Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation

creativthemes Mavix Education

Login Lockdown & Protection <= 2.14 - IP Block Bypass

webfactory Login Lockdown & Protection

JAY Login & Register <= 2.4.01 - Authentication Bypass via Cookie

jayarsiech JAY Login & Register

MediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion

yalogica MediaCommander – Bring Folders to Media, Posts, and Pages

Shortcode Loader <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter

rang501 Shortcode Ajax

YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode

yithemes YITH WooCommerce Quick View

Easy Theme Options <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Import

corsonr Easy Theme Options

Kingcabs <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter

sparklewpthemes Kingcabs

Social Media Auto Publish <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage

f1logic Social Media Auto Publish

Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update

ajitdas Devs CRM – Manage tasks, attendance and teams all together

افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection

payamito افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce

Solutions Ad Manager <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter

solutionsbysteve Solutions Ad Manager

rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function

rtcamp rtMedia for WordPress, BuddyPress and bbPress

Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification

gallerycreator Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery

Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter

blakelong Custom Frames

Doubly <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import

unitecms Doubly – Cross Domain Copy Paste for WordPress

Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter

nenad-obradovic Extensive VC Addons for WPBakery page builder

Lucky Draw Contests <= 4.2 - Cross-Site Request Forgery to Plugin Settings Update

owais4377 Lucky Draw Contests

Colibri Page Builder <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting

extendthemes Colibri Page Builder

WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload

wp3d WP3D Model Import Viewer