS.via.Map.Settings LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "msstiger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.5.4 Cross-Site.Request.Forgery MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "mas-wp-job-manager-company 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "multi-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "marquee-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "machform-shortcode 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "members 3.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "mybookprogress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.book.Parameter MEDIUM" "mg-parallax-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "monarch 1.2.7 Privilege.Escalation HIGH" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "multi-day-booking-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "memberful-wp 1.74.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberful-wp 1.73.8 Authenticated.(contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "newsletters-lite 4.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.newsletters_video.Shortcode MEDIUM" "newsletters-lite 4.9.9.2 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.3 Admin+.Command.Injection MEDIUM" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "nitropack 1.17.6 Subscriber+.Limited.Options.Update HIGH" "nitropack 1.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Transient.Update MEDIUM" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.5 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "namaste-lms 2.6.3 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nix-anti-spam-light No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "ninja-tables 5.0.17 Admin+.Stored.XSS LOW" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "nextcart-woocommerce-migration 3.9.4 Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "new-contact-form-widget 1.4.3 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "ninja-forms 3.8.25 Contributor+.Stored.XSS MEDIUM" "ninja-forms 3.8.23 Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.20 Unauthenticated.Stored.XSS.via.Form.Calculations HIGH" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.16 Reflected.Self-Based.Cross-Site.Scripting.via.Referer MEDIUM" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "nite-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notify-odoo 1.0.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "netgsm 2.9.33 Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "nopeamedia 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "nmr-strava-activities 1.0.8 Contributor+.Stored.XSS MEDIUM" "novo-map No.known.fix CSRF MEDIUM" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "navayan-csv-export No.known.fix Unauthenticated.SQL.Injection CRITICAL" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "notification-for-telegram 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Send.Telegram.Test.Message MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "naver-blog-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "news-element 1.0.6 Unauthenticated.LFI HIGH" "narnoo-commerce-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newsletter2go No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Style.Reset MEDIUM" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "nv-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "news-ticker-widget-for-elementor 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-order-notification-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "nd-booking 3.3 Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "nextgen-gallery 3.59.9 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.5 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure CRITICAL" "nps-computy 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "nabz-image-gallery No.known.fix Unauthenticated.SQL.Injection CRITICAL" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "news-ticker-for-elementor No.known.fix Missing.Authorization MEDIUM" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "notibar 2.1.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.njt_nofi_text MEDIUM" "notibar 2.1.5 Missing.Authorization.via.ajax_install_plugin MEDIUM" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "noveldesign-store-directory No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "naver-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "ni-woocommerce-cost-of-goods No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "nicejob 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.7.2 Contributor+.Stored.XSS MEDIUM" "nicejob 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.6.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "notice-faq No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nicebackgrounds No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "nacc-wordpress-plugin 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.7.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.4 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "newsticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ni-woocommerce-order-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "neon-product-designer-for-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ni-woocommerce-product-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ni-crm-lead No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-crm-lead No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nias-course No.known.fix Contributor+.Stored.XSS MEDIUM" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "nativery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nm-visitors No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Header HIGH" "nooz 1.7.0 Admin+.Stored.XSS LOW" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "nirweb-support No.known.fix Missing.Authorization MEDIUM" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons 1.2.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Canvas.Menu.Elementor.Template MEDIUM" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "newsletter-subscriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "new-user-approve 2.6.4 Missing.Authorization MEDIUM" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ninja-gdpr-compliance 2.7.2 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "next-page No.known.fix Admin+.Stored.XSS LOW" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ninjateam-telegram 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "notificationx 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.9.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "notice-board-by-towkir No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "nc-wishlist-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "nextend-social-login-pro 3.1.15 Authentication.Bypass CRITICAL" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nokaut-offers-box No.known.fix Admin+.Stored.XSS LOW" "nokaut-offers-box No.known.fix Plugin.Reset.via.CSRF MEDIUM" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "news-articles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "nblocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "notifier 2.6.1 Admin+.Stored.XSS LOW" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "newsmanapp 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "norse-runes-oracle 1.4.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "newsletter-page-redirects No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "navigation-du-lapin-blanc No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "omnipress 1.5.0 Contributor+.Stored.XSS MEDIUM" "ootb-openstreetmap 2.8.4 Contributor+.Stored.XSS.via.ootb_query.Shortcode MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "official-saleswizard-crm 1.0.4 Contributor+.Stored.XSS MEDIUM" "onlywire-multi-autosubmitter No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "os-our-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "order-hours-scheduler-for-woocommerce 4.3.22 Reflected.Cross-Site.Scripting MEDIUM" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "oxygen 4.4 CSRF MEDIUM" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "optio-dentistry 2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "octrace-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "octrace-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "orbisius-child-theme-creator 1.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Cloud.Snippet.Update/Delete MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "osm 6.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osm 6.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.osm_map.and.osm_map_v3.Shortcodes MEDIUM" "osm 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.0.4 Contributor+.SQL.Injection MEDIUM" "osm 6.0.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm 6.0.3 CSRF MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "open-social No.known.fix Admin+.Stored.XSS LOW" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "oa-social-login 5.10.0 Authentication.Bypass CRITICAL" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos..Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "oshine-modules 3.3.8 Unauthenticated.Server-Side.Request.Forgery HIGH" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "otp-login No.known.fix Authentication.Bypass.via.Weak.OTP HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "opentracker-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orbisius-simple-notice 1.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "outdooractive-embed 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "onlyoffice 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "os-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opal-woo-custom-product-variation 1.1.4 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "order-notification-for-telegram No.known.fix Missing.Authorization.to.Unauthenticated.Send.Telegram.Test.Message MEDIUM" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneelements-ultimate-addons-for-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "od-photogallery-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "opcache No.known.fix Reflected.XSS HIGH" "opencart-product-in-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "order-audit-log-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "otter-blocks 3.0.7 Unauthetnicated.Path.Traversal.to.Arbitrary.Image.View MEDIUM" "otter-blocks 3.0.4 Gutenberg.Block.<.3.0.4.-.Missing.Authorization MEDIUM" "otter-blocks 3.0.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "opencart-product-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "order-attachments-for-woocommerce 2.5.0 2.4.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "open-graph-metabox No.known.fix CSRF MEDIUM" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "office-locator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "out-of-stock-badge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "oz-canonical No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "onlyoffice-docspace 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "olympus-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orangebox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "opti-marketing 2.0.10 Unauthenticated.SQLi HIGH" "opt-in-hound No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "order-status-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "os-bxslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "ota-sync-booking-engine-widget 1.3.0 Settings.Update.via.CSRF MEDIUM" "order-delivery-pickup-location-date-time-free-version No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "order-export-and-more-for-woocommerce 3.25 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "popup-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.woot_get_smth HIGH" "profit-products-tables-for-woocommerce 1.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.woot_button.Shortcode MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "postlists No.known.fix Reflected.XSS MEDIUM" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "posts-date-ranges No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "photo-feed No.known.fix Reflected.XSS HIGH" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "postpage-import-export-with-custom-fields-taxonomies 2.0.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premium-addons-for-elementor 4.10.57 Missing.Authorization LOW" "premium-addons-for-elementor 4.10.61 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Video.Box.Widget MEDIUM" "premium-addons-for-elementor 4.10.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Media.Grid.Widget MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "pretty-url No.known.fix Cross-Site.Request.Forgery MEDIUM" "pretty-url No.known.fix Admin+.Stored.XSS.in.plugin.settings LOW" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "pdf-thumbnail-generator 1.4 Reflected.Cross-Site.Scripting MEDIUM" "posturinn 1.3.3 Reflected.XSS HIGH" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "precious-metals-chart-and-widgets 1.2.9 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "pure-css-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-calculator-to-your-website No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "pro-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-image-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "popularis-extra 1.2.8 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "popularis-extra 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "posts-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "pull-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payflex-payment-gateway 2.6.2 Open.Redirect MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "pepro-ultimate-invoice 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "pdf-rechnungsverwaltung No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "projectopia-core 5.1.8 Missing.Authorization.to.Privilege.Escalation.via.pto_reset_password() CRITICAL" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-for-wpforms 4.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.yeepdf_dotab.Shortcode MEDIUM" "pronamic-google-maps 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "porsline No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "payform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "push-notification-for-post-and-buddypress 2.08 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "peoplepond No.known.fix CSRF.to.Stored.XSS HIGH" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "profilepress-pro 4.11.2 Pro.<.4.11.2.-.Authentication.Bypass HIGH" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-timeline 2.2.6 Reflected.XSS HIGH" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "post-ideas No.known.fix Unauthenticated.SQL.Injection HIGH" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pastebin-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "pet-manager No.known.fix Reflected.XSS HIGH" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "preloader-for-divi 1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "product-delivery-date-for-woocommerce-lite 2.8.1 Lite.<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.0 Missing.Authorization MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "private-only No.known.fix CSRF.&.XSS HIGH" "password-for-wp 1.6 Stored.XSS.via.CSRF HIGH" "protect-your-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pie-forms-for-wp 1.5 Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "provide-forex-signals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Deletion MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.1 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "peters-custom-anti-spam-image 3.2.4 Cross-Site.Request.Forgery.via.cas_register_post.Function MEDIUM" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-page-notes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "page-list 5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "paytium 4.4.12 Unauthenticated.Full.Path.Disclosure MEDIUM" "paytium 4.4.11 Missing.Authorization MEDIUM" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery-builder No.known.fix Missing.Authorization MEDIUM" "piotnet-addons-for-elementor 2.4.33 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "piotnet-addons-for-elementor 2.4.32 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "piotnet-addons-for-elementor 2.4.32 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "photokit No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "podiant No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "product-designer 1.0.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "post-from-frontend No.known.fix Post.Deletion.via.CSRF MEDIUM" "ppo-call-to-actions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.4 Cross-Site.Request.Forgery MEDIUM" "posti-shipping 3.10.4 Reflected.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.3 Full.Path.Disclosure MEDIUM" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "pcrecruiter-extensions 1.4.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-in-page 1.3.0 Directory.Traversal HIGH" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "phzoom No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "plugversions 0.0.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "polldaddy No.known.fix Cross-Site.Request.Forgery MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "prodigy-commerce No.known.fix Missing.Authorization LOW" "prodigy-commerce 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricing-table-addon-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "powerpack-lite-for-elementor 2.8.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "patreon-connect 1.9.2 Missing.Authorization MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "primary-addon-for-elementor 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.6.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "primary-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "posts-and-products-views 2.1.1 Contributor+.Stored.XSS MEDIUM" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-portal-widgets 3.0.4 Contributor+.Stored.XSS MEDIUM" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.3 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-customizer-light No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "pojo-forms 1.4.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.form_preview_shortcode MEDIUM" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "paypal-responder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "personalize-woocommerce-cart-page 4.0 Missing.Authorization.to.Unuthenticated.Settings.Update MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "print-science-designer 1.3.153 Unauthenticated.PHP.Object.Injection HIGH" "push-notification-for-wp-by-pushassist No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "post-and-page-reactions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 3.13.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "post-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "platformly 1.14 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-status-notifier 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "portfolio-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "powerpress 11.9.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.skipto.Shortcode MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "passwords-manager 1.5.1 Unauthenticated.SQL.Injection HIGH" "passwords-manager 1.5.1 Missing.Authorization.to.Authenticated.(Subscriber+).Add.Password.+.Update.Encryption.Key HIGH" "passwords-manager 1.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "pgall-for-woocommerce 5.2.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pgall-for-woocommerce 5.2.3 Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "pgall-for-woocommerce 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.pafw_instant_payment.Shortcode MEDIUM" "plexx-elementor-extension 1.3.7 Contributor+.Stored.XSS MEDIUM" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "payu-india No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "payu-india No.known.fix Reflected.Cross-Site.Scripting.via.type HIGH" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "publishpress-authors 4.7.2 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.User.Email.Update.and.Account.Takeover HIGH" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "postcasa No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-smtp 2.9.12 Missing.Authorization.via.regenerate_qrcode() MEDIUM" "post-smtp 2.9.10 Admin+.SQLi MEDIUM" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "post-grid-elementor-addon 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "photo-gallery 1.8.31 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Admin+.Stored.XSS LOW" "photo-gallery 1.8.29 Admin+.Stored.XSS LOW" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "push-monkey-desktop-push-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "preloader-sws No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-and-post-restriction 1.3.7 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pripre No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "particle-background No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "powerpack-addon-for-beaver-builder 1.3.1 Reflected.Cross-Site.Scripting.via.Navigate.Parameter MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pixelyoursite 10.0.2 Settings.Update.via.CSRF MEDIUM" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pepro-cf7-database 1.9.0 Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "pods 3.2.8.1 Admin+.Stored.XSS LOW" "pods 3.2.7.1 Admin+.Stored.XSS LOW" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "point-maker 0.1.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "price-alert-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "planaday-api 11.5 Reflected.Cross-Site.Scripting MEDIUM" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "paygreen-payment-gateway 1.0.27 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.1 Reflected.XSS HIGH" "paritypress 1.0.1 Admin+.Stored.XSS LOW" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "pricer-ninja-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "pretty-simple-popup-builder 1.0.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.10 Admin+.Stored.XSS LOW" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "productdyno No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pearl-header-builder 1.3.9 Cross-Site.Request.Forgery.to.Header.Deletion MEDIUM" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "post-grid 2.3.4 2.3.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "post-grid 2.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.90 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.93 Contributor+.Stored.XSS MEDIUM" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "project-panorama-lite No.known.fix Admin+.Stored.XSS LOW" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "policy-genius No.known.fix Reflected.XSS HIGH" "pie-register-premium 3.8.3.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register-premium 3.8.3.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "paypal-payment-button-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "pdfjs-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "pirate-forms 2.6.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "pixtypes No.known.fix Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "pepro-bacs-receipt-upload-for-woocommerce 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "pardakht-delkhah 2.9.9 Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "photographer-connections No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "password-protect-page 1.9.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "poll-maker 5.5.7 Missing.Authorization MEDIUM" "poll-maker 5.5.5 Cross-Site.Request.Forgery.to.Poll.Duplication MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Time-Based.SQL.Injection MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Poll.Settings MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).SQL.Injection.via.Order_by.Parameter MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "password-protect-plugin-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-for-woocommerce 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "page-specific-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "post-carousel-slider-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "parallax-image 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.position.Parameter MEDIUM" "parallax-image 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dd-parallax.Shortcode MEDIUM" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "photo-video-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pixproof No.known.fix Missing.Authorization MEDIUM" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pf-timer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pathomation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "prayer-times-anywhere No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "plethora-tabs-accordions 1.2 Contributor+.Stored.XSS MEDIUM" "plethora-tabs-accordions 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postbox-email-logs 1.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Export MEDIUM" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pootle-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixobe-cartography No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "premium-blocks-for-gutenberg 2.1.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pegapoll No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "pdf-generator-addon-for-elementor-page-builder 2.0.1 Unauthenticated.Arbitrary.File.Download HIGH" "pdf-generator-addon-for-elementor-page-builder 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "pardot 2.1.1 Missing.Authorization MEDIUM" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-embedder-fay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pie-register-social-site 1.8 Authentication.Bypass HIGH" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "preloader-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "poll-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "pta-member-directory 1.8.0 Missing.Authorization MEDIUM" "pingmeter-uptime-monitoring No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "progress-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "parallaxer-lite-parallax-effects-on-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "postman-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "picsmize No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "primer-mydata 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "property-hive-stamp-duty-calculator 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-saint No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "persian-nested-showhide-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "propertyhive 2.1.1 Reflected.XSS HIGH" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "product-input-fields-for-woocommerce 2.0 .Contributor+.Arbitrary.File.Read MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "pedalo-connector No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "parone 1.