Bob Matyas

WordPress Vulnerabilities

Title CVSS CVE
Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion 5.3 Link
Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion 5.3 Link
Backup Database <= 4.9 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
GDPR Cookie Consent <= 2.6.0 - Cross-Site Request Forgery to Bulk Delete 4.3 Link
WP ULike <= 4.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Logo Manager For Enamad <= 0.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Easy Property Listings <= 3.5.3 - Cross-Site Request Forgery 4.7 Link
MM-Breaking News <= 0.7.9 - Reflected Cross-Site Scripting 6.1 Link
Misiek Photo Album <= 1.4.3 - Cross-Site Request Forgery to Album Deletion 4.3 Link
Music Request Manager <= 1.3 - Reflected Cross-Site Scripting 6.1 Link
Music Request Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Music Request Manager <= 1.3 - Unauthenticated Stored Cross-Site Scripting 7.2 Link
WP Content Copy Protection & No Right Click (PRO) <= 15.0 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
AZIndex <= 0.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Snapshot Backup <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Pocket Widget <= 0.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
AZIndex <= 0.8.1 - Cross-Site Request Forgery to Index Deletion 4.3 Link
KBucket: Your Curated Content in WordPress <= 4.1.4 - Reflected Cross-Site Scripting 6.1 Link
NinjaTeam Header Footer Custom Code < 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via CSS Styles 4.4 Link
Chatbot with ChatGPT <= 2.4.4 - Missing Authorization 5.3 Link
Sign-up Sheets <= 2.2.12 - Reflected Cross-Site Scripting 6.1 Link
Secure Copy Content Protection and Content Locking <= 4.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Flaming Forms <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting 7.2 Link
Flaming Forms <= 1.0.1 - Reflected Cross-Site Scripting 6.1 Link
DN Popup <= 1.2.2 - Cross-Site Request Forgery to Settings Update 4.3 Link
WP MultiTasking <= 0.1.12 - Reflected Cross-Site Scripting 6.1 Link
DL Verification <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
DL Robots.txt <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
TrueBooker <= 1.0.2 - Cross-Site Request Forgery to Settings Update 4.3 Link
Viral Signup <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
DL Yandex Metrika <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
WP eMember <= 10.6.6 - Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] 6.1 Link
WP eStore <= 8.5.5 - Cross-Site Request Forgery to Settings Reset 4.3 Link
WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Customer Search 6.1 Link
WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Product Editing 6.1 Link
House Manager – Easy Renter Management System for WordPress <= 1.0.8.4 - Reflected Cross-Site Scripting 6.1 Link
Community Events <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Wp EMember < 10.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete' 5.4 Link
WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion 5.4 Link
WANotifier – Send Message Notifications Using WhatsApp API <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
SpiderContacts <= 1.1.7 - Reflected Cross-Site Scripting 6.1 Link
HTML Forms – Simple WordPress Forms Plugin <= 1.3.33 - Cross-Site Request Forgery 4.3 Link
Donation Block For PayPal <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting 7.2 Link
Pardakht Delkhah <= 2.9.8 - Cross-Site Request Forgery to Form Setting Reset 4.3 Link
WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting 6.1 Link
WpStickyBar – Sticky Bar, Sticky Header <= 2.1.0 - Reflected Cross-Site Scripting 6.1 Link
Send email only on Reply to My Comment <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Send email only on Reply to My Comment <= 1.0.6 - Reflected Cross-Site Scripting 6.1 Link
WP Ajax Contact Form <= 2.2.2 - Cross-Site Request Forgery to Arbitrary Email Deletion 4.3 Link
Ultimate Classified Listings <= 1.2 - Reflected Cross-Site Scripting 6.1 Link
WP Affiliate Platform <= 6.5.1 - Cross-Site Request Forgery to Afilliate Deletion 5.4 Link
Request a Quote <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Community Events <= 1.4.9 - Cross-Site Request Forgery 4.3 Link
WP QuickLaTeX <= 3.8.7 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Bug Library <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
ArtPlacer Widget <= 2.21.1 - Missing Authorization to Widget Deletion 4.3 Link
