Title | CVSS | CVE |
Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion | 5.3 | Link |
Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion | 5.3 | Link |
Backup Database <= 4.9 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
GDPR Cookie Consent <= 2.6.0 - Cross-Site Request Forgery to Bulk Delete | 4.3 | Link |
WP ULike <= 4.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Logo Manager For Enamad <= 0.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Easy Property Listings <= 3.5.3 - Cross-Site Request Forgery | 4.7 | Link |
MM-Breaking News <= 0.7.9 - Reflected Cross-Site Scripting | 6.1 | Link |
Misiek Photo Album <= 1.4.3 - Cross-Site Request Forgery to Album Deletion | 4.3 | Link |
Music Request Manager <= 1.3 - Reflected Cross-Site Scripting | 6.1 | Link |
Music Request Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Music Request Manager <= 1.3 - Unauthenticated Stored Cross-Site Scripting | 7.2 | Link |
WP Content Copy Protection & No Right Click (PRO) <= 15.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
AZIndex <= 0.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Snapshot Backup <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Pocket Widget <= 0.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
AZIndex <= 0.8.1 - Cross-Site Request Forgery to Index Deletion | 4.3 | Link |
KBucket: Your Curated Content in WordPress <= 4.1.4 - Reflected Cross-Site Scripting | 6.1 | Link |
NinjaTeam Header Footer Custom Code < 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via CSS Styles | 4.4 | Link |
Chatbot with ChatGPT <= 2.4.4 - Missing Authorization | 5.3 | Link |
Sign-up Sheets <= 2.2.12 - Reflected Cross-Site Scripting | 6.1 | Link |
Secure Copy Content Protection and Content Locking <= 4.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Flaming Forms <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting | 7.2 | Link |
Flaming Forms <= 1.0.1 - Reflected Cross-Site Scripting | 6.1 | Link |
DN Popup <= 1.2.2 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
WP MultiTasking <= 0.1.12 - Reflected Cross-Site Scripting | 6.1 | Link |
DL Verification <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
DL Robots.txt <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
TrueBooker <= 1.0.2 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
Viral Signup <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
DL Yandex Metrika <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
WP eMember <= 10.6.6 - Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] | 6.1 | Link |
WP eStore <= 8.5.5 - Cross-Site Request Forgery to Settings Reset | 4.3 | Link |
WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Customer Search | 6.1 | Link |
WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Product Editing | 6.1 | Link |
House Manager β Easy Renter Management System for WordPress <= 1.0.8.4 - Reflected Cross-Site Scripting | 6.1 | Link |
Community Events <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Wp EMember < 10.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete' | 5.4 | Link |
WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion | 5.4 | Link |
WANotifier β Send Message Notifications Using WhatsApp API <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
SpiderContacts <= 1.1.7 - Reflected Cross-Site Scripting | 6.1 | Link |
HTML Forms β Simple WordPress Forms Plugin <= 1.3.33 - Cross-Site Request Forgery | 4.3 | Link |
Donation Block For PayPal <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting | 7.2 | Link |
Pardakht Delkhah <= 2.9.8 - Cross-Site Request Forgery to Form Setting Reset | 4.3 | Link |
WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting | 6.1 | Link |
WpStickyBar β Sticky Bar, Sticky Header <= 2.1.0 - Reflected Cross-Site Scripting | 6.1 | Link |
Send email only on Reply to My Comment <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Send email only on Reply to My Comment <= 1.0.6 - Reflected Cross-Site Scripting | 6.1 | Link |
WP Ajax Contact Form <= 2.2.2 - Cross-Site Request Forgery to Arbitrary Email Deletion | 4.3 | Link |
Ultimate Classified Listings <= 1.2 - Reflected Cross-Site Scripting | 6.1 | Link |
WP Affiliate Platform <= 6.5.1 - Cross-Site Request Forgery to Afilliate Deletion | 5.4 | Link |
Request a Quote <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Community Events <= 1.4.9 - Cross-Site Request Forgery | 4.3 | Link |
WP QuickLaTeX <= 3.8.7 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Bug Library <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
ArtPlacer Widget <= 2.21.1 - Missing Authorization to Widget Deletion | 4.3 | Link |