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "pagelayer 1.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.9.0 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "premium-seo-pack 1.6.002 Authenticated.(Contributor+).SQL.Injection MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "poll-wp 2.4.1 Admin+.SQLi MEDIUM" "poll-wp 2.4.0 Admin+.SQL.Injection MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "paypal-gift-certificate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.wpppgc_plugin_options MEDIUM" "push-notification-by-feedify 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peachpay-for-woocommerce 1.113.0 Reflected.Cross-Site.Scripting MEDIUM" "pricing-tables-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wdo_pricing_tables.Shortcode MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-to-pdf 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "post-views-stats No.known.fix Reflected.Cross-Site.Scripting.via.from.and.to MEDIUM" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Feed.Name MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.17 Authenticated.(Admin+).Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "peepso-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "plms No.known.fix Authenticated.(Salesman+).Arbitrary.File.Upload HIGH" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "personalization-by-flowcraft No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "popup-surveys No.known.fix Missing.Authorization MEDIUM" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "post-block 6.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Shortcode.Export MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "product-websites-showcase No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "pagerank-tools No.known.fix Reflected.XSS HIGH" "post-carousel-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videowhisper_picture_upload_guest.Shortcode MEDIUM" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pwa-for-wp 1.7.73 Missing.Authorization MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "pixnet No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "plinks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion.via.post_type_ajax_handler() HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "pdf-catalog-woocommerce 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-builder 4.3.5 Admin+.Stored.XSS LOW" "popup-builder No.known.fix Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register 3.8.3.3 Unauthenticated.Arbitrary.File.Upload HIGH" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "pj-news-ticker 1.9.6 Contributor+.Stored.XSS MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.7.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "post-and-page-builder 1.27.6 Contributor+.Stored.XSS MEDIUM" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "planning-center-online-giving No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "power-forms-builder No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "phastpress 1.111 Open.Redirect MEDIUM" "popup-box 3.2.5 Cross-Site.Request.Forgery MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "pdf-invoicing-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "payment-forms-for-paystack 4.0.0 Contributor+.Stored.XSS MEDIUM" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "people-lists 2.0.0 Missing.Authorization MEDIUM" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "pretix-widget 1.0.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "post-duplicator 2.36 Missing.Authorization MEDIUM" "post-duplicator 2.37 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "propertyshift No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plenigo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.13.8 Authentication.Bypass.via.pms_payment_id CRITICAL" "paid-member-subscriptions 2.13.5 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "paid-member-subscriptions 2.13.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "paid-member-subscriptions 2.12.9 Reflected.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "property-hive-mortgage-calculator 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.price.Parameter MEDIUM" "philantro 5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.donate.Shortcode MEDIUM" "philantro 5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-promotions-and-insights No.known.fix Missing.Authorization MEDIUM" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "popup-by-supsystic 1.10.30 Admin+.Remote.Code.Execution MEDIUM" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "post-layouts No.known.fix Contributor+.Stored.XSS MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.and.SQLi MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pdf-viewer-by-themencode 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "portfolleo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "performance-lab 2.3.0 CSRF MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pkt1-centro-de-envios 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pjw-mime-config No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "post-status-notifier-lite 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "portfolio-builder-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postify-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "playlist-for-youtube No.known.fix Editor+.Stored.XSS LOW" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "posts-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-parts 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quick-count No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quotemedia-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "quiz-maker 8.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 21.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 31.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 31.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 8.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 21.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "qrmenu-lite No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "quote-tweet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "quick-learn No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qi-blocks 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "quran-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "qodeblock No.known.fix Missing.Authorization MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "qr-code-and-barcode-scanner-reader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "quillforms 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "qs-dark-mode 3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quran-text-multilanguage 2.3.22 Reflected.Cross-Site.Scripting.via.sourate.and.lang.Parameters MEDIUM" "qi-addons-for-elementor 1.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.1 Sensitive.Information.Exposure MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "qode-essential-addons 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "querywall No.known.fix Admin+.SQLi MEDIUM" "quotes-llama 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "qrcode-wprhe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quietly-insights No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "qa-heatmap-analytics 4.1.1.2 Unauthenticated.Settings.Update MEDIUM" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "qubotchat 1.1.6 Qubotchat.<.1,1,6..Admin+.Stored.XSS LOW" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "qards No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "quick-license-manager 2.4.18 Reflected.Cross-Site.Scripting MEDIUM" "quran-phrases-about-most-people-shortcodes 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quform 2.21.0 WordPress.Form.Builder.<.2.21.0.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 9.1.3 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quizlord No.known.fix Admin+.Stored.XSS LOW" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "quote-post-type-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-adsense-reloaded 2.0.85 Missing.Authorization MEDIUM" "recent-backups No.known.fix Remote.File.Download HIGH" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "risk-warning-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "referrer-detector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "rimons-twitter-widget 1.3 XSS MEDIUM" "recipes-writer No.known.fix XSS MEDIUM" "revi-io-customer-and-product-reviews 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "related-post 2.0.59 Sensitive.Information.Exposure MEDIUM" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.7.1007 Stored.XSS.via.CSRF HIGH" "royal-elementor-addons 1.7.1002 Missing.Authorization LOW" "royal-elementor-addons 1.7.1002 Reflected.Cross-Site.Scripting HIGH" "royal-elementor-addons 1.7.1 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1004 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Google.Maps.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Author+).External.Entity.Injection MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Subscriber+).Private.Post.Disclosure MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "radius-blocks 2.2.0 Cross-Site.Request.Forgery MEDIUM" "radius-blocks 2.2.0 Contributor+.Stored.XSS MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "random-featured-post-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "rio-photo-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "rss-news-scroller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvp-me No.known.fix Unauthenticated.SQL.Injection HIGH" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "rsvp 2.7.15 Authenticated.(Administrator+).SQL.Injection MEDIUM" "rsvp 2.7.14 Missing.Authorization MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "responsive-client-logo-carousel-slider 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-own-post No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "rlm-elementor-widgets-pack 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.22 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Gallery.Title.Disclosure MEDIUM" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "responsive-lightbox 2.4.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Author+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rollover-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "regpack No.known.fix Admin+.Stored.XSS LOW" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "relais-2fa No.known.fix Authentication.Bypass CRITICAL" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "rate-my-post 4.2.5 Unauthenticated.Voting.On.Scheduled.Posts MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "rss-icon-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recently 3.0.5 Authenticated.Code.Injection HIGH" "rsvpmaker 11.4.6 Missing.Authorization MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "redirection-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.1015 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "restricted-content 2.2.9 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "rock-form-builder 2.5 Privilege.Escalation HIGH" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "revolut-gateway-for-woocommerce 4.17.4 Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "restrict-content 3.2.14 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "really-simple-ssl 9.2.0 Cross-Site.Request.Forgery MEDIUM" "really-simple-ssl 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "related-post-shortcode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "related-posts 1.8.2 XSS MEDIUM" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revy No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "revy No.known.fix Unauthenticated.SQL.Injection HIGH" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-google-maps 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "responsive-flipbook No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.15 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.6.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-youtube-videos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rest-api-to-miniprogram 4.7.6 Unauthenticated.Arbitrary.User.Email.Update.and.Privilege.Escalation.via.Account.Takeover CRITICAL" "rest-api-to-miniprogram No.known.fix Unauthenticated.SQL.Injection HIGH" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.1 Reflected.XSS MEDIUM" "rss-feed-widget 3.0.0 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rfw-youtube-videos.Shortcode MEDIUM" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "realtycandy-idx-broker-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "registrations-for-the-events-calendar 2.12.4 Unauthenticated.Stored.XSS HIGH" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "responsive-iframe No.known.fix Contributor+.Stored.XSS HIGH" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "responsive-jquery-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "really-simple-ssl-pro-multisite 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "responsive-accordion-tabs 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "radio-player No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.79 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "real-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "rig-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsv-360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-filterable-portfolio 1.0.9 Authenticated.(Admin+).SQL.Injection MEDIUM" "responsive-filterable-portfolio 1.0.23 Server-Side.Request.Forgery MEDIUM" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "rs-members No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rover-idx 3.0.0.2906 Authenticated.(Subscriber+).Authentication.Bypass.to.Administrator HIGH" "rover-idx 3.0.0.2905 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "randomtext No.known.fix Subscriber+.SQLi HIGH" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rightmessage No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "razorpay-payment-button-elementor 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reservit-hotel 3.0 Admin+.Stored.XSS LOW" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "rescue-shortcodes 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rescue_progressbar.Shortcode MEDIUM" "rescue-shortcodes 2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "rsv-pdf-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "revslider 6.7.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "read-more No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Read.More.Button.Deletion MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "root-cookie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "real-estate-listing-realtyna-wpl 4.14.14 Admin+.Arbitrary.File.Upload MEDIUM" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "random-banner No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "random-banner No.known.fix Admin+.Stored.XSS LOW" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "reviewstap 1.1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "report-broken-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "razorpay-payment-button 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "r-animated-icon No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rsv-google-maps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "relevanssi 4.23.1 Contributor+.Stored.XSS MEDIUM" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "rest-api-fns No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "rest-api-fns No.known.fix Privilege.Escalation CRITICAL" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "rate-star-review 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "recipepress-reloaded No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty-workstation No.known.fix Missing.Authorization MEDIUM" "realty-workstation No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "realty-workstation 1.0.15 Agent.SQLi HIGH" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rometheme-for-elementor 1.5.3 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.5.3 Contributor+.Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "rometheme-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "really-simple-ssl-pro 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "rich-web-share-button No.known.fix Unauthenticated.SQL.Injection CRITICAL" "rich-web-share-button No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rewp 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resads No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "resads No.known.fix Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reftagger-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "rsvpmaker-for-toastmasters 6.2.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "roi-calculator 1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "real-wp-shop-lite No.known.fix Admin+.Stored.XSS LOW" "registered-user-sync-activecampaign No.known.fix Missing.Authorization MEDIUM" "reactflow-session-replay-heatmap No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "ragic-shortcode 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-data-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-flickr-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "robokassa 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rezgo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "restrict-anonymous-access 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.section_tag.Parameter MEDIUM" "responsive-block-editor-addons 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-post-generator-echo 5.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rename-author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "rduplicator No.known.fix Contributor+.SQLi HIGH" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "ra-qrcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "rucy No.known.fix CSRF.Bypass MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "revisionary 3.5.16 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "revisionary 3.5.15 Reflected.Cross-Site.Scripting MEDIUM" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "realty 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rccp-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "relogo No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "real3d-flipbook-lite 4.8.5 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.21.1 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "recently-viewed-most-viewed-and-sold-products-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "restaurantconnect-reswidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "seguro-viagem No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "serped-net 4.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "sfwd-lms 4.20.0.3 Missing.Authorization MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress No.known.fix Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "seo-automated-link-building 2.5.3 Missing.Authorization MEDIUM" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slicko-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "smsify 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "seriously-simple-podcasting 3.6.0 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "spotlightr 0.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "skyword-plugin 2.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "soumettre-fr 2.1.4 Missing.Authorization MEDIUM" "scan-external-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "schema-app-structured-data-for-schemaorg 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "signup-page No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "stageshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "sopa-blackout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stop-registration-spam 1.24 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "sovratec-case-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-code-insert-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "sendpulse-web-push 1.3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "small-package-quotes-wwe-edition 5.2.18 Unauthenticated.SQL.Injection HIGH" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "styler-for-ninja-forms-lite No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Deletion.via.deactivate_license MEDIUM" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smooth-page-scroll-updown-buttons 1.4.1 Authenticated.Stored.XSS.via.psb_positioning LOW" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "service No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "simple-presenter 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "stripe-manager No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "simple-nav-archives No.known.fix Settings.Update.via.CSRF MEDIUM" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "skt-addons-for-elementor 3.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "skt-addons-for-elementor 3.2 Contributor+.Stored.XSS MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "super-socializer 7.14.1 Unauthenticated.Limited.SQL.Injection.via.'SuperSocializerKey' MEDIUM" "super-socializer 7.14 Authentication.Bypass HIGH" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "shoutcast-icecast-html5-radio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "sb-random-posts-widget 1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "swift-performance-lite 2.3.7.2 Unauthenticated.Local.PHP.File.Inclusion.via.'ajaxify' HIGH" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-news No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.news.Shortcode MEDIUM" "s-dev-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scratch-win-giveaways-for-website-facebook 2.8.0 Cross-Site.Request.Forgery.via.reset_installation.Function MEDIUM" "scratch-win-giveaways-for-website-facebook 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "store-credit-for-woocommerce 1.0.49.47 Reflected.Cross-Site.Scripting MEDIUM" "simplified-content 1.0.1 XSS MEDIUM" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "sksdev-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sign-in-with-google No.known.fix Authentication.Bypass.in.authenticate_user CRITICAL" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "save-as-pdf-by-pdfcrowd 4.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "salvador-ai-image-generator No.known.fix Missing.Authorization MEDIUM" "share-on-diaspora 0.7.2 XSS MEDIUM" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "streamweasels-kick-integration 1.1.2 Blocks.and.Shortcodes.for.Embedding.Kick.Streams.<.1.1.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-kick-embed.Shortcode MEDIUM" "svt-simple No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "simplepress 6.10.12 Reflected.Cross-Site.Scripting MEDIUM" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "surly No.known.fix Missing.Authorization MEDIUM" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "slide No.known.fix Missing.Authorization.to.Content.Injection MEDIUM" "slide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slide No.known.fix Missing.Authorization MEDIUM" "system-dashboard No.known.fix Reflected.Cross-Site.Scripting.via.Filename.Parameter MEDIUM" "system-dashboard 2.8.15 Unauthenticated.Stored.XSS HIGH" "system-dashboard 2.8.15 Admin+.Path.Traversal MEDIUM" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "seo-meta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "service-updates-for-customers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "simple-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-payment 2.3.8 Reflected.Cross-Site.Scripting MEDIUM" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "search-logger No.known.fix Admin+.SQLi MEDIUM" "splash-connector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "smart-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spoki 2.15.16 Contributor+.Stored.XSS MEDIUM" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Reflected.Cross-Site.Scripting.via.monthly_sales_current_year.Parameter MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update./.Data.Access MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "standard-box-sizes 1.6.14 Missing.Authorization MEDIUM" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "simple-popup-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smaily-for-wp No.known.fix Contributor+.Stored.XSS MEDIUM" "shine-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saksh-escrow-system No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "selar-co-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sailthru-triggermail No.known.fix Subscriber+.Stored.XSS HIGH" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "social-media-sharing No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "smooth-streaming-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-file-list 6.1.13 Reflected.Cross-Site.Scripting HIGH" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "so-widgets-bundle 1.64.1 Missing.Authorization LOW" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sql-chart-builder No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "search-meter 2.13.3 CSV.Injection MEDIUM" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "simple-project-managment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-header-and-footer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stars_testimonials.Shortcode MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "sinking-dropdowns No.known.fix Cross-Site.Request.Forgery HIGH" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sell-media-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "spacer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Information.Disclosure LOW" "spacer 3.0.7 Admin+.Stored.XSS LOW" "shortcode-for-redirection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "salon-booking-system 10.9.