ArtPlacer Widget <= 2.21.1 - Cross-Site Request Forgery 6.1 Link
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Category Editing 6.1 Link
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Discount Editing 6.1 Link
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Customer Editing 6.1 Link
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via REQUEST_URI 6.1 Link
WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Category Editing 6.1 Link
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Profile Update 5.4 Link
Wp EMember <= 10.6.5 - Authenticated (Admin+) Arbitrary File Upload 9.1 Link
Wp EMember <= 10.6.5 - Cross-Site Request Forgery to Bulk Delete 4.3 Link
WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Banner Editing 6.1 Link
Wp EMember <= 10.6.6 - Unauthenticated Stored Cross-Site Scripting 6.1 Link
Wp EMember <= 10.6.5 - Cross-Site Request Forgery 6.1 Link
WP eMember <= 10.6.5 - Reflected Cross-Site Scripting via 'editrecord' 6.1 Link
WP eMember <= 10.6.6 - Reflected Cross-Site Scripting via Member Edit 6.1 Link
SULly <= 4.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Embed Peertube Playlist <= 1.07 - Authenticated (Editor+) Stored Cross-Site Scripting 4.4 Link
OpenPGP Form Encryption for WordPress <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting 5.4 Link
SULly <= 4.3 - Reflected Cross-Site Scripting 6.1 Link
SULly <= 4.3.0 - Cross-Site Request Forgery to Plugin Reset 4.3 Link
WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Registration Form 6.1 Link
WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Lead Editing 6.1 Link
WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Affiliate Editing 6.1 Link
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Profile Update 5.4 Link
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting 6.1 Link
Smart Image Gallery <= 1.0.18 - Cross-Site Request Forgery 4.3 Link
If-So Dynamic Content Personalization <= 1.8.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
If-So Dynamic Content Personalization <= 1.8.0.3 - Reflected Cross-Site Scripting 6.1 Link
Bug Library <= 2.1 - Unauthenticated Arbitrary File Upload 9.8 Link
Product Enquiry for WooCommerce <= 3.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Hostel <= 1.1.5.2 - Reflected Cross-Site Scripting 6.1 Link
ContentLock <= 1.0.3 - Cross-Site Request Forgery to Group/Email Deletion 4.3 Link
Swift Framework < 2024.04.30 Authenticated (Admin+) Stored Cross-Site Scripting via Auth 4.4 Link
Swift Framework < 2024.04.30 Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Title 6.4 Link
Swift Framework < 2024.04.30 - Reflected Cross-Site Scripting 6.1 Link
Simple Video Directory <= 1.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Bible Text <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 Link
WPQA - Builder forms Addon For WordPress plugin <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 Link
Himer <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 Link
WPQA Builder <= 6.1.0 - Cross-Site Request Forgery 4.3 Link
Widget4Call <= 1.0.7 - Reflected Cross-Site Scripting 6.1 Link
Animated AL List <= 1.0.6 - Reflected Cross-Site Scripting 6.1 Link
Simple AL Slider <= 1.2.10 - Reflected Cross-Site Scripting 6.1 Link
Widget4Call <= 1.0.7 - Reflected Cross-Site Scripting 6.1 Link
Frontend Checklist <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Items 4.4 Link
Spotify Play Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 Link
Video Widget <= 1.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Muslim Prayer Time BD <= 2.4 - Cross-Site Request Forgery to Settings Reset 4.3 Link
WebP & SVG Support <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG 6.4 Link
PVN Auth Popup <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 6.4 Link
Logo Manager For Enamad <= 0.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Mime Types Extended <= 0.11 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload 7.2 Link
Widget Bundle <= 2.0.0 - Cross-Site Request Forgery to Widget Disable/Enable 4.3 Link
Widget Bundle <= 2.0.0 - Reflected Cross-Site Scripting 6.1 Link
Widget Bundle <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Google CSE <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
CB (legacy) <= 0.9.4.18 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
CB (legacy) <= 0.9.4.18 - Cross-Site Request Forgery to Code/Timeframe/Booking Deletion 4.3 Link
WP Logs Book <= 1.0.1 - Cross-Site Request Forgery to Log Clearing 4.3 Link
WP Logs Book <= 1.0.1 - Cross-Site Request Forgery to Log Disabling 4.3 Link