ArtPlacer Widget <= 2.21.1 - Cross-Site Request Forgery | 6.1 | Link |
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Category Editing | 6.1 | Link |
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Discount Editing | 6.1 | Link |
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Customer Editing | 6.1 | Link |
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via REQUEST_URI | 6.1 | Link |
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Category Editing | 6.1 | Link |
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Profile Update | 5.4 | Link |
Wp EMember <= 10.6.5 - Authenticated (Admin+) Arbitrary File Upload | 9.1 | Link |
Wp EMember <= 10.6.5 - Cross-Site Request Forgery to Bulk Delete | 4.3 | Link |
WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Banner Editing | 6.1 | Link |
Wp EMember <= 10.6.6 - Unauthenticated Stored Cross-Site Scripting | 6.1 | Link |
Wp EMember <= 10.6.5 - Cross-Site Request Forgery | 6.1 | Link |
WP eMember <= 10.6.5 - Reflected Cross-Site Scripting via 'editrecord' | 6.1 | Link |
WP eMember <= 10.6.6 - Reflected Cross-Site Scripting via Member Edit | 6.1 | Link |
SULly <= 4.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Embed Peertube Playlist <= 1.07 - Authenticated (Editor+) Stored Cross-Site Scripting | 4.4 | Link |
OpenPGP Form Encryption for WordPress <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | 5.4 | Link |
SULly <= 4.3 - Reflected Cross-Site Scripting | 6.1 | Link |
SULly <= 4.3.0 - Cross-Site Request Forgery to Plugin Reset | 4.3 | Link |
WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Registration Form | 6.1 | Link |
WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Lead Editing | 6.1 | Link |
WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Affiliate Editing | 6.1 | Link |
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Profile Update | 5.4 | Link |
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | 6.1 | Link |
Smart Image Gallery <= 1.0.18 - Cross-Site Request Forgery | 4.3 | Link |
If-So Dynamic Content Personalization <= 1.8.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
If-So Dynamic Content Personalization <= 1.8.0.3 - Reflected Cross-Site Scripting | 6.1 | Link |
Bug Library <= 2.1 - Unauthenticated Arbitrary File Upload | 9.8 | Link |
Product Enquiry for WooCommerce <= 3.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Hostel <= 1.1.5.2 - Reflected Cross-Site Scripting | 6.1 | Link |
ContentLock <= 1.0.3 - Cross-Site Request Forgery to Group/Email Deletion | 4.3 | Link |
Swift Framework < 2024.04.30 Authenticated (Admin+) Stored Cross-Site Scripting via Auth | 4.4 | Link |
Swift Framework < 2024.04.30 Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Title | 6.4 | Link |
Swift Framework < 2024.04.30 - Reflected Cross-Site Scripting | 6.1 | Link |
Simple Video Directory <= 1.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Bible Text <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 | Link |
WPQA - Builder forms Addon For WordPress plugin <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 | Link |
Himer <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 | Link |
WPQA Builder <= 6.1.0 - Cross-Site Request Forgery | 4.3 | Link |
Widget4Call <= 1.0.7 - Reflected Cross-Site Scripting | 6.1 | Link |
Animated AL List <= 1.0.6 - Reflected Cross-Site Scripting | 6.1 | Link |
Simple AL Slider <= 1.2.10 - Reflected Cross-Site Scripting | 6.1 | Link |
Widget4Call <= 1.0.7 - Reflected Cross-Site Scripting | 6.1 | Link |
Frontend Checklist <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Items | 4.4 | Link |
Spotify Play Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 | Link |
Video Widget <= 1.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Muslim Prayer Time BD <= 2.4 - Cross-Site Request Forgery to Settings Reset | 4.3 | Link |
WebP & SVG Support <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG | 6.4 | Link |
PVN Auth Popup <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 | Link |
Logo Manager For Enamad <= 0.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Mime Types Extended <= 0.11 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | 7.2 | Link |
Widget Bundle <= 2.0.0 - Cross-Site Request Forgery to Widget Disable/Enable | 4.3 | Link |
Widget Bundle <= 2.0.0 - Reflected Cross-Site Scripting | 6.1 | Link |
Widget Bundle <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Google CSE <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
CB (legacy) <= 0.9.4.18 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
CB (legacy) <= 0.9.4.18 - Cross-Site Request Forgery to Code/Timeframe/Booking Deletion | 4.3 | Link |
WP Logs Book <= 1.0.1 - Cross-Site Request Forgery to Log Clearing | 4.3 | Link |