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "salon-booking-system 1.9.4 Admin+.Stored.XSS LOW" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "slider-for-writers No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "svegliat-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-for-amp-web-stories-and-elementor-widget 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "smoove-elementor 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "social-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "security-malware-firewall 2.145.1 Authorization.Bypass.via.Reverse.DNS.Spoofing.to.Unauthenticated.SQL.Injection HIGH" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "showhide-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-pro-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "smart-manager-for-wp-e-commerce 8.53.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-manager-for-wp-e-commerce 8.46.0 Missing.Authorization MEDIUM" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "support-x 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "stax-buddy-builder 1.8.0 Contributor+.Post.Disclosure MEDIUM" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "simple-proxy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "softtemplates-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "sided No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "strong-testimonials 3.1.17 Missing.Authorization MEDIUM" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "simple-custom-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "sitemap-index No.known.fix Admin+.XSS LOW" "simpul-events-by-esotech No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "simple-testimonials-showcase No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "stockdio-historical-chart 2.8.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sky-elementor-addons 2.6.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Cross-Site.Request.Forgery.to.Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Switcher.Widget.Elementor.Template MEDIUM" "sky-elementor-addons 2.5.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "ssl-wireless-sms-notification 3.6.0 Unauthenticated.SQL.Injection HIGH" "ssl-wireless-sms-notification No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "slick-engagement 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slick-grid.Shortcode MEDIUM" "square-thumbnails 1.1.2 Missing.Authorization MEDIUM" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sureforms 1.2.3 Missing.Authorization.to.Unauthenticated.Protected.Post.Disclosure MEDIUM" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "skillbars 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "surbma-salesautopilot-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "scrollup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "sb-core No.known.fix Authentication.Bypass CRITICAL" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "simple-notification No.known.fix Missing.Authorization MEDIUM" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting.via.page.Parameter MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "suki-sites-import No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "simply-rets 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "simple-social-share-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.3.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "singsong No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "saoshyant-element No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spendino No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "syncfields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.16 Cross-Site.Request.Forgery MEDIUM" "social-auto-poster 5.3.16 Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "smart-custom-fields No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "stylish-internal-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "stop-comment-spam 0.5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "send-to-twitter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "stacks-mobile-app-builder No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stacks-mobile-app-builder No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "stacks-mobile-app-builder No.known.fix Authentication.Bypass CRITICAL" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sportspress-tv No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sweepwidget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "sell-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-media-shortcodes 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "svg-block 1.1.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "semalt No.known.fix Admin+.Stored.XSS LOW" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "sola-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "survey-maker 5.1.3.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Survey.Question MEDIUM" "survey-maker 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.9.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "scrollbar-by-webxapp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "site-pin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-vertical-timeline No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-web-suite 4.1.12 Directory.Traversal.to.Arbitrary.File.Download HIGH" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sirv 7.3.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Option.Deletion HIGH" "sirv 7.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "sales-page-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "sw-contact-form No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "search-order-by-product-sku-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "step-by-step No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "seo-blogger-to-wordpress-301-redirector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "smart-marketing-for-wp 5.0.5 Missing.Authorization MEDIUM" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "simple-downloads-list 1.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "shortcode-in-comment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "show-google-analytics-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soundy-audio-playlist No.known.fix XSS MEDIUM" "spiderpowa-embed-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seedprod-coming-soon-pro-5 No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "seedprod-coming-soon-pro-5 6.18.14 Authenticated.(Editor+).Remote.Code.Execution HIGH" "seedprod-coming-soon-pro-5 No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "ssv-mailchimp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "simply-gallery-block 3.2.4.3 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.6.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Sina.Image.Differ MEDIUM" "sina-extension-for-elementor 3.5.8 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Sina.Modal.Box.Widget.Elementor.Template MEDIUM" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "skt-builder 4.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "shortcode-variables 4.1.7 Authenticated.(Subscriber+).Shortcode.Deletion MEDIUM" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "simpleschema-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "shiptimize-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smsa-shipping-official 2.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "simple-comment-editing 3.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "sunshine-photo-cart 3.2.11 Open.Redirect MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.9 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "small-package-quotes-unishippers-edition 2.4.9 Unauthenticated.SQL.Injection HIGH" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-gallery-odihost No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "simple-membership 4.5.6 Exposure.of.Private.Personal.Information.to.an.Unauthorized.Actor MEDIUM" "simple-membership 4.5.4 Unauthenticated.Open.Redirect MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "simple-table-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "svgplus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sa-post-author-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "sogrid 1.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "sogrid 1.5.7 Unauthenticated.Local.File.Inclusion CRITICAL" "sogrid 1.5.7 Authenticated.(Admin+).Local.File.Inclusion HIGH" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "social-testimonials-and-reviews-widget 5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "safetymails-forms No.known.fix Cross-Site.Request.Forgery HIGH" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "sugar-calendar-lite 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "social-locker-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-testimonial 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "sticky-social-icons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-social-icons No.known.fix Admin+.Stored.XSS LOW" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "sk-wp-settings-backup No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "snipe-nginx-cache No.known.fix Missing.Authorization MEDIUM" "spiffy-calendar 4.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.13 Authenticated.(Admin+).SQL.Injection MEDIUM" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "side-menu-lite 5.3.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "smallerik-file-browser No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "shortcode-bootstrap-visuals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stream-status-for-twitch 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "slick-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "simple-embed-code 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "social-login-wp No.known.fix CSRF MEDIUM" "sv-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "strx-magic-floating-sidebar-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "sg-helper No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "salert 1.2.2 Reflected.XSS HIGH" "simple-business-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-support-for-elementor-templates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortpixel-image-optimiser 5.6.4 Authenticated.(Editor+).SQL.Injection MEDIUM" "shortpixel-image-optimiser 5.6.4 Missing.Authorization MEDIUM" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "seo-beginner-auto-post No.known.fix Missing.Authorization.to.File.Overwrite/Upload.(Remote.Code.Execution) CRITICAL" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "same-but-different No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "simple-image-popup 2.5.3 Admin+.Stored.XSS LOW" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "simpleform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sensly-online-presence No.known.fix Admin+.Stored.XSS LOW" "slideshow-gallery 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sandbox No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sandbox.Download MEDIUM" "sandbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "smart-mockups No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-pricing-table No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "steel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn.Shortcode MEDIUM" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "service-boxs 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seur 2.2.12 Reflected.Cross-Site.Scripting MEDIUM" "seur 2.2.11 Unauthenticated.SQL.Injection HIGH" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "smdp-affiliate-platform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "seo-help 6.1.4 Reflected.Cross-Site.Scripting MEDIUM" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shockingly-big-ie6-warning No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smartlink-dinamic-urls 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.7 Cross-Site.Request.Forgery MEDIUM" "searchiq 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "svgator No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "social-connect No.known.fix Authentication.Bypass CRITICAL" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "super-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "support-chat 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsaio_snapchat.Shortcode MEDIUM" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "siteorigin-panels 2.31.1 Contributor+.Stored.XSS.via.Row.Label.Parameter MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "scroll-triggered-animations 3.0.16 Reflected.Cross-Site.Scripting HIGH" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "screenshot-machine-shortcode 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "smart-wishlist-for-more-convert 1.8.8 Unauthenticated.Wishlist.Disclosure.via.download_pdf_file.Function HIGH" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "sms-alert 3.7.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "sms-alert 3.7.6 WooCommerce.<.3.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_subscribe.Shortcode MEDIUM" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications..WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "svg-complete No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "social-media-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sellsy 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scroll-styler No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "subscriptiondna 2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "shiftcontroller 4.9.67 Reflected.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.65 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "snap-pixel No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel No.known.fix Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spotifyplaybutton.Shortcode MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "seraphinite-discount-for-woocommerce 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "simple-org-chart No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-org-chart No.known.fix Unauthenticated.Tree.Settings.Update MEDIUM" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spice-starter-sites No.known.fix Missing.Authorization.to.Unauthenticated.Demo.Content.Import MEDIUM" "spice-starter-sites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "smooth-gallery-replacement No.known.fix CSRF.to.Stored.XSS HIGH" "shared-files 1.7.43 Limited.Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "shortcode-elementor 1.0.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "superior-faq No.known.fix CSRF MEDIUM" "simple-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "shopkeeper-extender 3.7 Contributor+.Stored.XSS MEDIUM" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "showbizpro No.known.fix Shell.Upload CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "streamweasels-youtube-integration 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-youtube-embed.Shortcode MEDIUM" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "simple-al-slider No.known.fix Reflected.XSS HIGH" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "s2member 241216 Authenticated.(Contributor+).Sensitive.Information.Exposure HIGH" "s2member 241216 Unauthenticated.Remote.Code.Execution HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "simplemodal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-content-construction-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "searchie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sip-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "solar-wizard-lite 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-ldap-login 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "sr-partner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-link-directory 8.4.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "simple-booking-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-locator 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-proof-testimonials-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spslider-block.Shortcode MEDIUM" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "service-provider-profile-cpt No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ssv-events No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "swoop-password-free-authentication No.known.fix Authentication.Bypass CRITICAL" "search-analytics 1.4.11 Reflected.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "sastra-essential-addons-for-elementor 1.0.15 Missing.Authorization.to.Spexo.Theme.Install MEDIUM" "sastra-essential-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scroll-top-advanced No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "slope-widgets 4.2.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "shipyaari-shipping-managment No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sprout-invoices 20.8.1 Insecure.Direct.Object.Reference MEDIUM" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "social-link-groups No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "semantic-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "slicewp 1.1.24 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-custom-post-order 2.5.8 Missing.Authorization MEDIUM" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-job-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "spider-contacts No.known.fix Reflected.XSS HIGH" "sakolawp-lite No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "slidedeck-lite-for-wordpress No.known.fix Reflected.XSS HIGH" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sermonaudio-widgets No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "smartemailing 2.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "scancircle 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "surbma-premium-wp 10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "share-button 1.20 Reflected.Cross-Site.Scripting MEDIUM" "subaccounts-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting HIGH" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "sidebar-content-from-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salavat-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "securesubmit No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "securesubmit No.known.fix Missing.Authorization MEDIUM" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "stars-smtp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "surveyjs 1.12.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "sensei-lms 4.24.4 Unauthenticated.sensei_email/sensei_message.Disclosure MEDIUM" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "surbma-font-awesome 3.1 Contributor+.Stored.XSS MEDIUM" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "spatialmatch-free-lifestyle-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "slotti-ajanvaraus 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "suevafree-essential-kit 1.1.4 Contributor+.Stored.XSS MEDIUM" "show-visitor-ip-address No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "scottcart No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-travel-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "smoothscroller No.known.fix Admin+.Stored.XSS LOW" "skt-blocks 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.7 Contributor+.Stored.XSS MEDIUM" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "solidres No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "solidres No.known.fix Reflected.XSS HIGH" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "solidres No.known.fix Admin+.Stored.XSS LOW" "searchpro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "seraphinite-accelerator 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "spreadr-for-woocomerce 1.0.5 Missing.Authorization.to.Arbitrary.Content.Deletion HIGH" "spreadr-for-woocomerce 1.0.5 Missing.Authorization MEDIUM" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "simplistic-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-captcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sema-api 5.30 Reflected.Cross-Site.Scripting.via.catid.Parameter MEDIUM" "sema-api 4.02 Unauthenticated.SQLi HIGH" "surferseo 1.6.0.523 Authenticated.(Administrator+).SQL.Injection MEDIUM" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "schema-and-structured-data-for-wp 1.36 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "shortcode-collection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sp-blog-designer No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "st-gallery-wp No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-page-access-restriction 1.0.30 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sh-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "super-block-slider 2.8 Missing.Authorization MEDIUM" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-baseball-scoreboard No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "subscribe-to-comments 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "simple-side-tab 2.2.0 Admin+.Stored.XSS LOW" "smoothness-slider-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "seo-keywords No.known.fix Reflected.Cross-Site.Scripting.via.google_error.Parameter MEDIUM" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "shipworks-e-commerce-bridge 5.2.6 Cross-Site.Request.Forgery.to.Service.Password/Username.Update MEDIUM" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "social-share-with-floating-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-local-avatars 2.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Cache.Clearing MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "support-svg 1.1.1 .Authenticated.(Author+).Stored.Cross-site.Scripting.via.SVG.File.Upload MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "smart-shopify-product No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "saaspricing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "staggs 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "sassy-social-share 3.3.70 Reflected.Cross-Site.Scripting.via.heateor_mastodon_share.Parameter MEDIUM" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "school-management-system 4.2 Admin+.SQLi MEDIUM" "speakout 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "sticky-social-link No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "saragna-social-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "style-admin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seo-bulk-editor No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "seo-landing-page-generator 1.66.3 Reflected.Cross-Site.Scripting MEDIUM" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "simple-restrict 1.2.8 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "shortcodes-anywhere No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "skt-nurcaptcha 3.6.0 Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "social-rocket No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "social-rocket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "security-force No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "safe-svg 2.2.6 Author+.SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "simple-dashboard No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "simple-google-maps-short-code 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitepact-klaviyo-contact-form-7 3.0.0 Unauthenticated.SQL.Injection HIGH" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "simple-lightbox-gallery No.known.fix Author+.Stored.XSS MEDIUM" "simple-lightbox-gallery 1.10.0 .Contributor+.PHP.Object.Injection MEDIUM" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-twitch-embed.Shortcode MEDIUM" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "shabbos-and-yom-tov No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "shopready-elementor-addon No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "saoshyant-page-builder No.known.fix Missing.Authorization MEDIUM" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "svg-shortcode No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-gallery-with-filter 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "simple-goods No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Arbitrary.Plugin.Installation HIGH" "simple-301-redirects 2.0.4 2.0.0..2.0.3.-.Arbitrary.Plugin.Activation HIGH" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "string-locator 2.6.7 Unauthenticated.PHP.Object.Injection HIGH" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv100-companion No.known.fix Missing.Authorization.to.Unuathenticated.Arbitrary.Options.Update CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sticky-buttons 4.1.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "seo-wordpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "stackable-ultimate-gutenberg-blocks 3.13.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.7 Unauthenticated.CSS.Injection MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simplegmaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "school-management 92.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "school-management 92.0.0 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "simple-video-management-system No.known.fix Admin+.Stored.XSS LOW" "simple-video-management-system No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "squirrly-seo 12.3.21 Editor+.Stored.XSS LOW" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "seo-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "sight 1.1.3 Missing.Authorization.to.Sensitive.Information.Exposure.in.handler_post_title MEDIUM" "sell-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "share-this-image 2.02 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shop-assistant-for-woocommerce-jarvis 2.9.2 Missing.Authorization MEDIUM" "skt-templates 6.15 Reflected.Cross-Site.Scripting MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seraphinite-accelerator-ext 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "stratum 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Vulnerability.via.Image.Hotspot.Widget MEDIUM" "stratum 1.4.