WP Logs Book <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting 7.2 Link
DOP Shortcodes <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 6.4 Link
CSSable Countdown <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 Link
Inquiry Cart <= 3.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting 4.3 Link
Social Pixel <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
WordPress Jitsi Shortcode <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
WordPress Jitsi Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 Link
Similarity <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting 4.3 Link
Similarity <= 3.0 - Cross-Site Request Forgery to Plugin Reset 4.3 Link
AZAN Plugin <= 0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Pray For Me <= 1.0.4 - Cross-Site Request Forgery to Settings Update 4.3 Link
Pray For Me <= 1.0.4 - Unauthenticated Stored Cross-Site Scripting 7.2 Link
Amen <= 3.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
WP Prayer II <= 2.4.7 - Cross-Site Request Forgery to Settings Update 4.3 Link
WP Prayer II <= 2.4.7 - Cross-Site Request Forgery to Email Settings Update 4.3 Link
WP Backpack <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 Link
WP Stacker <= 1.8.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Swift Framework < 2024.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 6.4 Link
ARforms <= 6.5 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
FS Product Inquiry <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting 6.1 Link
FS Product Inquiry <= 1.1.1 - Reflected Cross-Site Scripting 6.1 Link
Business Card <= 1.0.0 - Cross-Site Request Forgery to Category Deletion 4.3 Link
Business Card <= 1.0.0 - Cross-Site Request Forgery to Card Edit 4.3 Link
Business Card <= 1.0.0 - Cross-Site Request Forgery to Category Edit 4.3 Link
Business Card <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Card Deletion 4.3 Link
KKProgressbar2 Free <= 1.1.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting 7.2 Link
KKProgressbar2 Free <= 1.1.4.2 - Cross-Site Request Forgery to Progress Bar Deletion 5.3 Link
KKProgressbar2 Free <= 1.1.4.2 - Authenticated (Admin+) SQL Injection 9.1 Link
Pet Manager <= 1.4 - Reflected Cross-Site Scripting 6.1 Link
Pet Manager <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting 5.4 Link
Flattr <= 1.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Sailthru Triggermail <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Sailthru Triggermail <= 1.1 - Reflected Cross-Site Scripting 6.1 Link
Fancy Product Designer <= 6.1.7 - Reflected Cross-Site Scripting 6.1 Link
Salon booking system <= 9.6.5 - Cross-Site Request Forgery to Settings Update 4.3 Link
ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection 9.1 Link
Popup4Phone <= 1.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting 4.4 Link
Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting 7.2 Link
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to List Deletion 4.3 Link
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Subscriber Deletion 4.3 Link
Newsletter Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Newsletter Popup <= 1.2 - Unauthenticated Stored Cross-Site Scripting 7.2 Link
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Settings Update 4.3 Link
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Email Settings Update 4.3 Link
WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Arbitrary Prayer Deletion 4.3 Link
HL Twitter <= 2014.1.18 - Cross-Site Request Forgery to Settings Update 4.3 Link
HL Twitter <= 2014.1.18 - Cross-Site Request Forgery to Twitter Account Unlink 4.3 Link
HL Twitter <= 2014.1.18 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Request Forgery to Setting Reset 4.3 Link
Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
month name translation benaceur <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
reCAPTCHA Jetpack <= 0.2.2 - Cross-Site Request Forgery to Settings Update 4.3 Link
reCAPTCHA Jetpack <= 0.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
WPB Show Core <= 2.6 - Reflected Cross-Site Scripting via 'file' 6.1 Link
UnGallery <= 2.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Add Custom CSS and JS <= 1.20 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via License Field 4.4 Link
MF Gig Calendar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Crelly Slider <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery to Event Deletion 4.3 Link