WP Logs Book <= 1.0.1 - Cross-Site Request Forgery to Log Disabling | 4.3 | Link |
WP Logs Book <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting | 7.2 | Link |
DOP Shortcodes <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 | Link |
CSSable Countdown <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 | Link |
Inquiry Cart <= 3.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 4.3 | Link |
Social Pixel <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
WordPress Jitsi Shortcode <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
WordPress Jitsi Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 | Link |
Similarity <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 4.3 | Link |
Similarity <= 3.0 - Cross-Site Request Forgery to Plugin Reset | 4.3 | Link |
AZAN Plugin <= 0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Pray For Me <= 1.0.4 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
Pray For Me <= 1.0.4 - Unauthenticated Stored Cross-Site Scripting | 7.2 | Link |
Amen <= 3.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
WP Prayer II <= 2.4.7 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
WP Prayer II <= 2.4.7 - Cross-Site Request Forgery to Email Settings Update | 4.3 | Link |
WP Backpack <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 | Link |
WP Stacker <= 1.8.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Swift Framework < 2024.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 | Link |
ARforms <= 6.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
FS Product Inquiry <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting | 6.1 | Link |
FS Product Inquiry <= 1.1.1 - Reflected Cross-Site Scripting | 6.1 | Link |
Business Card <= 1.0.0 - Cross-Site Request Forgery to Category Deletion | 4.3 | Link |
Business Card <= 1.0.0 - Cross-Site Request Forgery to Card Edit | 4.3 | Link |
Business Card <= 1.0.0 - Cross-Site Request Forgery to Category Edit | 4.3 | Link |
Business Card <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Card Deletion | 4.3 | Link |
KKProgressbar2 Free <= 1.1.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 7.2 | Link |
KKProgressbar2 Free <= 1.1.4.2 - Cross-Site Request Forgery to Progress Bar Deletion | 5.3 | Link |
KKProgressbar2 Free <= 1.1.4.2 - Authenticated (Admin+) SQL Injection | 9.1 | Link |
Pet Manager <= 1.4 - Reflected Cross-Site Scripting | 6.1 | Link |
Pet Manager <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | 5.4 | Link |
Flattr <= 1.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Sailthru Triggermail <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Sailthru Triggermail <= 1.1 - Reflected Cross-Site Scripting | 6.1 | Link |
Fancy Product Designer <= 6.1.7 - Reflected Cross-Site Scripting | 6.1 | Link |
Salon booking system <= 9.6.5 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection | 9.1 | Link |
Popup4Phone <= 1.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting | 4.4 | Link |
Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting | 7.2 | Link |
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to List Deletion | 4.3 | Link |
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Subscriber Deletion | 4.3 | Link |
Newsletter Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Newsletter Popup <= 1.2 - Unauthenticated Stored Cross-Site Scripting | 7.2 | Link |
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Email Settings Update | 4.3 | Link |
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Arbitrary Prayer Deletion | 4.3 | Link |
HL Twitter <= 2014.1.18 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
HL Twitter <= 2014.1.18 - Cross-Site Request Forgery to Twitter Account Unlink | 4.3 | Link |
HL Twitter <= 2014.1.18 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Request Forgery to Setting Reset | 4.3 | Link |
Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
month name translation benaceur <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
reCAPTCHA Jetpack <= 0.2.2 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
reCAPTCHA Jetpack <= 0.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
WPB Show Core <= 2.6 - Reflected Cross-Site Scripting via 'file' | 6.1 | Link |
UnGallery <= 2.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Add Custom CSS and JS <= 1.20 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via License Field | 4.4 | Link |
MF Gig Calendar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Crelly Slider <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery to Event Deletion | 4.3 | Link |
LiveJournal Shortcode <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 | Link |