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simpleform-contact-form-submissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "skyboot-portfolio-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "skip-to No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "simple-membership-after-login-redirection 1.7 Open.Redirect MEDIUM" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopelement 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "slidedeck2 2.3.5 Unspecified.File.Inclusion CRITICAL" "stray-quotes No.known.fix Reflected.XSS HIGH" "simple-download-monitor 3.9.26 Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-by-rank-math 1.0.232 Admin+.Remote.Code.Execution MEDIUM" "seo-by-rank-math 1.0.229 Admin+.PHP.Object.Injection MEDIUM" "seo-by-rank-math 1.0.229 Unauthenticated.User.and.Term.Metadata.Insert/Update/Deletion MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "selection-lite 1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "share-buttons No.known.fix Admin+.Stored.XSS LOW" "share-buttons No.known.fix Unauthenticated.Image.Upload.&.Path.Traversal MEDIUM" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "sticky-social-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "shopengine 4.1.2 CSRF MEDIUM" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "tidy-up No.known.fix Cross-Site.Request.Forgery MEDIUM" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "transients-manager 2.0.7 Cross-Site.Request.Forgery MEDIUM" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "target-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "the-pack-addon 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tailored-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-designer No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "tiny-compress-images 3.4.4 Cross-Site.Request.Forgery MEDIUM" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "transportersio 2.1.2 Stored.XSS.via.CSRF HIGH" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "themehunk-megamenu-plus 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.0 .Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "teleadmin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "team-118group-agent No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "trendy-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "tlp-team 4.4.2 Editor+.Stored.XSS LOW" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "theme-per-user No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tock-widget 1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "token-login No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "travel-light No.known.fix CSRF.Bypass MEDIUM" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "top-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "themify-audio-dock 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "truepush-free-web-push-notifications No.known.fix Missing.Authorization MEDIUM" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "time-clock-pro 1.1.5 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "telecash-ricaricaweb No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "tida-url-screenshot 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "text-advertisements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "tigris-flexplatform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "timeline-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[placeholder] MEDIUM" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "tabs-shortcode No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "tainacan 0.21.13 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.11 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 0.21.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.4 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.content_template MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "theatre 0.18.7 Reflected.Cross-Site.Scripting MEDIUM" "theatre 0.18.4 Admin+.Stored.XSS LOW" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tabs-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templately 3.1.6 Missing.Authorization MEDIUM" "templately 3.1.6 Missing.Authorization.via.AJAX.actions MEDIUM" "templately 3.1.3 Missing.Authorization MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tc-ecommerce No.known.fix Unauthenticated.SQLi HIGH" "tc-ecommerce No.known.fix Password.Change/Account.Takeover/Privilege.Escalation CRITICAL" "the-permalinker 1.9.0 Contributor+.Stored.XSS MEDIUM" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "track-logins No.known.fix Admin+.SQL.Injection MEDIUM" "third-party-cookie-eraser No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 2.9.2 Unauthenticated.Plugin.Setup.Wizard.Access HIGH" "ti-woocommerce-wishlist 2.9.1 Unauthenticated.SQL.Injection.via.lang.parameters HIGH" "ti-woocommerce-wishlist 2.9.0 Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "telegram-bot No.known.fix Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "twigify No.known.fix Vulnerable.Twig.Package MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "toggles-shortcode-and-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tamara-checkout 1.9.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "themesflat-addons-for-elementor 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Information.Exposure LOW" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "thesography No.known.fix Admin+.Stored.XSS LOW" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "tweeple No.known.fix Reflected.XSS HIGH" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tpg-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-store-locator 1.2.0 Cross-Site.Request.Forgery MEDIUM" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tribute-testimonial-gridslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "tiger-form 2.1.0 Reflected.XSS HIGH" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "talkback-secure-linkback-protocol No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taboola 2.0.2 CSRF MEDIUM" "tag-groups 2.0.4 Missing.Authorization.to.Information.Exposure MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "twitter-posts No.known.fix Settings.Update.via.CSRF MEDIUM" "the-events-calendar 6.9.1 Contributor+.Stored.XSS MEDIUM" "the-events-calendar 6.8.2.1 Unauthenticated.Password.Protected.Event.Disclosure MEDIUM" "the-events-calendar 6.6.4.1 Unauthenticated.SQL.Injection MEDIUM" "the-events-calendar 6.6.4 Admin+.Stored.XSS LOW" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "time-clock 1.2.3 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "themify-builder 7.6.6 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-builder 7.6.6 Contributor+.Stored.XSS MEDIUM" "themify-builder 7.6.3 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tagregator No.known.fix Stored.XSS MEDIUM" "themedy-toolbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themedy-toolbox 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "topbar-id-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tcbd-auto-refresher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tangible-loops-and-logic 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "translation-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-builder-for-elementor 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tourfic 2.15.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "tourfic 2.15.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tumult-hype-animations 1.9.16 Authenticated.(Author+).Arbitrary.File.Upload.via.hypeanimations_panel.Function CRITICAL" "tumult-hype-animations 1.9.15 Missing.Authorization MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timetics 1.0.28 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.28.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "timetics 1.0.26 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.26.-.Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.User.Password/Email.Reset/Account.Takeover CRITICAL" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "twitter-follow 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "timeslot 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "twitter-anywhere-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Stored.XSS.via.Shortcode HIGH" "threewp-broadcast 51.02 Reflected.Cross-Site.Scripting MEDIUM" "tour-booking-manager 1.8.6 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "trustist-reviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twitter-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "terms-descriptions 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "terms-descriptions 2.4.8 Admin+.Stored.XSS LOW" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "t-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting.via.'tab' MEDIUM" "team-rosters No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tubepress 1.6.5 XSS MEDIUM" "tripetto 8.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto No.known.fix Unauthentiated.Stored.Cross-Site.Scripting.via.Form.File.Upload HIGH" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "twchat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "twchat 3.1.5 Multiple.CSRF MEDIUM" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "twitterpost No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tourmaster 5.3.5 Reflected.XSS HIGH" "tourmaster 5.3.4 Unauthenticated.Stored.XSS.via.Room.Booking HIGH" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "tubepressnet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "tagmaker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-showcase-supreme 7.5 Editor+.Local.File.Inclusion HIGH" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "themefuse-maintenance-mode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tube-video-ads-lite No.known.fix Reflected.XSS HIGH" "thoughtful-comments 0.3.6 Missing.Authorization LOW" "taxonomy-discounts-woocommerce 5.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "testimonial-slider-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "tinycode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "trademe-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "typing-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "truebooker-appointment-booking 1.0.3 Settings.Update.via.CSRF MEDIUM" "truebooker-appointment-booking 1.0.3 Multiple.Unauthenticated.SQLi HIGH" "taketin-to-wp-membership No.known.fix Subscriber+.PHP.Object.Injection HIGH" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "team-showcase-ultimate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taeggie-feed 0.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tickera-event-ticketing-system 3.5.4.9 Unauthenticated.Customer.Data.Exposure MEDIUM" "tickera-event-ticketing-system 3.5.4.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "tour-operator 2.0.0 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "tito No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "table-of-contents-plus No.known.fix Admin+.Stored.XSS LOW" "table-of-contents-plus No.known.fix Cross-Site.Request.Forgery MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "ts-comfort-database No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "typebot 3.6.1 Contributor+.Stored.XSS MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "termin-kalender 1.00.04 Missing.Authorization.to.Authenticated.(Subscriber+) MEDIUM" "top-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "training No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "transfinanz No.known.fix Reflected.XSS HIGH" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "tcbd-popover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "themify-wc-product-filter 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "toggle-the-title No.known.fix XSS MEDIUM" "themeshark-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trackserver 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "theme-my-ontraport-smartform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Installation MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "torod 1.8 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tablepress 2.4.3 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 XXE.Injection MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "taskbuilder 3.0.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wppm_tasks.Shortcode MEDIUM" "taskbuilder 3.0.5 Admin+.SQL.Injection MEDIUM" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "trustmary 1.0.10 Contributor+.Stored.XSS MEDIUM" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "tsb-occasion-editor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "themes4wp-youtube-external-subtitles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tutor 2.7.7 User.Registration.Setting.Bypass.to.Unauthorized.User.Registration MEDIUM" "tutor 2.7.7 Unauthenticated.SQL.Injection.via.rating_filter HIGH" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS..eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "tm-islamic-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.4.0 Contributor+.Stored.XSS MEDIUM" "tracking-code-manager 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "team 1.22.26 Reflected.Cross-Site.Scripting HIGH" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 PHP.Object.Injection HIGH" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tripplan No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ticketsource-events 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "textboxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabulate No.known.fix Reflected.XSS HIGH" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "thim-elementor-kit 1.2.9 Missing.Authorization MEDIUM" "thim-elementor-kit 1.2.9.1 Contributor+.Stored.XSS MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "theperfectweddingnl-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "tune-library 1.5.5 SQL.Injection HIGH" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "twitter-real-time-search-scrolling No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "todo-custom-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "the-plus-addons-for-block-editor 4.0.8 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 4.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "truenorth-srcset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "th-variation-swatches 1.3.3 1.3.2.-.Cross-Site.Request.Forgery.to.Plugin.Settings.Reset MEDIUM" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "two-factor-login-telegram 3.1 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "two-factor-login-telegram 3.1 Two-Factor.Authentication.Bypass MEDIUM" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "user-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-management 1.2 Subscriber+.Arbitrary.File.Upload HIGH" "user-activity No.known.fix IP.Spoofing MEDIUM" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "utech-spinning-earth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "ultimate-post 4.1.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.17 Missing.Authorization.to.Arbitrary.Plugin.Installation/Activation HIGH" "ultimate-post 4.1.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "uber-grid No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "updraft No.known.fix Reflected.XSS HIGH" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "user-messages No.known.fix Reflected.XSS HIGH" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "unlimited-elements-for-elementor 1.5.136 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "unlimited-elements-for-elementor 1.5.127 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.122 Authenticated.(Editor+).Remote.Code.Execution HIGH" "unlimited-elements-for-elementor 1.5.122 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "updownupdown-postcomment-voting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "ultimate-classified-listings No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-classified-listings No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "ulisting 2.1.6 Unauthenticated.Information.Exposure MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "use-any-font 6.3.09 Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "ultimate-tinymce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "uix-slideshow 1.6.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "unilevel-mlm-plan No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "utech-world-time-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "users-control No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ultimate-flipbox-addon-for-elementor 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.4 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "uncanny-learndash-groups 6.1.1 Missing.Authorization.to.Authenticated.(Group.Leader+).User.Group.Add LOW" "uncanny-learndash-groups 6.1.1 Authenticated.(Group.Leader+).Privilege.Escalation HIGH" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Setting.Exposure MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Playlist/Video.Deletion MEDIUM" "userpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro No.known.fix Missing.Authorization MEDIUM" "userpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "uptime-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "urdu-formatter-shamil No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unique-ux No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "ultimate-image-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "usersnap 4.17 Admin+.Stored.XSS LOW" "ultimate-addons-for-gutenberg 2.16.3 Contributor+.Stored.XSS.via.Team.Widget MEDIUM" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "update-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.9.1 Admin+.Stored.XSS LOW" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "user-password-reset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "updraftplus 1.25.1 Backup/Restore.<.1.25.1.-.Reflected.XSS HIGH" "updraftplus 1.24.12 Unauthenticated.PHP.Object.Injection HIGH" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.11.2 Authenticated.(Admin+).SQL.Injection MEDIUM" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.9.2 Information.Exposure MEDIUM" "ultimate-member 2.9.2 Unauthenticated.SQL.Injection HIGH" "ultimate-member 2.9.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Profile.Picture.Update MEDIUM" "ultimate-member 2.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.8.7 Cross-Site.Request.Forgery.to.Membership.Status.Change MEDIUM" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "user-meta No.known.fix Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "userpro-messaging No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "ucat-next-story No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-coming-soon 1.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-coming-soon 1.1.0 Subscriber+.Template.Name.Update MEDIUM" "ultimate-coming-soon 1.1.0 Unauthenticated.Template.Activation MEDIUM" "user-location-and-ip No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "ukrainian-currency No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "uw-freelancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "universam-demo 8.59 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "unusedcss 2.4.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Setting.Reset MEDIUM" "unusedcss 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification.and.SQL.Injection HIGH" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "upload-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "user-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-store-kit 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "user-toolkit 1.2.4 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "user-avatar 1.4.12 Reflected.XSS HIGH" "universal-analytics-injector No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "user-drop-down-roles-in-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "ui-slider-filter-by-price No.known.fix Cross-Site.Request.Forgery MEDIUM" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "unlimited-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "utilities-for-mtg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uptodown-apk-download-widget 0.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "user-referral-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "userplus No.known.fix Privilege.Escalation CRITICAL" "userplus No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "userplus No.known.fix Editor+.Registration.Form.Update.to.Privilege.Escalation HIGH" "userplus No.known.fix Missing.Authorization.via.Multiple.Functions MEDIUM" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via._wpnonce MEDIUM" "ultimate-shortcodes-creator 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-popup-creator No.known.fix Unauthenticated.SQL.Injection HIGH" "ultimate-popup-creator No.known.fix Missing.Authorization.to.Unauthenticated.DB.Table.Truncation MEDIUM" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "uix-shortcodes 2.0.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "unlock-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "unlimited-theme-addons 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ultraaddons-elementor-lite 1.1.9 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.UA_Template.Shortcode MEDIUM" "ultraaddons-elementor-lite No.known.fix Author+.Stored.XSS MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "user-role-editor 4.64.4 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "vimeography 2.4.5 Sensitive.Information.Exposure MEDIUM" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "virtual-hdm-for-taxservice-am No.known.fix Unauthenticated.SQL.Injection HIGH" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "vayu-blocks 1.2.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "vrpconnector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "visit-site-link-enhanced No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vibebp 1.9.9.7.7 Unauthenticated.SQL.Injection HIGH" "vibebp 1.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "vibebp 1.9.9.5 Unauthenticated.Privilege.Escalation CRITICAL" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "v-form 3.0.7 Missing.Authorization MEDIUM" "v-form 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "vr-views No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "video-embed-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vod-infomaniak 1.5.10 Missing.Authorization MEDIUM" "vod-infomaniak 1.5.8 Cross-Site.Request.Forgery MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "video-contest No.known.fix Admin+.Stored.XSS LOW" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vdocipher 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "video-grid 1.22 Reflected.XSS HIGH" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "vr-frases No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vr-frases No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "vr-frases No.known.fix Reflected.XSS HIGH" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "verge3d 4.8.1 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "vc-addons-by-bit14 No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "vmax-project-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "video-embed-privacy 1.3 Reflected.Cross-Site.Scripting MEDIUM" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "vbsso-lite No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikbooking 1.6.8 Insecure.Direct.Object.References LOW" "vikbooking 1.6.8 Broken.Access.Control MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF MEDIUM" "vikbooking 1.5.12 Admin+.Stored.XSS LOW" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting LOW" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload MEDIUM" "vikbooking 1.5.4 Booking.Data.Disclosure MEDIUM" "vikbooking 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "visual-recent-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "vkontakte-wall-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "verowa-connect 3.0.2 Unauthenticated.SQL.Injection HIGH" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "video-wc-gallery 1.32 Missing.Authorization.to.Unauthenticated.Limited.File.Deletion MEDIUM" "viewmedica No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "verbalize-wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "visual-portfolio 3.3.10 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "virtual-bot No.known.fix Unauthenticated.SQL.Injection HIGH" "virtual-bot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vikappointments 1.2.17 Cross-Site.Request.Forgery MEDIUM" "vr-calendar-sync 2.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync 2.4.5 LFI.via.CSRF HIGH" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "visualmodo-elements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "videowhisper-live-streaming-integration 6.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "vp-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "video-player-for-wpbakery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "void-visual-whmcs-element 1.0.4.1 Contributor+.Stored.XSS MEDIUM" "video-share-vod 2.6.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-share-vod 2.6.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "vertical-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-nssuser-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 No.known.fix Admin+.Stored.XSS LOW" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "whizzy No.known.fix Missing.Authorization MEDIUM" "wp-popup-builder 1.3.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wp_ajax_nopriv_shortcode_Api_Add HIGH" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "wp-triggers-lite No.known.fix Reflected.XSS HIGH" "wp-triggers-lite No.known.fix Admin+.SQL.Injection MEDIUM" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-product-addon 33.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-taxonomy-meta No.known.fix Cross-Site.Request.Forgery.to.Taxonomy.Meta.Add/Delete MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpexperts-square-for-give No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpmarketplace No.known.fix Arbitrary.File.Upload HIGH" "wp-sendgrid-mailer No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cookie No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "we-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0..Authenticated.SQL.Injection MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wp-travel-blocks 3.