LiveJournal Shortcode <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 6.4 Link
Modal Window – create popup modal window <= 5.3.9 - Cross-Site Request Forgery 4.3 Link
Button Generator – easily Button Builder <= 2.3.9 - Cross-Site Request Forgery 4.3 Link
Sticky Buttons – floating buttons builder <= 3.2.3 - Cross-Site Request Forgery 4.3 Link
Popup Box – new WordPress popup plugin <= 2.2.6 - Cross-Site Request Forgery 4.3 Link
Herd Effects – fake notifications and social proof plugin <= 5.2.6 - Cross-Site Request Forgery 4.3 Link
Counter Box – WordPress plugin for countdown, timer, counter <= 1.2.3 - Cross-Site Request Forgery 4.3 Link
Side Menu Lite – add sticky fixed buttons <= 4.2 - Cross-Site Request Forgery 4.3 Link
Wow Skype Buttons <= 4.0.3 - Cross-Site Request Forgery 4.3 Link
Smart Forms – when you need more than just a contact form <= 2.9.95 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
MM-email2image <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 6.4 Link
MM-email2image <= 0.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting 6.1 Link
Bannerlid <= 1.1.0 - Reflected Cross-Site Scripting 6.1 Link
Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings 4.4 Link
ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery 6.1 Link
ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery to Campaign Deletion 4.3 Link
CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader 4.3 Link
Simple Buttons Creator <=1.04 - Cross-Site Request Forgery to Arbitrary Button Deletion 5.3 Link
Simple Buttons Creator <=1.04 - Unauthenticated Stored Cross-Site Scripting via Add Button 7.2 Link
NPS computy <= 2.7.5 - Cross-Site Request Forgery to Results Deletion 4.3 Link
NPS computy <= 2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Advance Search <= 1.1.6 - Cross-Site Request Forgery to Shortcode Deletion 4.3 Link
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via Product Title 4.4 Link
Font Farsi <= 1.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
WPB Show Core <= 2.6 - Reflected Cross-Site Scripting 6.1 Link
Scalable Vector Graphics (SVG) <= 3.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG 6.4 Link
Persian Fonts <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Allow SVG <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG 6.4 Link
Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG 6.4 Link
SVG Uploads Support <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG 6.4 Link
illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion 5.3 Link
illi Link Party! <= 1.0 - Unauthenticated Stored Cross-Site Scripting 7.2 Link
illi Link Party! <= 1.0 - Cross-Site Request Forgery to Settings Update 4.3 Link
illi Link Party! <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Better Follow Button for Jetpack <= 8.0 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
GigPress <= 2.3.29 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Easy SVG Allow <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG 6.4 Link
Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Title 4.4 Link
Product Enquiry for WooCommerce <= 3.0 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
WP Review Slider <= 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 Link
WP Crowdfunding <= 2.1.9 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
BSK Forms Blacklist <= 3.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Autocomplete Location field Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 Link
Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 Link
WooHoo Newspaper Magazine Theme <= 2.5.3 - Cross-Site Request Forgery to Settings Update 4.3 Link
WP Discord Invite <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload 6.4 Link
FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting 6.1 Link
Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 Link
ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings 4.4 Link
PostX - Gutenberg Post Grid Blocks <= 3.0.5 - Reflected Cross-Site Scripting via 'postx_type' 6.1 Link
Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 Link
WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting 4.4 Link
Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting 4.4 Link
AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting 4.4 Link
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress <= 1.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 Link
QuBotChat <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting 4.4 Link