Modal Window β create popup modal window <= 5.3.9 - Cross-Site Request Forgery | 4.3 | Link |
Button Generator β easily Button Builder <= 2.3.9 - Cross-Site Request Forgery | 4.3 | Link |
Sticky Buttons β floating buttons builder <= 3.2.3 - Cross-Site Request Forgery | 4.3 | Link |
Popup Box β new WordPress popup plugin <= 2.2.6 - Cross-Site Request Forgery | 4.3 | Link |
Herd Effects β fake notifications and social proof plugin <= 5.2.6 - Cross-Site Request Forgery | 4.3 | Link |
Counter Box β WordPress plugin for countdown, timer, counter <= 1.2.3 - Cross-Site Request Forgery | 4.3 | Link |
Side Menu Lite β add sticky fixed buttons <= 4.2 - Cross-Site Request Forgery | 4.3 | Link |
Wow Skype Buttons <= 4.0.3 - Cross-Site Request Forgery | 4.3 | Link |
Smart Forms β when you need more than just a contact form <= 2.9.95 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
MM-email2image <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 | Link |
MM-email2image <= 0.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 6.1 | Link |
Bannerlid <= 1.1.0 - Reflected Cross-Site Scripting | 6.1 | Link |
Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings | 4.4 | Link |
ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery | 6.1 | Link |
ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery to Campaign Deletion | 4.3 | Link |
CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader | 4.3 | Link |
Simple Buttons Creator <=1.04 - Cross-Site Request Forgery to Arbitrary Button Deletion | 5.3 | Link |
Simple Buttons Creator <=1.04 - Unauthenticated Stored Cross-Site Scripting via Add Button | 7.2 | Link |
NPS computy <= 2.7.5 - Cross-Site Request Forgery to Results Deletion | 4.3 | Link |
NPS computy <= 2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Advance Search <= 1.1.6 - Cross-Site Request Forgery to Shortcode Deletion | 4.3 | Link |
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via Product Title | 4.4 | Link |
Font Farsi <= 1.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
WPB Show Core <= 2.6 - Reflected Cross-Site Scripting | 6.1 | Link |
Scalable Vector Graphics (SVG) <= 3.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG | 6.4 | Link |
Persian Fonts <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Allow SVG <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG | 6.4 | Link |
Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG | 6.4 | Link |
SVG Uploads Support <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG | 6.4 | Link |
illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion | 5.3 | Link |
illi Link Party! <= 1.0 - Unauthenticated Stored Cross-Site Scripting | 7.2 | Link |
illi Link Party! <= 1.0 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
illi Link Party! <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Better Follow Button for Jetpack <= 8.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
GigPress <= 2.3.29 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Easy SVG Allow <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG | 6.4 | Link |
Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Title | 4.4 | Link |
Product Enquiry for WooCommerce <= 3.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
WP Review Slider <= 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 | Link |
WP Crowdfunding <= 2.1.9 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
BSK Forms Blacklist <= 3.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Autocomplete Location field Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 | Link |
Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 | Link |
WooHoo Newspaper Magazine Theme <= 2.5.3 - Cross-Site Request Forgery to Settings Update | 4.3 | Link |
WP Discord Invite <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload | 6.4 | Link |
FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | 6.1 | Link |
Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 | Link |
ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings | 4.4 | Link |
PostX - Gutenberg Post Grid Blocks <= 3.0.5 - Reflected Cross-Site Scripting via 'postx_type' | 6.1 | Link |
Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 | Link |
WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 | Link |
Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting | 4.4 | Link |
AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting | 4.4 | Link |
URL Shortify β Simple, Powerful and Easy URL Shortener Plugin For WordPress <= 1.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 | Link |
QuBotChat <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting | 4.4 | Link |