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-whois-domain No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "w3-total-cache 2.8.2 Subscriber+.Server-Side.Request.Forgery HIGH" "w3-total-cache 2.8.2 Unauthenticated.Plugin.Deactivation.and.Extensions.Activation/Deactivation MEDIUM" "w3-total-cache 2.8.2 Information.Exposure.via.Log.Files LOW" "w3-total-cache 2.7.6 Sensitive.Credentials.Stored.in.Plaintext LOW" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) HIGH" "w3-total-cache 0.9.5 Information.Disclosure.Race.Condition CRITICAL" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "wayne-audio-player No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpfilesearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "wordpress-simple-paypal-shopping-cart 5.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-content-copy-protector 3.6.1 Cross-Site.Request.Forgery MEDIUM" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wpgsi-professional 3.6.0 CSRF.Bypass MEDIUM" "wpgsi-professional 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "woo-quote-calculator-order No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-quote-calculator-order No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "wootrello 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "weaver-themes-shortcode-compatibility No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpmailer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-switch No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "wp-fb-autoconnect 4.6.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wc-cashapp 6.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "wp-contest No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-slide-categorywise No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "wp-flipkart-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-pagseguro-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mylinks 1.0.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-weixin-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.30.04 Reflected.Cross-Site.Scripting.via.custom_server.Parameter MEDIUM" "wp-compress-image-optimizer 6.21.01 Reflected.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-point-of-sale 6.2.0 Insecure.Direct.Object.Reference.to.Privilege.Escalation.via.Arbitrary.User.Email.Change CRITICAL" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdevart-vertical-menu 1.5.9 Theme.Deletion.via.CSRF MEDIUM" "wpdevart-vertical-menu 1.5.9 Admin+.Stored.XSS LOW" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-yelp-review-slider 7.1 Subscriber+.SQLi HIGH" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "woozone 14.1.0 Reflected.Cross-Site.Scripting HIGH" "woozone No.known.fix Subscriber+.SQL.Injection HIGH" "woozone 14.1.0 Subscriber+.Privilege.Escalation HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.0.31 Unauthenticated.SQL.Injection HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-profile-avatar 1.0.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-user-profile-avatar 1.0.2 Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-dpd-baltic 1.2.84 Reflected.Cross-Site.Scripting HIGH" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "wp-widget-bundle No.known.fix Unauthencated.Reflected.XSS MEDIUM" "wp-widget-bundle No.known.fix Widget.Disable/Enable.via.CSRF MEDIUM" "wp-widget-bundle No.known.fix Admin+.Stored.XSS LOW" "wc-recently-viewed-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcal 0.9.5.9 Cross-Site.Request.Forgery MEDIUM" "wechat-subscribers-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "woocommerce-customers-manager 31.4 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "wpsite-follow-us-badges 3.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsite_follow_us_badges.Shortcode MEDIUM" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 3.3.0 Unauthenticated.SQLi HIGH" "wp-marketing-automations 3.2.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-visual-adverts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-download-mirror-counter No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "webcamconsult 1.6.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "wp-video-lightbox 1.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "wp-video-lightbox 1.9.7 Contributor+.Stored.XSS MEDIUM" "wp-video-lightbox 1.9.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-video-lightbox 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "wp-amaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-translate No.known.fix Missing.Authorization MEDIUM" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "wpf-ultimate-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "wdesignkit 1.1.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wptf-image-gallery No.known.fix Remote.File.Download HIGH" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wordpress-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "wp-cookies-enabler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woo-order-notes 1.5.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "wooexim No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wc-serial-numbers No.known.fix Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "wp-nested-pages 3.2.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.9 Editor+.Stored.XSS LOW" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "wm-zoom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wp-ptviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wps-child-theme-generator 1.2 Path.Traversal CRITICAL" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "wechat-social-login No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wechat-social-login No.known.fix Authentication.Bypass CRITICAL" "wp-action-network No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "wp-woo-commerce-sync-for-g-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-media-optimizer-webp No.known.fix Reflected.Cross-Site.Scripting.via.wpmowebp-css-resources.and.wpmowebp-js-resources.Parameters MEDIUM" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "wp-video-robot No.known.fix .Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Unauthenticated.SQL.Injection HIGH" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "wp-test-email 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.5.6 Unauthenticated.PHP.Object.Injection.via.Order.Details HIGH" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "woostagram-connect No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-smart-tv 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-dropshipping No.known.fix Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "wp-news-magazine 1.2.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woocommerce-jetpack 7.2.4 Authenticated.(ShopManager+).Stored.Cross-Site.Scripting.via.wcj_product_meta.Shortcode MEDIUM" "woocommerce-jetpack 7.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-quick-shop 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-registration 6.0 Missing.Authorization.to.User.Deletion CRITICAL" "wp-registration No.known.fix Unauthenticated.Account.Takeover CRITICAL" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "wc-support-system No.known.fix Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "wp-attachments No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wpperformancetester No.known.fix Cross-Site.Request.Forgery MEDIUM" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "wpdtol-database-table-overview-logs 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-events 4.1.3 Unauthenticated.Arbitrary.File.Overwrite CRITICAL" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paypal 1.2.3.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wm-options-import-export No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-worthy 1.7.0-0cde1c2 Cross-Site.Request.Forgery MEDIUM" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-propagator No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-pdf-invoice-builder 1.2.137 Reflected.Cross-Site.Scripting MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-image-seo No.known.fix Cross-Site.Request.Forgery MEDIUM" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "woocommerce-maintenance-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-whatsapp-chat 6.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wptables No.known.fix Reflected.XSS HIGH" "wpex-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woolementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wp-awesome-login No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "wp-options-editor No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-custom-google-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wps-hide-login 1.9.16.4 Hidden.Login.Page.Disclosure LOW" "wps-hide-login 1.9.16 Login.Page.Disclosure MEDIUM" "wps-hide-login 1.9.12 Hidden.Login.Page.Location.Disclosure LOW" "wps-hide-login 1.9.1 Protection.Bypass.with.Referer-Header MEDIUM" "wps-hide-login 1.5.5 Secret.Login.Page.Disclosure CRITICAL" "wps-hide-login 1.5.3 Multiples.Issues HIGH" "woo-advanced-product-size-chart No.known.fix Missing.Authorization MEDIUM" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "wpextended 3.0.13 Unauthenticated.SQL.Injection.via.Login.Attempts.Module HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting HIGH" "wpextended 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpextended 3.0.9 Missing.Authorization.to.Admin.Username.Change MEDIUM" "wpextended 3.0.9 Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "wpextended 3.0.9 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wpextended 3.0.9 Insecure.Direct.Object.Reference MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.selected_option MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.page MEDIUM" "wpextended 3.0.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpworx-faq No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "wpslacksync 1.8.6 Slack.Access.Token.Disclosure HIGH" "woo-discount-rules 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-enable-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ws-form 1.10.14 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.9.245 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "ws-form 1.9.244 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ws-form 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form 1.9.171 Authenticated(Administrator+).SQL.Injection MEDIUM" "ws-form 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-load-gallery No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-job-manager-companies 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wpbulky-wp-bulk-edit-post-types 1.0.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "wp-website-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpsso 18.18.2 Missing.Authorization MEDIUM" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-ecommerce-quickpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpschoolpress No.known.fix Authenticated.(Student/Parent+).SQL.Injection MEDIUM" "wpschoolpress 2.2.11 Insecure.Direct.Object.Reference.to.Authenticated.(Teacher+).Account.Takeover/Privilege.Escalation HIGH" "wpschoolpress 2.2.5 Teacher+.SQLi MEDIUM" "wpschoolpress 2.2.5 Cross-Site.Request.Forgery MEDIUM" "wpschoolpress 2.1.17 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wpschoolpress 2.1.10 Multiple.Authenticated.SQL.Injections HIGH" "wpschoolpress 2.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-connect No.known.fix Stored.XSS.via.CSRF HIGH" "wp-membership 1.6.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "wp-visual-slidebox-builder No.known.fix Subscriber+.SQLi HIGH" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wp-perfect-plugin 1.8.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-mailing-group No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-mailing-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wholesale-pricing-woocommerce 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wpbot-pro 13.5.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbot-pro 13.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Simple.Text.Response.Creation MEDIUM" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wip-incoming-lite 1.1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wpcasa-mail-alert 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-simple-html-sitemap 3.2 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wp-feature-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wpg-videos No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wiser-notify 2.6 Missing.Authorization MEDIUM" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "wphelpkit 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "wplegalpages 3.2.8 Cross-Site.Request.Forgery MEDIUM" "wplegalpages 2.9.3 Contributor+.Stored.XSS MEDIUM" "wplegalpages 2.7.1 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "wplegalpages 1.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-delivery-notes 5.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Logo.Deletion MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "wooCommerce-order-proposal 2.0.6 Authenticated.(Shop.Manager+).Privilege.Escalation.via.Order.Proposal HIGH" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpp-customization No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpvivid-backuprestore 0.9.107 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.108 Unauthenticated.PHP.Object.Injection HIGH" "wpvivid-backuprestore 0.9.106 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backuprestore 0.9.100 Admin+.PHAR.Deserialization HIGH" "wpvivid-backuprestore 0.9.69 Unauthenticated.SQLi.&.DoS HIGH" "wpvivid-backuprestore 0.9.95 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.92 WPvivid.<.0.9.92.-.Unauthenticated.Sensitive.Information.Exposure HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Arbitrary.Directory.Deletion.via.Path.Traversal HIGH" "wpvivid-backuprestore 0.9.91 Missing.Authorization.via.'start_staging'.and.'get_staging_progress' HIGH" "wpvivid-backuprestore 0.9.77 Admin+.Arbitrary.File.Deletion MEDIUM" "wpvivid-backuprestore 0.9.76 Admin+.Arbitrary.File.Read MEDIUM" "wpvivid-backuprestore 0.9.75 Admin+.PHAR.Deserialization MEDIUM" "wpvivid-backuprestore 0.9.71 Admin+.Arbitrary.File.Download LOW" "wpvivid-backuprestore 0.9.70 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.69 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpvivid-backuprestore 0.9.56 Reflected.Cross-Site.Scripting HIGH" "wpaudio-mp3-player No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "woolentor-addons 2.9.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.WL:.FAQ.Widget.Elementor.Template MEDIUM" "woolentor-addons 2.9.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "wp-easy-recipe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "wp-downloadmanager 1.68.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpify-woo 4.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.9 Missing.Authorization MEDIUM" "wpify-woo 3.5.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "wp-strava No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-touch-slider No.known.fix Reflected.XSS HIGH" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unauthorized.Form.Submission MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unpublished.Form.Exposure MEDIUM" "wordpress-popup 7.8.5 Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wp-desklite No.known.fix Reflected.XSS HIGH" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wpforms-user-registration 2.1.2 Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation HIGH" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 14.9 Reflected.XSS HIGH" "wpseo-local 14.9 CSRF MEDIUM" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "wc-price-history 2.1.5 Authenticated.(Shop.manager+).PHP.Object.Injection HIGH" "wc-price-history 2.1.4 Missing.Authorization MEDIUM" "wp-advanced-search 3.3.9.2 Unauthenticated.SQL.Injection HIGH" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "wp-bitly No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-bitly 2.7.3 Missing.Authorization MEDIUM" "wp-bitly 2.7.2 Contributor+.Stored.XSS MEDIUM" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "wp-show-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_more.Shortcode MEDIUM" "wt-woocommerce-wishlist 2.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.3 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-power-stats No.known.fix CSRF MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wp-all-import-pro No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-all-import-pro 4.9.4 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.File.Import HIGH" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "wp-base-booking-of-appointments-services-and-events 5.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.app_export_db MEDIUM" "wp-base-booking-of-appointments-services-and-events 4.9.2 Reflected.Cross-Site.Scripting.via.status.Parameter MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "wp-categories-widget 2.3 Reflected.XSS HIGH" "wordpress-popular-posts 7.2.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "wp-pipes 1.4.2 Reflected.Cross-Site.Scripting.via.x1.Parameter MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "wp-spid-italia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-education 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.text_html_tag MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "what-would-seth-godin-do 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "wp-datepicker 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.2 Missing.Authorization MEDIUM" "wp-datepicker 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "wooemailreport No.known.fix Reflected.XSS HIGH" "wp-jobsearch 2.6.8 Unauthenticated.Privilege.Escalation CRITICAL" "wp-jobsearch 2.6.8 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shapes No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-photo-album-plus 8.9.01.001 Unauthenticated.Arbitrary.Shortcode.Execution.via.getshortcodedrenderedfenodelay HIGH" "wp-photo-album-plus 8.8.07.004 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-shortcode 1.4.17 CSRF MEDIUM" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-product-table No.known.fix Reflected.XSS HIGH" "woo-product-table 3.5.2 Information.Exposure MEDIUM" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "wppizza 3.18.14 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.11 Missing.Authorization MEDIUM" "wppizza 3.18.3 Reflected.XSS HIGH" "wppizza 3.17.2 Reflected.XSS HIGH" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.18.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).SQL.Injection.via.orderby HIGH" "wp-mailster 1.8.17.0 Missing.Authorization MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Information.Exposure MEDIUM" "wp-mailster 1.8.17.0 Missing.Authorization HIGH" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "wpsolr-search-engine 8.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "webflow-pages 1.1.0 Missing.Authorization MEDIUM" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "wptools 3.43 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-gpx-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sgpx.Shortcode MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-google-maps 9.0.41 Cross-Site.Request.Forgery MEDIUM" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wpsynchro 1.11.3 Cross-Site.Request.Forgery MEDIUM" "wpsynchro 1.10.0 Settings.Update.via.CSRF MEDIUM" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "wp-contact-form7-email-spam-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-noexternallinks 4.3 Backdoored MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-one-click-upsell-funnel 3.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wps_wocuf_pro_yes.Shortcode MEDIUM" "wp-currency-exchange-rates 1.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wpdeepl 2.4.1.2 Log.Pruning.via.CSRF MEDIUM" "wpdeepl 1.7.5 API.Key.Disclosure MEDIUM" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 6.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "wp-with-spritz No.known.fix Unauthenticated.File.Inclusion CRITICAL" "wp-rss-aggregator 4.23.13 Missing.Authorization MEDIUM" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsection 1.3.9 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.2.4 Missing.Authorization MEDIUM" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-js-impress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wysija-newsletters 2.8.2 Spam.Vulnerability MEDIUM" "wrc-pricing-tables 2.3.8 Missing.Authorization MEDIUM" "wrc-pricing-tables 2.3.9 Admin+.Stored.XSS LOW" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "wpvivid-backup-mainwp 0.9.34 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpvivid-backup-mainwp 0.9.33 Reflected.Cross-Site.Scripting MEDIUM" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-automatic-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cleanup-and-basic-functions No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution CRITICAL" "wishlist-member-x No.known.fix Subscriber+.Privilege.Escalation HIGH" "wishlist-member-x No.known.fix Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Information.Disclosure MEDIUM" "wp-management-controller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-user-extra-fields 16.7 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-user-extra-fields 16.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-extra-fields 16.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "wp-greet 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-krpano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "ws-facebook-likebox No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "woo-checkout-field-editor-pro 2.0.4 Reflected.Cross-Site.Scripting.via.render_review_request_notice MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wpjam-basic 6.2.1.1 Contributor+.Stored.XSS MEDIUM" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-auctions No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.Stored.XSS LOW" "wp-auctions No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-basic-ordernumbers No.known.fix Missing.Authorization MEDIUM" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-analytify 5.5.0 Missing.Authorization MEDIUM" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wpematico 2.6.12 Admin+.Stored.Cross-Site.Scripting LOW" "woo-ukrposhta 1.18.0 Reflected.Cross-Site.Scripting.via.order,.post,.and.idd.Parameters MEDIUM" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-shipos-delivery No.known.fix Reflected.Cross-Site.Scripting.via.dvsfw_bulk_label_url.Parameter MEDIUM" "wpm-news-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "wpzoom-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "wpzoom-shortcodes 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-headmaster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wplr-sync 6.4.1 Missing.Authorization MEDIUM" "wplr-sync 6.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "wp-vertical-image-slider 1.2.17 .Reflected.XSS HIGH" "wp-vertical-image-slider 1.2.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2 Cross-Site.Scripting.&.CSRF CRITICAL" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wp-ban-user No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wh-cache-and-security No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-viewstl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "wp-responsive-photo-gallery 1.0.16 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "wp-responsive-photo-gallery 1.0.4 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.6.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.16 Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.Project.Task.List.REST.API MEDIUM" "wedevs-project-manager No.known.fix Authenticated.(Project.Manager+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.15 Missing.Authorization.to.Project.Milestone.and.Task.Creation/Deletion MEDIUM" "wedevs-project-manager 2.6.14 Insecure.Direct.Object.Reference.to.Unauthenticated.Authorization.Bypass HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "wpadcenter 2.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpadcenter_ad.Shortcode MEDIUM" "wpadcenter 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_alignment.Attribute MEDIUM" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "wp-monalisa 6.5 Cross-Site.Request.Forgery MEDIUM" "wp-health 2.17.1 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "wowrestro 1.1 CSRF.Bypass MEDIUM" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.53 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wpappninja 11.51 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.49 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.42 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.21 Admin+.Stored.XSS LOW" "wpappninja 11.19 Admin+.Stored.XSS LOW" "wpappninja 11.14 Contributor+.Stored.XSS MEDIUM" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "wphelpful No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "wp-reactions-lite 1.3.9 CSRF LOW" "wxsync No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-hide-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-custom-cart-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-hotel-booking 2.1.7 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "wp-hotel-booking 2.1.6 Missing.Authorization MEDIUM" "wp-hotel-booking No.known.fix Contributor+.Local.File.Inclusion HIGH" "wp-hotel-booking 2.1.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "wp-topbar No.known.fix CSRF MEDIUM" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-custom-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-private-content-plus 3.6.2 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-private-content-plus 3.6.1 Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "wpgt-google-translate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgt-google-translate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "woo-save-abandoned-carts 8.2.1 Cross-Site.Request.Forgery MEDIUM" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-imagezoom No.known.fix Reflected.XSS HIGH" "wp-post-author 3.8.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-author 3.8.2 Authenticated.(Administrator+).SQL.Injection HIGH" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "wufoo-shortcode 1.52 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "woo-multi-currency 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-voting-contest 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Admin+.Stored.XSS MEDIUM" "wpfront-notification-bar 2.1.0.08087 Authenticated.Stored.XSS LOW" "wpfront-notification-bar 2.0.0.07176 Authenticated.Stored.XSS MEDIUM" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "woocommerce-currency-switcher 1.4.2.3 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "woocommerce-multiple-free-gift No.known.fix Insufficient.Server-Side.Validation.to.Arbitrary.Gift.Adding MEDIUM" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "wp-knowledgebase No.known.fix CSRF MEDIUM" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wpcf7-redirect 3.0.0 Missing.Authorization MEDIUM" "wpcf7-redirect 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.6.0 Unauthenticated.Options.Update.to.Stored.XSS HIGH" "wpcf7-redirect 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Plugin.Installation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Post.Deletion MEDIUM" "wpcf7-redirect 2.3.4 Unauthenticated.Arbitrary.Nonce.Generation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.PHP.Object.Injection HIGH" "wpcf7-redirect 2.3.4 Unprotected.AJAX.Actions MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "woocommerce-custom-product-tabs-lite 1.9.1 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "while-it-is-loading No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "wovax-idx No.known.fix Missing.Authorization.to.Privilege.Escalation HIGH" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "wp2syslog No.known.fix Admin+.Stored.XSS LOW" "wp-courses 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Update HIGH" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-database-backup 7.4 Unauthenticated.Database.Back-Up.Exposure HIGH" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "wp-backitup No.known.fix Cross-Site.Request.Forgery.to.Backup.Trigger MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-login-with-ajax No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "winning-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-support-ticket-system 17.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Information.Exposure MEDIUM" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-support-ticket-system 17.8 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "wc-planzer-shipping 1.0.26 Reflected.Cross-Site.Scripting.via.processed-ids MEDIUM" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-csv-to-database No.known.fix CSRF LOW" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-slimstat 5.2.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "wpcs-wp-custom-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "wd-image-magnifier-xoss No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-feed No.known.fix Reflected.XSS HIGH" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wps-team 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wrapper-link-elementor 1.0.5 Injected.Backdoor CRITICAL" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "wp-spreadplugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "wp-crm-system 3.4.0 Unauthenticated.Duplicate.Contact.Settings.Update MEDIUM" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpbookit 1.6.10 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbookit 1.6.6 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "wpbookit No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-scribd-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wish-list-for-woocommerce-pro 3.1.3 3.1.2.-.Reflected.Cross-Site.Scripting.via.wtab.Parameter MEDIUM" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wpmozo-addons-lite-for-elementor 1.1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpmozo-addons-lite-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-mini-program No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "woo-advanced-product-information 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "wp-svg No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-custom-sidebar No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-corrector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpview No.known.fix Admin+.Stored.XSS LOW" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-abstracts-manuscripts-manager 2.7.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "woo-gift-cards-lite 3.0.7 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-timelines 3.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "web-directory-free 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "wp-travel No.known.fix Authenticated.(Author+).SQL.Injection MEDIUM" "wp-travel No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-travel 9.7.0 Missing.Authorization MEDIUM" "wp-travel 9.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.9.5 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.9.0 Missing.Authorization MEDIUM" "wc-product-table-lite 3.8.7 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.11 Missing.Authorization.via.wpbs_refresh_calendar_editor MEDIUM" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "wp-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-blocks-hub No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-megamenu No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-hss-extension-for-streaming-video No.known.fix Reflected.Cross-Site.Scripting.via.videolink.Parameter MEDIUM" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-baidu-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ws-contact-form 1.3.8 Admin+.Stored.XSS LOW" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wpdb-to-sql No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-nerd-toolkit No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "wp-e-commerce-style-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "we-client-logo-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "wpkoi-templates-for-elementor 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 2.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "wpkoi-templates-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Heading.Widget MEDIUM" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "waymark 1.4.2 Reflected.Cross-Site.Scripting.via.'content' MEDIUM" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "wsb-brands 1.2 Admin+.Stored.XSS LOW" "woo-binary-mlm No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woo-binary-mlm No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "wp-vr-view No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "wp-bulk-delete 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "wp-easy-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection.via.key.Parameter HIGH" "wp-easy-gallery No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "wp-easy-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Gallery.Manipulation MEDIUM" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "wp-users-masquerade No.known.fix Authentication.Bypass HIGH" "wheel-of-life 1.1.9 Missing.Authorization MEDIUM" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "wp-bootscraper 4.0.0 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-file-manager-pro 8.3.10 Unauthenticated.Backup.File.Download.and.Upload HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Limited.JavaScript.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpcasa 1.3.0 Insecure.Direct.Object.Reference MEDIUM" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "wow-carousel-for-divi-lite 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Carousel.and.Logo.Carousel.Widgets MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "wp-newsletter-subscription No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "websand-subscription-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-edit-templates No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wr-age-verification No.known.fix Unauthenticated.SQL.Injection HIGH" "wr-age-verification No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wr-age-verification 2.0.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "wp-agenda No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.6 Authenticated.(Editor+).Local.File.Inclusion HIGH" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "wti-like-post No.known.fix IP.Spoofing MEDIUM" "wti-like-post 1.4.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wti-like-post 1.4.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-ticket-ultra No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "woo-product-filter 2.7.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "wpformify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpformify 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wptelegram-widget 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "wp-publications No.known.fix Admin+.Stored.XSS LOW" "wp-publications No.known.fix Local.File.Inclusion HIGH" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "wp125 1.5.5 Arbitrary.Ad.Deletion.via.CSRF MEDIUM" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "wpjobboard 5.11.1 Reflected.Cross-Site.Scripting MEDIUM" "wpjobboard 5.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjobboard 5.7.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "wpjobboard 5.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 4.5 Multiple.SQL.Injections HIGH" "wpjobboard 5.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "wpc-smart-messages 4.2.2 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wpc-smart-messages 4.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Message.Activation/Deactivation MEDIUM" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wpupper-share-buttons 3.50 Missing.Authorization MEDIUM" "wpupper-share-buttons 3.43 Admin+.Stored.XSS LOW" "wp-vk 1.3.4 Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "wpide 3.5.0 Unauthenticated.Full.Path.Dislcosure MEDIUM" "wpide 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Read MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Edit.&.Upload MEDIUM" "wpide 3.0 Admin+.Local.File.Inclusion LOW" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "ws-form-pro 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form-pro 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form-pro 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wpglobus 1.9.7 Stored.XSS.&.CSRF HIGH" "wp-file-upload 4.24.14 Unuathenticated.Remote.Code.Execution CRITICAL" "wp-file-upload 4.25.0 Unauthenticated.Remote.Code.Execution,.Arbitrary.File.Read,.and.Arbitrary.File.Deletion CRITICAL" "wp-file-upload 4.24.14 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.in.wfu_file_downloader.php HIGH" "wp-file-upload 4.25.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "wp-file-upload 4.24.12 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.and.Deletion.in.wfu_file_downloader.php CRITICAL" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wedocs 2.1.5 Missing.Authorization MEDIUM" "wp-hosting-performance-check No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wpgateway No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "woo-manage-fraud-orders No.known.fix Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "woo-manage-fraud-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "woomotiv No.known.fix Unauthenticated.SQL.Injection HIGH" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wsify-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "wp-multitasking 0.1.18 WP.Utilities.<.0.1.18.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-admin-ui-customize 1.5.14 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "wpc-composite-products 7.2.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "wp-woocommerce-quickbooks 1.1.9 Reflected.Cross-Site.Scripting HIGH" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weather-atlas No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "wpspx No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woo-ups-pickup 2.6.6 Reflected.XSS HIGH" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "wpbrutalai 2.06 Admin+.Stored.XSS LOW" "wpbrutalai 2.0.1 Admin+.Reflected.XSS HIGH" "wpbrutalai 2.0.0 SQL.Injection.via.CSRF HIGH" "watermark-reloaded No.known.fix Cross-Site.Request.Forgery.via.optionsPage HIGH" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-multi-store-locator 2.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.5.1 Contributor+.Stored.XSS MEDIUM" "www-xml-sitemap-generator-org 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wpdm-gutenberg-blocks 2.1.9 Contributor+.XSS MEDIUM" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wp-word-count No.known.fix Missing.Authorization.via.calculate_statistics MEDIUM" "wp-word-count 3.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "watu 3.4.1.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wppdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-politic 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "woocommerce-inventory-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wp-awesome-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn2.Shortcode MEDIUM" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wise-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-tuner No.known.fix Missing.Authorization MEDIUM" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "wpo365-login 28.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pintra.Shortcode MEDIUM" "wpo365-login 15.4 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpo365-login 11.7 JWT.Signature.Verification.Bypass HIGH" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "wizhi-multi-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpc-grouped-product 4.4.3 Missing.Authorization MEDIUM" "wordlift No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "wppricing-builder-lite-responsive-pricing-table-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ad-guru No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wc-multivendor-marketplace 3.6.12 Reflected.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "wp-dropbox-dropins No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "wp-course-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-custom-profile-picture No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "web-push No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpvr 8.5.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpvr 8.5.6 Missing.Authorization MEDIUM" "wpvr 8.5.5 Missing.Authorization MEDIUM" "wpvr 8.3.15 Unauthenticated.Plugin.Downgrade.leading.to.XSS HIGH" "wpvr 8.3.5 Reflected.XSS HIGH" "wpvr 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.3.0 Subscriber+.Arbitrary.Tour.Update MEDIUM" "wpvr 8.2.9 Reflected.XSS HIGH" "wpvr 8.2.8 Subscriber+.Settings.Update MEDIUM" "wpvr 8.2.7 Contributor+.Stored.XSS MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Authenticated.(Contributor+).Local.File.Inclusion.via.'theme' HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Contributor+.Local.File.Inclusion HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "wp-wc-affiliate-program 8.5.0 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "webriti-custom-login-page No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wp-crm No.known.fix CSV.Injection LOW" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "wp-security-audit-log 5.2.2 Unauthenticated.Stored.Cross-Site.Scripting.via.User_id.Parameter HIGH" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-hardening 1.2.7 Unauthenticated.Security.Feature.Bypass.to.Username.Enumeration MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wip-woocarousel-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "wpguppy-lite 1.1.1 Subscriber+.Privilege.Escalation HIGH" "wpguppy-lite 1.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wpbricks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbricks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-floating-cart-lite 2.8.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpb-advanced-faq No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-job-portal 2.2.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Job.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Company.Logo.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Company.Deletion MEDIUM" "wp-job-portal 2.2.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.wpjobportal_deactivate() MEDIUM" "wp-job-portal 2.2.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.3 Missing.Authorization.to.Limited.Privilege.Escalation MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.getFieldsForVisibleCombobox() MEDIUM" "wp-job-portal 2.2.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal 2.1.9 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "wp-maximum-upload-file-size 1.1.4 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "wordpress-data-guards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Authentication.Bypass CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "woocommerce-check-pincode-zipcode-for-shipping No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-category-dropdown 1.9 Contributor+.Stored.XSS MEDIUM" "wp-docs 2.2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.2.1 Authenticated.(Subscriber+).Time-Based.SQL.Injection.via.'dir_id' MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "wpdatatables 6.3.2 Tables.&.Table.Charts.(Premium).<.6.3.2.-.Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 6.4 Tables.&.Table.Charts.(Premium).<.6.4.-.Missing.Authorization.to.DataTable.Access.&.Modification HIGH" "wpdatatables 3.4.2.14 Unauthenticated.Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "wpdatatables 3.4.2.5 Reflected.Cross-Site.Scripting. MEDIUM" "wpdatatables 2.1.66 Admin+.PHP.Object.Injection MEDIUM" "wpdatatables 2.1.50 Contributor+.Stored.XSS MEDIUM" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Permission.Takeover HIGH" "wpdatatables 3.4.2 Blind.SQL.Injection.via.start.Parameter CRITICAL" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Data.Deletion MEDIUM" "wpdatatables 3.4.2 Blind.SQL.Injection.via.length.Parameter CRITICAL" "wpdatatables 3.4.1 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 2.0.12 Cross-Site.Scripting.(XSS).&.SQL.Injection HIGH" "wpdatatables 1.5.4 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 1.5.4 Unauthenticated.Shell.Upload CRITICAL" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-limit-failed-login-attempts 5.6 Unauthenticated.SQL.Injeciton HIGH" "wp-limit-failed-login-attempts 5.4 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-experiments-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-experiments-free No.known.fix Missing.Authorization MEDIUM" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "woocommerce-ultimate-gift-card 2.9.1 Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<.2.9.1.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.45 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.45 Admin+.Arbitrary.File.Upload MEDIUM" "wptouch 4.3.44 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "wpgetapi 2.2.2 2.2.1.-.Authenticated.(Subscriber+).Arbitrary.Options.Update MEDIUM" "wp-log-viewer No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-prayers-request No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayers-request No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-map No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-login-customizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "wpc-shop-as-customer 1.2.9 Authentication.Bypass.Due.to.Insufficiently.Unique.Key HIGH" "wpc-shop-as-customer 1.2.7 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "wp-mediatagger No.known.fix Reflected.XSS HIGH" "wp-mediatagger No.known.fix Contributor+.Stored.XSS MEDIUM" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "wp-dream-carousel No.known.fix Reflected.XSS HIGH" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wpbits-addons-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpbits-addons-for-elementor 1.5 Contributor+.Stored.XSS MEDIUM" "wpbits-addons-for-elementor 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "wpgenealogy 0.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wpgenealogy 0.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-auto-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpgform No.known.fix Admin+.Stored.XSS LOW" "wpgform 0.94 Eval.Injection HIGH" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "wp-custom-fields-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcfs-preset.Shortcode MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-youtube-gallery 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping No.known.fix Missing.Authorization MEDIUM" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "wps-telegram-chat No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "wps-telegram-chat No.known.fix Authenticated.(Subscriber+).Unauthorized.Access.to.Telegram.Bot.API MEDIUM" "wp-social 3.0.8 Authentication.Bypass CRITICAL" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wphrm 1.1 Authenticated.SQL.Injection HIGH" "wdes-responsive-mobile-menu No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "woocommerce-simple-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Webinar.Updates HIGH" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review No.known.fix IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "wp-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "wpforms 1.8.5.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Form.Submission HIGH" "wpforms 1.7.7 CSV.Injection MEDIUM" "wp-ultimate-exporter 2.9.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "wp-ultimate-exporter 2.9.2 Authenticated.(Admin+).Remote.Code.Execution MEDIUM" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-wallet 1.5.7 Subscriber+.Funds.Creation MEDIUM" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "wpb-show-core 2.6 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpb-show-core No.known.fix Unauthenticated.Server.Side.Request.Forgery MEDIUM" "wpb-show-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-quick-view 1.1.3 Unauthenticated.Information.Disclosure MEDIUM" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "wp2speed No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp2speed No.known.fix Improper.Authorization.due.to.use.of.Hardcoded.Credentials MEDIUM" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "wpbenchmark 1.3.7 Cross-Site.Request.Forgery.via.execute_plugin() MEDIUM" "wp-geonames 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9 Reflected.Cross-Site.Scripting MEDIUM" "wp24-domain-check 1.6.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "wccp-pro 15.3 Open.Redirect MEDIUM" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "weaver-for-bbpress 1.7.1 Reflected.Cross-Site.Scripting.via._wpnonce.Parameter MEDIUM" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "wpfrom-email 1.8.9 Admin+.Stored.XSS LOW" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "wsm-downloader No.known.fix Domain.Name.Restriction.Bypass LOW" "wsm-downloader No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "wb-custom-product-tabs-for-woocommerce 1.2.5 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.7 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "word-freshener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-orphanage-extended 1.3 Cross-Site.Request.Forgery.to.Orphan.Account.Privilege.Escalation HIGH" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Missing.Authorization.to.Notice.Dismissal NONE" "widgetkit-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "wte-elementor-widgets 1.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "widget-or-sidebar-per-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wpzoom-portfolio 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "wpzoom-portfolio 1.2.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "web-stories 1.38.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wp-meetup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-visited-countries-reloaded 3.1.1 Reflected.Cross-Site.Scripting HIGH" "wpcargo No.known.fix Missing.authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpcargo No.known.fix Unauthenticated.SQL.Injection HIGH" "wpcargo 6.9.5 Admin+.Stored.Cross.Site.Scripting LOW" "wpcargo 6.9.5 Reflected.Cross.Site.Scripting MEDIUM" "wpcargo 6.9.0 Unauthenticated.RCE CRITICAL" "wpsimpletools-log-viewer No.known.fix Cross-Site.Request.Forgery.via.wpst_lw_viewer MEDIUM" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-lijit-wijit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wcs-qr-code-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-joomag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-carousel-free 2.7.4 Admin+.Stored.XSS LOW" "wp-carousel-free 2.6.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.6.9 Editor+.Stored.XSS LOW" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "wp-header-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpsimpletools-upload-limit No.known.fix Reflected.XSS HIGH" "wp-asset-clean-up 1.3.9.9 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpqa 6.1.1 Contributor+.Stored.XSS MEDIUM" "wpqa 6.1.1 Arbitrary.Category.and.Tag.Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.9.3 Missing.validation.lead.to.functionality.abuse LOW" "wpqa 5.9 Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.7 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.5 Unauthenticated.Private.Message.Disclosure MEDIUM" "wpqa 5.4 Reflected.Cross-Site.Scripting MEDIUM" "wpqa 5.2 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Stored.Cross-Site.Scripting.via.Profile.fields MEDIUM" "wpqa 5.2 Subscriber+.Arbitrary.Profile.Picture.Deletion.via.IDOR MEDIUM" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp2android-turn-wp-site-into-android-app No.known.fix Unauthenticated.File.Upload CRITICAL" "wpgenious-job-listing No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "woo-product-tables 2.1.3 Unuthenticated.SQL.Injection HIGH" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "woocommerce-booking 6.10.0 Subscriber+.Arbitrary.Option.Update HIGH" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wp-panoramio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "wp-able-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder No.known.fix Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "wp-githuber-md No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webo-facto-connector 1.41 Unauthenticated.Privilege.Escalation CRITICAL" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "w3speedster-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "w3speedster-wp 7.27 Cross-Site.Request.Forgery MEDIUM" "w3speedster-wp 7.27 Admin+.RCE MEDIUM" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "wc1c-main No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "wpeform-lite 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wp-easycart 5.7.9 Missing.Authorization.to.Order.Updates MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "web-stat 1.4.1 API.Key.Disclosure HIGH" "wpshopgermany-it-recht-kanzlei 1.8 Admin+.Stored.XSS LOW" "wpadverts 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.7 Unauthenticated.Stored.Cross-Site.Scripting.via.adverts_add.Shortcode HIGH" "wpadverts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "woorewards 5.3.1 Missing.Authorization MEDIUM" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "wordpress-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-eventpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp2leads 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.2.8 Missing.Authorization MEDIUM" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gallery-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wplite No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recipe-maker 9.7.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'tooltip' MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "wp-cookies-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "wpachievements-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wc-sudan-payment-gateway No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wpdbspringclean No.known.fix Reflected.XSS HIGH" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wr-price-list-for-woocommerce No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpb-popup-for-contact-form-7 1.7.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wpb_pcf_fire_contact_form HIGH" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "wpforo 2.3.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wpforo 2.3.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wpforo 2.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpforo 2.2.6 Subscriber+.Content.Injection MEDIUM" "wpforo 2.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.1.9 Reflected.Cross-Site.Scripting HIGH" "wpforo 2.1.8 Subscriber+.Arbitrary.File.Read,.Author+.PHAR.Deserialization,.and.Subscriber+.Server-Side.Request.Forgery.via.file_get_contents HIGH" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Private/Public.via.IDOR MEDIUM" "wpforo 2.1.0 Arbitrary.User.Deletion.via.CSRF HIGH" "wpforo 2.1.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Solved/Unsolved.via.IDOR MEDIUM" "wpforo 2.0.6 Topic.Deletion.via.CSRF MEDIUM" "wpforo 2.0.6 Cross-Site.Request.Forgery MEDIUM" "wpforo 1.9.7 Open.Redirect MEDIUM" "wpforo 1.7.0 New.Users.Set.as.Admin.via.CSRF HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.langid.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.s.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.User.Agent MEDIUM" "wpforo 1.5.2 Privilege.Escalation CRITICAL" "wpforo 1.4.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpforo 1.4.11 Unauthenticated.SQL.Injection CRITICAL" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wordpress-logging-service No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "wezido-elementor-addon-based-on-easy-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce 9.4.3 Unauthenticated.Order.Creation MEDIUM" "woocommerce 9.4.3 Reflected.XSS HIGH" "woocommerce 9.1.0 Unauthenticated.HTML.Injection MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "wp-polls 2.77.3 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "wp-email-newsletter No.known.fix Reflected.XSS HIGH" "woorousell 1.1.1 Contributor+.Stored.XSS MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-music-player No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpglobus-translate-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpglobus-translate-options 2.2.0 Reflected.XSS HIGH" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-user-role-editor 4.1.0 Limited.Information.Exposure MEDIUM" "wpfront-user-role-editor 3.2.1.11184 Reflected.Cross-Site.Scripting MEDIUM" "wtyczka-seopilot-dla-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "wpdm-premium-packages 5.9.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.4 Reflected.Cross-Site.Scripting.via.add_query_arg MEDIUM" "wpdm-premium-packages No.known.fix Sell.Digital.Products.Securely.<=.5.9.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdmpp_pay_link.Shortcode MEDIUM" "wpdm-premium-packages No.known.fix Admin+.SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.2 Cross-Site.Request.Forgery MEDIUM" "wpdm-premium-packages 5.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.7.5 Sell.Digital.Products.Securely.<.5.7.5.-.Subscriber+.Privilege.Escalation HIGH" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-parsidate 5.1.2 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "wc-sms 2.8.1.1 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-cart-count-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsol No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-imageflow2 5.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "wpdiscuz 7.6.25 Authentication.Bypass CRITICAL" "wpdiscuz 7.6.22 Unauthenticated.HTML.Injection MEDIUM" "wpdiscuz 7.6.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Image.Alternative.Text MEDIUM" "wpdiscuz 7.6.13 Admin+.Stored.XSS LOW" "wpdiscuz 7.6.12 Cross-Site.Request.Forgery MEDIUM" "wpdiscuz 7.6.12 Unauthenticated.Stored.XSS HIGH" "wpdiscuz 7.6.11 Unauthenticated.Content.Injection MEDIUM" "wpdiscuz 7.6.4 Author+.IDOR LOW" "wpdiscuz 7.6.11 Insufficient.Authorization.to.Comment.Submission.on.Deleted.Posts MEDIUM" "wpdiscuz 7.6.12 Missing.Authorization.in.AJAX.Actions MEDIUM" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.4 Unauthenticated.Data.Modification.via.IDOR MEDIUM" "wpdiscuz 7.6.4 Post.Rating.Increase/Decrease.iva.IDOR MEDIUM" "wpdiscuz 7.5 wpDiscuz.7.4.2.-.Subscriber+.IDOR MEDIUM" "wpdiscuz 7.3.12 Sensitive.Information.Disclosure LOW" "wpdiscuz 7.3.4 Arbitrary.Comment.Addition/Edition/Deletion.via.CSRF MEDIUM" "wpdiscuz 7.3.2 wpDiscuz.<.7.3.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "wpdiscuz 7.0.5 wpDiscuz.7.0.0.-.7.0.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdiscuz 5.3.6 Unauthenticated.SQL.Injection CRITICAL" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wp-smart-import 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "wpmandrill No.known.fix Missing.Authorization.via.getAjaxStats MEDIUM" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-youtube-live 1.8.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-youtube-live 1.7.22 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpforms-lite 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fieldHTML.Parameter MEDIUM" "wpforms-lite 1.9.2.3 Contributor+.Custom.Form.Theme.Creation LOW" "wpforms-lite 1.9.2.2 1.9.2.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Payment.Refund.and.Subscription.Cancellation HIGH" "wpforms-lite 1.9.2.3 Admin+.Stored.XSS LOW" "wpforms-lite 1.9.2.1 Cross-Site.Request.Forgery.(CSRF).to.Plugin's.Log.Deletion MEDIUM" "wpforms-lite 1.9.1.6 Admin+.Stored.XSS LOW" "wpforms-lite 1.8.8.2 Unauthenticated.Price.Manipulation MEDIUM" "wpforms-lite 1.8.1.3 Reflected.XSS MEDIUM" "wpforms-lite 1.7.5.5 Admin+.Arbitrary.File.Access MEDIUM" "wpforms-lite 1.6.0.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.5.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-whatsapp 3.6.9 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "wp-whatsapp 3.6.5 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.4 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.3 Contributor+.Stored.XSS MEDIUM" "wp-whatsapp 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "wp-whatsapp 3.4.5 Admin+.Stored.XSS LOW" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "wpml-string-translation 3.2.6 Admin+.SQLi MEDIUM" "wordpress-gdpr 2.0.3 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "wordpress-gdpr 2.0.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "wp-ultimate-post-grid 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-grid-with-filters.Shortcode MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "wp-migrate-2-aws 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-eis No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-raptor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-smart-quick-view 4.1.2 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-blackcheck No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wpoptin 2.0.2 Unauthenticated.Local.File.Inclusion HIGH" "wpoptin 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wpoptin 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-s3 1.6 Reflected.XSS HIGH" "wp-photo-text-slider-50 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpdirectorykit 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.2.7 Missing.Authorization MEDIUM" "wpdirectorykit 1.2.4 Missing.Authorization.for.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.4 Reflected.Cross-Site.Scripting.via.search.parameter MEDIUM" "wpdirectorykit 1.2.0 Unauthenticated.Local.File.Inclusion HIGH" "wpdirectorykit 1.2.3 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.2.2 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Open.Redirect MEDIUM" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "wpgsi 3.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpgsi 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgsi 3.6.0 CSRF.Bypass MEDIUM" "wpgsi 3.6.0 Reflected.Cross-Site.Scripting HIGH" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "wp-editor-bootstrap-blocks 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wplms-plugin 1.9.9.5.3 Unauthenticated.SQL.Injection HIGH" "wp-report-post No.known.fix Reflected.XSS HIGH" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-category-meta No.known.fix CSRF MEDIUM" "wp-members 3.4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_loginout.Shortcode MEDIUM" "wp-members 3.4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wppageflip No.known.fix index.php.pageflipbook_language.Parameter.Traversal.Local.File.Inclusion CRITICAL" "wish-list-for-woocommerce 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "wplistcal No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpcalc No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.19 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Authenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.File.Uploader.Component CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "wp-stats-manager 7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.6 Missing.Authorization MEDIUM" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "webba-booking-lite 5.0.50 Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Settings.Update MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "writer-helper No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "wp-tithely No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-upload-files 84.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "wwm-social-share-on-image-hover No.known.fix Admin+.Stored.XSS LOW" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox No.known.fix Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "wpheka-request-for-quote 1.3 CSRF.Bypass MEDIUM" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "wpfront-scroll-top 2.0.6.07225 Admin+.Stored.XSS MEDIUM" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-announcements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-donimedia-carousel No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "wpzoom-elementor-addons 1.1.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-elementor-addons 1.1.38 Unauthenticated.Local.File.Inclusion CRITICAL" "wpzoom-elementor-addons 1.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-elementor-addons 1.1.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-flybox No.known.fix CSRF MEDIUM" "webbricks-addons 1.1.11 Contributor+.Stored.XSS MEDIUM" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wp-menu-image 2.3 Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-menu-image 2.3 Missing.Authorization.to.Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-crowdfunding 2.1.13 Missing.Authorization.to.Authenticated.(Subscriber+).WooCommerce.Installation MEDIUM" "wp-crowdfunding 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcf_donate.Shortcode MEDIUM" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wpshopgermany-protectedshops 2.1 Admin+.Stored.XSS LOW" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "wp-quick-setup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin/Theme.Installation HIGH" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcodefactory-helper 1.7.1 .Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.5.3 Reflected.Cross-Site.Scripting HIGH" "wp-mathjax-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-background-tile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-projects-portfolio No.known.fix Stored.XSS.via.CSRF HIGH" "wp-projects-portfolio No.known.fix Reflected.XSS HIGH" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "writersblok-ai 1.3.20 Reflected.Cross-Site.Scripting MEDIUM" "wpremote 4.65 Reflected.Cross-Site.Scripting MEDIUM" "wp-pano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "woo-social-login 2.7.8 WordPress./.WooCommerce.Plugin.<.2.7.8.-.Authentication.Bypass HIGH" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "woocommerce-order-searching No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simple-anchors-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpanchor.Shortcode MEDIUM" "website-toolbox-forums 2.0.2 Reflected.Cross-Site.Scripting.via.websitetoolbox_username MEDIUM" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 2.0.1 Settings.Update.via.CSRF MEDIUM" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "wp-clone-by-wp-academy 2.4.7 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialized_replace' HIGH" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wpfavicon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting LOW" "wp-bulk-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wsecure No.known.fix Admin+.Stored.XSS LOW" "wsecure 2.4 Remote.Code.Execution.(RCE) HIGH" "wp-hide-security-enhancer 2.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Contents.Deletion HIGH" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wpmm-memory-meter 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-products-slider 1.13.51 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "wp-hijri 1.5.2 Reflected.XSS HIGH" "woo-address-book 1.6.0 CSRF HIGH" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wpstream 4.5.5 Local.Event.Settings.Update.via.CSRF MEDIUM" "wpstream 4.4.10.6 Settings.Update.via.CSRF MEDIUM" "wp-listings-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "wphobby-demo-import No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "woo-additional-fees-on-checkout-wordpress 1.4.8 Reflected.Cross-Site.Scripting.via.'number' MEDIUM" "wp-recaptcha-integration 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration No.known.fix Admin+.Stored.XSS LOW" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "wp-basics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "wp-youtube-lyte 1.7.16 Authenticated.Stored.XSS MEDIUM" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-yadisk-files No.known.fix Admin+.Stored.XSS LOW" "wp-yadisk-files No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-cloak-affiliate-links 1.0.36 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-myparcel 4.24.2 Reflected.Cross-Site.Scripting MEDIUM" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wp-ispconfig3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-special-textboxes 6.2.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pocket-urls 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wot-elementor-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.4 Reflected.XSS HIGH" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "woo-parcel-pro 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.4 Contributor+.Stored.XSS.via.wwa_login_form.Shortcode MEDIUM" "woo-coupon-usage 5.16.7.2 Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "wpfunnels 3.5.6 Reflected.Cross-Site.Scripting MEDIUM" "wpfunnels 3.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 2.7.17 Reflected.Cross-Site.Scripting HIGH" "wpfunnels 2.6.9 Contributor+.Stored.XSS MEDIUM" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "wpc-badge-management 2.4.1 Missing.Authorization MEDIUM" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "wp-ulike 4.7.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.6 Admin+.Stored.XSS LOW" "wp-ulike 4.7.5 Admin+.Stored.XSS.via.Widgets LOW" "wp-ulike 4.7.5 Cross-Site.Request.Forgery.to.Statistic.Deletion MEDIUM" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "wp-vipergb 1.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-vipergb 1.13.16 XSS MEDIUM" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "widget-options 4.0.9 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-options 4.0.8 Missing.Authorization MEDIUM" "widget-options 4.0.8 Contributor+.Remote.Code.Execution CRITICAL" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "wp-nice-loader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecards-invites 1.3.905 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-fullcalendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "wpagecontact No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "wux-blog-editor No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "wux-blog-editor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpcs-content-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcs-content-scheduler 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-frontend-manager 6.7.13 Insecure.Direct.Object.Reference.to.Account.Takeover/Privilege.Escalation HIGH" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "wp-order-by No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "wp-bulletin-board No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor No.known.fix Contributor+.Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "wp-query-console No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "web-testimonials No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wp-bibtex 3.0.2 Cross-Site.Request.Forgery.to.Stored.and.Reflected.Cross-Site.Scripting MEDIUM" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "widget-countdown 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wplyrics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "wp-helper-lite 4.6.2 Missing.Authorization.in.whp_smtp_send_mail_test MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "wd-facebook-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "wp-custom-taxonomy-image No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-news-sliders No.known.fix Missing.Authorization MEDIUM" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3..Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpmu-prefill-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpdash-notes No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "wp-lister-for-ebay 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wupo-group-attributes 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-time-capsule 1.22.22 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-time-capsule 1.22.22 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-time-capsule 1.22.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "wp-fiddle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-responsive-tabs 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-mermaid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-data-access 5.5.23 Unauthenticated.SQL.Injection HIGH" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market 2.2.2 Settings.Update.via.CSRF MEDIUM" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "wp-zillow-review-slider 2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "wp-github No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sendfox No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-products-filter 1.3.6.4 Reflected.Cross-Site.Scripting.via.really_curr_tax.Parameter MEDIUM" "woocommerce-products-filter 1.3.6.2 Insecure.Direct.Object.Reference.to.Unsubscribe MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-finance No.known.fix Stored.XSS.via.CSRF HIGH" "wp-finance No.known.fix Reflected.XSS HIGH" "woolook No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ws-bootstrap-vc No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "world-prayer-time No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "wpr-admin-amplify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-video-gallery-free No.known.fix Unauthenticated.SQLi HIGH" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "wp-mmenu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.5.9 Missing.Authorization MEDIUM" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wpstickybar-sticky-bar-sticky-header No.known.fix Reflected.XSS HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Unauthenticated.SQLi HIGH" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Carbon.Fields.Custom.Sidebar.Addition/Removal MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Authenticated.(Subscriber+).User.Meta.Key.Enumeration MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcomplete 2.9.5 Reflected.Cross-Site.Scripting HIGH" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "woocommerce-multilingual 5.3.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.7 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "watchtowerhq 3.10.4 Authentication.Bypass.to.Administrator.due.to.Missing.Empty.Value.Check CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "wp-find-your-nearest No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "woocommerce-digital-content-delivery-with-drm-flickrocket No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "xo-liteslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xagio-seo 7.0.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-security 1.5.3 XSS MEDIUM" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xpresslane-integration-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xt-woo-ajax-add-to-cart 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5..Authenticated.SQL.Injection HIGH" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xpd-reduce-image-filesize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "xola-bookings-for-tours-activities No.known.fix Missing.Authorization MEDIUM" "xlsx-viewer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xpro-elementor-addons 1.4.6.3 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "xpro-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.6.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "xml-multilanguage-sitemap-generator No.known.fix Missing.Authorization MEDIUM" "xili-tidy-tags 1.12.05 Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xl-tab 1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "xl-tab 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.12 Reflected.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "yeemail 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yogo-booking 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yds-support-ticket-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "yr-activity-link 1.2.4 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "yaad-sarig-payment-gateway-for-wc 2.2.5 Subscriber+.Log.Read/Deletion MEDIUM" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yet-another-related-posts-plugin 5.30.11 Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs No.known.fix Shop.Manager+.PHP.Object.Injection MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yatra 2.1.15 Admin+.Stored.XSS LOW" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youzify No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.(save_addon_key_license) MEDIUM" "youzify No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "youzify 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Review.Deletion MEDIUM" "youzify 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.youzify_media.Shortcode MEDIUM" "youzify 1.3.1 Subscriber+.Arbitrary.Attachment.Deletion MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "youneeq-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-search 2.8.1 Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "yahoo-media-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "yotpo-social-reviews-for-woocommerce 1.7.10 Reflected.Cross-Site.Scripting MEDIUM" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.14.2 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.13.1 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "yt-cookie-nonsense No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.5 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yphplista No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yphplista No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "yacp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "yoo-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ymc-states-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "zooom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zajax-ajax-navigation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zm-gallery No.known.fix ZM.Gallery.1,0..Authenticated.Blind.SQL.Injection HIGH" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zemanta No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Attachment.Upload.and.Set.Post.Featured.Image MEDIUM" "zij-kart No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zoho-crm-forms 1.7.9.8 Contributor+.SQL.Injection MEDIUM" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zx-csv-upload No.known.fix ZX_CSV.Upload.1..Authenticated.SQL.Injection HIGH" "zoho-forms 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "zalomeni No.known.fix Admin+.Stored.XSS LOW" "zita-site-library 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "z-downloads 1.11.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "z-downloads 1.11.6 Unauthenticated.Stored.XSS HIGH" "z-downloads 1.11.5 Admin+.Arbitrary.File.Upload MEDIUM" "z-downloads 1.11.7 Admin+.Stored.XSS.via.SVG.Upload LOW" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "zephyr-modern-admin-theme 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "z-inventory-manager 3.1.7 Unauthenticated.PHP.Object.Injection CRITICAL" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "zionbuilder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zero-bs-crm 4.2.4 Unauthorized.Invoice.Disclosure LOW" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "znajdz-prace-z-pracapl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "zartis-job-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "zarinpal-paid-downloads No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "zarinpal-paid-downloads No.known.fix Reflected.XSS HIGH" "zarinpal-paid-downloads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "zoho-flow 2.8.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zotpress 7.3.13 Missing.Authorization MEDIUM" "zotpress 7.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL")
pp "Plugin: Version"
rplugins=(`grep -oP ".*/wp-content/plugins/\K[a-zA-Z0-9-_.]+" $file | sort -u`)
d=true; [[ ! ${rplugins[@]} ]] && d=false || d=true
z=0; if [[ ${rplugins[@]} =~ "wp-statistics" ]]; then rplugins=(${rplugins[@]/wp-statistics}); v=$(grep -oP '^<\!-- Analytics by [a-zA-Z ]+\K[\d.]+' $file); sap wp-statistics; fi; if [[ ${rplugins[@]} =~ "google-analytics-for-wordpress" ]]; then rplugins=(${rplugins[@]/google-analytics-for-wordpress}); v=$(grep -oP "Google Analytics[a-zA-Z ]+\K[\d.]+" $file); sap google-analytics; fi; if [[ $(grep -i "wp-super-cache" $file) ]]; then ((z++)); rg wp-super-cache readme.txt; sap wp-super; fi; if [[ $(grep -i "w3-total-cache" $file) ]]; then ((z++)); rplugins=(${rplugins[@]/w3-total-cache}); rg w3-total-cache readme.txt; sap w3-total; fi; if [[ ${rplugins[@]} =~ "svg-support" ]]; then rplugins=(${rplugins[@]/svg-support}); rg svg-support readme.txt; sap svg-support; fi; if [[ ${rplugins[@]} =~ "pixelyoursite" ]]; then rplugins=(${rplugins[@]/pixelyoursite}); v=$(grep -m1 -oP "PixelYourSite.*[a-zA-Z ]+\K[\d.]+" $file); sap pixelyoursite; fi
len=$(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | wc -l); tplugins=$(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tr '[:upper:]' '[:lower:]'); for ((c=0; c<${#rplugins[@]}; c++)); do [[ ${tplugins[@],,} =~ ^${rplugins[c],,}$ ]] && rplugins=(${rplugins[@]/${rplugins[c]}}); done; for ((c=0; c<$len; c++)); do if [[ `echo -n $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]')` == "slider revolution" ]]; then rplugins=(${rplugins[@]/revslider}); v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap revslider; elif [[ `echo -n $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]')` == "all in one seo (aioseo)" ]]; then v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap all-in-one-seo-pack; else v=$(grep -oP "<meta name=\"generator\" content=\"(Powered by [a-zA-Z-_ \(\)]+[\d.]+|[a-zA-Z-_ \(\)]+[\d.]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | grep -oP "[\d.]+"); sap $(grep -oP "<meta name=\"generator\" content=\"(Powered by \K[a-zA-Z-_ \(\)]+|\K[a-zA-Z-_ \(\)]+)" $file | grep -iv 'wordpress' | tail -n $len | head -n $(($c+1)) | tail -n 1 | tr '[:upper:]' '[:lower:]'); fi; done
if ! "$d" && [[ z -eq 0 ]]; then [[ ! ${tplugins[@]} ]] && { cg_color bbg "No plugins detected"; return 1; }; fi
links=($(len=${#rplugins[@]}; for ((c=0; c<$len; c++)); do if [[ $tplugins =~ ${rplugins[c]} ]]; then continue; elif [[ $(grep -oP "<(script|link).*/wp-content/plugins/${rplugins[c]}/.*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+" | sort -u | wc -l) == 1 ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/[a-zA-Z-_/.?]+=([\d]+\.[\d.]+|[\d]+)" $file; continue; fi; k=0; vz=(`grep -oP "<script.*/wp-content/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+"`); l=${#vz[@]}; for ((i=0; i<$l-1; i++)); do if [[ ${vz[i]} == ${vz[i+1]} ]]; then ((k++)); fi; done; if [[ $k == $(($l-1)) ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=${vz[0]}" $file && continue; elif [[ $k > 0 && $k > $(($(($l-1))/2)) ]]; then y=$(grep -oP "^<script.*/wp-content/plugins/${rplugins[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+|[\d]+)" $file | sort | uniq -cd | sort | tail -n 1 | cut -d " " -f8); grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/wp-content/plugins/${rplugins[c]}/.*ver=$y" $file; continue; fi; grep -m1 -oP "<script.*src=.*/wp-content/plugins/${rplugins[c]}/.*id='${rplugins[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || grep -m1 -oP "<script.*src=.*/wp-content/plugins/${rplugins[c]}/.*id=\"${rplugins[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/plugins/${rplugins[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || if [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/plugins/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/plugins/${rplugins[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; fi; done))
i=0; len=${#rplugins[@]}; for ((c=0; c<$len; c++)); do [[ $tplugins =~ ${rplugins[c]} ]] && continue; if [[ ${links[i]} =~ ${rplugins[c]} ]]; then if [[ ! $wp_version ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sap ${rplugins[c]}; ((i++)); continue; fi; if [[ ! ${links[i]} =~ $wp_version ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sap ${rplugins[c]}; ((i++)); continue; else v=$(curl -Z -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rplugins[c]}/readme.txt $url/wp-content/plugins/${rplugins[c]}/README.txt $url/wp-content/plugins/${rplugins[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); if [[ $v ]]; then sap ${rplugins[c]}; ((i++)); continue; else echo "${rplugins[c]}: Version not detected"; ((i++)); continue; fi; fi; else echo "${rplugins[c]}: Version not detected"; fi; done
pp "Vulnerabilities"
if [[ ${flagz[@]} ]]; then for ((c=0; c<${#flagz[@]}; c++)); do hh=(${vulns_plugins[${flagz[c]}]}); cg_color olbb "(${hh[0]}) "; echo -n ${hh[2]} | tr "." " "; if [[ ${hh[3]} == "CRITICAL" ]]; then cg_color bbr " [${hh[3]}]"; elif [[ ${hh[3]} == "HIGH" ]]; then cg_color bhr " [${hh[3]}]"; elif [[ ${hh[3]} == "MEDIUM" ]]; then cg_color bby " [${hh[3]}]"; elif [[ ${hh[3]} == "LOW" ]]; then cg_color bbp " [${hh[3]}]"; fi; done; else cg_color bbg "No vulnerabilities detected"; fi
}
themes(){
flagz=()
releases_themes=("elegant-pink 1.3.3" "learnmore 1.0.4" "mediciti-lite 1.3.0")
vulns_themes=("5star No.known.fix CSRF.File.Upload HIGH" "15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "axioma 1.1.2 Information.Disclosure HIGH" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "atlast-business No.known.fix Reflected.XSS HIGH" "adforest 5.1.9 Authentication.Bypass CRITICAL" "adforest 5.1.8 Classified.Ads.WordPress.Theme.<.5.1.8.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post/Attachment.Deletion MEDIUM" "adforest 5.1.7 Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "adforest 5.1.7 Authentication.Bypass CRITICAL" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "aports No.known.fix Reflected.XSS HIGH" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "almera 1.1.8 Information.Disclosure HIGH" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "airin-blog 1.6.3 Unauthenticated.PHP.Object.Injection HIGH" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aapna No.known.fix Reflected.XSS HIGH" "aurum-minimalist-shopping-theme 4.0.3 WordPress.&.WooCommerce.Shopping.Theme.<.4.0.3.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Content.Import MEDIUM" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-staple No.known.fix Authenticated.(Subscriber+).Arbitrary.Plugin.Activation.and.Deactivation HIGH" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "antioch No.known.fix Arbitrary.File.Download HIGH" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "anand No.known.fix Reflected.XSS HIGH" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ashe 2.244 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "anima 1.4.1.1 Contributor+.Stored.XSS MEDIUM" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accio 1.1.1 Information.Disclosure HIGH" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "anfaust No.known.fix Reflected.XSS HIGH" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "anih No.known.fix Creative.Agency.WordPress.Theme.<=.2024.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brooklyn No.known.fix PHP.Object.Injection HIGH" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "betheme 27.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme 27.5.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "bravada 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "blessing 1.3.2.1 Information.Disclosure HIGH" "business-pro No.known.fix Reflected.XSS HIGH" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "bard 2.217 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bunnypresslite 2.1 Reflected.XSS HIGH" "blocksy 2.0.78 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "buzzclub 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update MEDIUM" "bootstrap-ultimate No.known.fix Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "bicycleshop 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "barter 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "brandy 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bbe 1.53 Direct.Object.Reference MEDIUM" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beauty No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.tpl_featured_cat_id.Parameter MEDIUM" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "boliin No.known.fix Reflected.XSS HIGH" "brain-power No.known.fix Reflected.XSS HIGH" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "cas No.known.fix Unauthenticated.SSRF HIGH" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "college 1.5.1 Reflected.XSS HIGH" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "create 2.9.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "constix No.known.fix Reflected.XSS HIGH" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "carzine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clean-retina 3.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "connections-reloaded No.known.fix Reflected.XSS HIGH" "conult No.known.fix Reflected.XSS HIGH" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "catch-base 3.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "cardealer 1.1.9 Information.Disclosure HIGH" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "directory 3.0.2 Reflected.XSS HIGH" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "digi-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "darcie 1.1.6 Reflected.XSS HIGH" "digitally No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dwt-listing 3.3.4 Directory.&.Listing.WordPress.Theme.<.3.3.4.-.Reflected.Cross-Site.Scripting MEDIUM" "diplomat 1.0.3 Information.Disclosure HIGH" "disconnected No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delicate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "drop 1.22 Reflected.XSS HIGH" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "esotera 1.2.6 Contributor+.Stored.XSS MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "empowerment No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "everest-news No.known.fix Reflected.XSS HIGH" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "epic No.known.fix Arbitrary.File.Download HIGH" "everest-news-pro No.known.fix Reflected.XSS HIGH" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "education-lms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "envo-multipurpose No.known.fix Missing.Authorization LOW" "enfold 6.0.4 Contributor+.Stored.XSS.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "estrutura-basica No.known.fix Local.File.Download. HIGH" "fashionable-store No.known.fix Reflected.XSS HIGH" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "flashy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "flixita 1.0.83 Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "freely No.known.fix Information.Disclosure HIGH" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "fullbase 1.2.1 Reflected.XSS HIGH" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "full-frame 2.7.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "forumengine 1.9 Reflected.Cross-Site.Scripting MEDIUM" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "fluida 1.8.8.1 Contributor+.Stored.XSS MEDIUM" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fude No.known.fix Reflected.XSS HIGH" "fioxen No.known.fix Reflected.XSS HIGH" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gameplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "ghostwriter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gowilds No.known.fix Reflected.XSS HIGH" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "homey No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hmd 2.2 Reflected.Cross-Site.Scripting MEDIUM" "halpes No.known.fix Reflected.XSS HIGH" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.3.0 Subscriber+.Privilege.Escalation HIGH" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "ilex 1.4.2 Reflected.XSS HIGH" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "js-o3-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-o3-lite No.known.fix Reflected.XSS HIGH" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jobify 4.2.8 Job.Board.WordPress.Theme.<.4.2.8.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery,.Arbitrary.Image.Upload,.and.Image.Generation MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Unauthenticated.Arbitrary.File.Read HIGH" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Missing.Authorization MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Cross-Site.Request.Forgery MEDIUM" "js-paper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "kleo 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "kahuna 1.7.0.1 Contributor+.Stored.XSS MEDIUM" "kata 1.2.9 Reflected.XSS HIGH" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "kata-app No.known.fix Reflected.XSS HIGH" "krste 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kata-business No.known.fix Reflected.XSS HIGH" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "looki-lite 1.3.0 Reflected.XSS HIGH" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lestin No.known.fix Reflected.XSS HIGH" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.9.5 Subscriber+.Local.File.Inclusion HIGH" "listingpro 2.9.5 Unauthenticated.SQL.Injection CRITICAL" "listingpro 2.9.5 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "lattice 1.1.4 Unspecified.XSS MEDIUM" "meta-news 1.1.8 Unauthenticated.Local.File.Inclusion CRITICAL" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multifox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "my-flatonica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mags 1.1.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "moseter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moseter No.known.fix Reflected.XSS HIGH" "my-white No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "monolit 2.0.7 Reflected.XSS HIGH" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "meris No.known.fix Reflected.XSS HIGH" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "modins No.known.fix Reflected.XSS HIGH" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "mocho-blog No.known.fix Reflected.XSS HIGH" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "my-wooden-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mTheme-Unus 2.3 Directory.Traversal HIGH" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "newsmash 1.0.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nexter 2.0.4 Missing.Authorization MEDIUM" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "newsmunch 1.0.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "neighborly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "newsdaily No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "nothing-personal No.known.fix Reflected.XSS HIGH" "nightlife No.known.fix CSRF.File.Upload HIGH" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nioland 1.2.7 Reflected.Cross-Site.Scripting.via.s MEDIUM" "newscard 1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "noo-jobmonster 4.7.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster 4.7.6 Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "offset-writing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offset-writing No.known.fix Reflected.XSS HIGH" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "orgarium No.known.fix Reflected.XSS HIGH" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "olivia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "power-mag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point No.known.fix Cross-Site.Request.Forgery MEDIUM" "paroti No.known.fix Reflected.XSS HIGH" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pubnews 1.0.8 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "polka-dots No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "pont No.known.fix Privilige.Escalation HIGH" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "plato 1.1.9 Reflected.XSS HIGH" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "plain-post 1.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "pinzolo 1.2.10 Reflected.XSS HIGH" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "pisole No.known.fix Reflected.XSS HIGH" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "posterity No.known.fix Contributor+.Stored.XSS MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "qempo No.known.fix Reflected.XSS HIGH" "quota 1.2.5 Unspecified.XSS MEDIUM" "quasar 2.0 Privilege.Escalation HIGH" "qizon No.known.fix Reflected.XSS HIGH" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "roseta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "reconstruction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realhomes 4.3.7 Privilege.Escalation CRITICAL" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "simpolio No.known.fix Privilige.Escalation HIGH" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "saul 1.1.0 Reflected.XSS HIGH" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "store-commerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "septera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "specialist No.known.fix CSRF.File.Upload HIGH" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "simplecharm 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "sean-lite 1.4.6 Reflected.XSS HIGH" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "style No.known.fix Information.Disclosure HIGH" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "sominx No.known.fix Reflected.XSS HIGH" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "storepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "smartit No.known.fix Information.Disclosure HIGH" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sweetdate 3.8.0 Unauthenticated.Privilege.Escalation CRITICAL" "soledad 8.6.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-ultralight No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "th-shop-mania 1.5.0 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "teardrop No.known.fix Privilige.Escalation HIGH" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "traveler 3.1.7 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "traveler 3.1.7 Unauthenticated.SQL.Injection.via.order_id HIGH" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "tuaug4 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tiki-time No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "tijaji No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.XSS HIGH" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tevily No.known.fix Reflected.XSS HIGH" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "t1 No.known.fix Open.Redirect MEDIUM" "tweaker5 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "tydskrif No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "top-store 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "triton-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "tantyyellow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tantyyellow No.known.fix Reflected.XSS HIGH" "traveltour 5.2.4 Reflected.XSS HIGH" "upfrontwp No.known.fix Reflected.XSS HIGH" "udesign 4.11.3 Missing.Authorization MEDIUM" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultralight No.known.fix Reflected.XSS HIGH" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultrapress No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unseen-blog No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "u-design No.known.fix Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vernissage 1.3 Privilige.Escalation HIGH" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "venice-lite 1.5.5 Reflected.XSS HIGH" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vw-automobile-lite No.known.fix Missing.Authorization MEDIUM" "viala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "viburno 1.3.2 Reflected.XSS HIGH" "verbosa 1.2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "villar 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "welowe No.known.fix Reflected.XSS HIGH" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "weddingalbum No.known.fix Information.Disclosure HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wplms 1.9.9.1 Missing.Authorization.to.Unauthenticated.User.Token.Generation MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5 Authenticated.(Student+).Remote.Code.Execution HIGH" "wplms 1.9.9.1 Unauthenticated.Privilege.Escalation CRITICAL" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.2 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Instructor+).SQL.Injection MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wplms 1.9.9.5 Unauthenticated.Arbitrary.Directory.Deletion HIGH" "wplms 4.963 Unauthenticated.Arbitrary.File.Read.and.Deletion CRITICAL" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "wedding-bride 1.0.2 Reflected.XSS HIGH" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "woostify 1.9.2 CSRF.Bypass MEDIUM" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishful-blog No.known.fix Reflected.XSS HIGH" "woodmart 8.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woffice 5.4.15 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "wlow 1.2.7 Reflected.XSS HIGH" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "xin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zilom No.known.fix Reflected.XSS HIGH" "zox-news 3.17.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH")
pp "Theme: Version"
rthemes=(`grep -oP ".*/wp-content/themes/\K[a-zA-Z0-9-_.]+" $file | sort -u`)
d=true; [[ ! ${rthemes[@]} ]] && d=false || d=true
if ! "$d"; then cg_color bbg "No themes detected"; return 1; fi
links=($(len=${#rthemes[@]}; for ((c=0; c<$len; c++)); do if [[ $(grep -oP "<(script|link).*/wp-content/themes/${rthemes[c]}/.*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+" | sort -u | wc -l) == 1 ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/[a-zA-Z-_/.?]+=([\d]+\.[\d.]+|[\d]+)" $file; continue; fi; k=0; vz=(`grep -oP "<script.*/wp-content/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+\.[0-9]{1,3}('|\")|[\d]+\.[0-9]{1,2}('|\")|[0-9]{1,2}('|\"))" $file | grep -oP "[\d.]+"`); l=${#vz[@]}; for ((i=0; i<$l-1; i++)); do if [[ ${vz[i]} == ${vz[i+1]} ]]; then ((k++)); fi; done; if [[ $k == $(($l-1)) ]]; then grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/([a-z-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=${vz[0]}" $file && continue; elif [[ $k > 0 && $k > $(($(($l-1))/2)) ]]; then y=$(grep -oP "^<script.*/wp-content/themes/${rthemes[c]}/([a-zA-Z-_]+/assets/js|[a-zA-Z-_]+/includes/js|[a-zA-Z-_]/js|assets/js/|includes/js/|js/).*=\K([\d]+\.[\d.]+|[\d]+)" $file | sort | uniq -cd | sort | tail -n 1 | cut -d " " -f8); grep -m1 -oP "[a-z]+://[a-z0-9-_.]+/wp-content/themes/${rthemes[c]}/.*ver=$y" $file; continue; fi; grep -m1 -oP "<script.*src=.*/wp-content/themes/${rthemes[c]}/.*id='${rthemes[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || grep -m1 -oP "<script.*src=.*/wp-content/themes/${rthemes[c]}/.*id=\"${rthemes[c]:0:1}.*" $file | grep -oP "[a-z]+://[a-z0-9-_.]+/([a-z0-9-_.]+/wp-content|wp-content)/themes/${rthemes[c]}/.*=([\d]+\.[\d.]+\.[0-9]{1,3}'|[\d]+\.[0-9]{1,2}'|[0-9]{1,2}')" && continue || if [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/plugins/${rthemes[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/readme.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/README.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; elif [[ $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1) ]]; then echo -n "$url/wp-content/themes/${rthemes[c]}/?ver="; echo $(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-content/themes/${rthemes[c]}/changelog.txt -k -L | grep -i "changelog\|change log" -A 1000 | grep -oP "^=[[:space:]]\K[\d]+\.[\d.]+|^=.*([a-zA-Z]|\[)\K[\d]+\.[\d.]+|^#.*[[:space:]]\K[\d]+\.[\d.]+" | sort -rn | head -n 1); continue; fi; done))
i=0; len=${#rthemes[@]}; for ((c=0; c<$len; c++)); do if [[ ${links[i]} =~ ${rthemes[c]} ]]; then v=$(echo ${links[i]} | grep -oP "=\K[\d.]+"); sapt ${rthemes[c]}; ((i++)); continue; else echo "${rthemes[c]}: Version not detected"; fi; done
pp "Vulnerabilities"
if [[ ${flagz[@]} ]]; then for ((c=0; c<${#flagz[@]}; c++)); do hh=(${vulns_themes[${flagz[c]}]}); cg_color olbb "(${hh[0]}) "; echo -n ${hh[2]} | tr "." " "; if [[ ${hh[3]} == "CRITICAL" ]]; then cg_color bbr " [${hh[3]}]"; elif [[ ${hh[3]} == "HIGH" ]]; then cg_color bhr " [${hh[3]}]"; elif [[ ${hh[3]} == "MEDIUM" ]]; then cg_color bby " [${hh[3]}]"; elif [[ ${hh[3]} == "LOW" ]]; then cg_color bbp " [${hh[3]}]"; fi; done; else cg_color bbg "No vulnerabilities detected"; fi
}
users(){
pp "Users"
resp=$(curl -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/\?rest_route=/wp/v2/users/ -k -L)
if [[ ! $resp =~ (rest_user_cannot_view|WordPress) ]] && [[ ! ${#resp} < 5 ]]; then
users=($(echo $resp | grep -oP "slug\":\"[a-zA-Z90-9-_]+" | cut -c 8- | tr "\n" " "))
for ((c=0; c<((${#users[@]}-1)); c++)); do cg_color olbb "${users[c]}, "; done
cg_color bbb ${users[-1]}
elif [[ $resp =~ (rest_user_cannot_view|WordPress) ]]; then
users=($(curl -s $url/\?rest_route=/wp/v2/posts | grep -oP '"author":"\K[\w-]+"' | sort -u | rev | cut -c 2- | rev))
if [[ ${users[@]} ]]; then
for ((c=0; c<((${#users[@]}-1)); c++)); do cg_color olbb "${users[c]}, "; done
cg_color bbb ${users[-1]}
else
cg_color bbg "No users discovered"
fi
else
cg_color bbg "No users discovered"
fi
}
do_it(){
echo "--> Scanning $url"
# Save file
file=$(echo $url | grep -oP "://(www.\K[a-z0-9]+|\K[a-z0-9]+)")".html"
# Check if site is live
s=$(date +"%s")
curl --connect-timeout 7 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url -k -L -o $file
e=$(date +"%s")
t=$(($e-$s))
[[ $t>=7 ]] && { echo "Site might not be live"; return 1; }
# Check if the site is running wordpress
ch || { echo "Site is not running Wordpress"; return 1; }
# Check filetype
cf
# Enumerate Wordpress version
ver
# Enumerate Plugins
plugins
# Enumerate themes
themes
# Enumerate users
users
}
# Syntax
[[ $# < 1 ]] && { echo "Syntax: ./enum.sh [url]"; exit; }
# Check if URL is valid
if [[ $# == 1 && $1 =~ ^(http|https)://.* ]]; then
url=`echo $1 | grep -oP "[a-z]+://[a-z0-9-_.]+\.[a-z.]+|[a-z]+://[\d.]+:[\d]+|[a-z]+://[\d.]+"`
do_it
elif [[ $# > 1 ]]; then
for url in $@; do
do_it
echo
done
else
echo "Invalid url"
exit
fi
Reference in New Issue View Git Blame Copy Permalink