WPLG Default Mail From <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

wpletsgo WPLG Default Mail From

Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings

izuchy Contact Form 7 with ChatWork

VigLink SpotLight By ShortCode <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute

susantabeura VigLink SpotLight By ShortCode

Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update

darendev Simple Theme Changer

Rabbit Hole <= 1.1 - Cross-Site Request Forgery to Settings Reset

frapesce Rabbit Hole

NewStatPress <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

ice00 NewStatPress

LS Google Map Router <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

ladislavsoukupgmailcom LS Google Map Router

Simple AL Slider <= 1.2.10 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

alexdtn Simple AL Slider

Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

sgcoskey Simple post listing

Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message

zealopensource Accept Stripe Payments Using Contact Form 7

Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion

blazethemes Blaze Demo Importer

Better Elementor Addons <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider Widget

wpdive Better Addons for Elementor

Upcoming for Calendly <= 1.2.4 - Cross-Site Request Forgery to Settings Update

justdave Upcoming for Calendly

FX Currency Converter <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

falselight FX Currency Converter

Divelogs Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

klemmkeil Divelogs Widget

Purchase and Expense Manager <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion

codnloc Purchase and Expense Manager

Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.5 - Missing Authorization to Unauthenticated Plugin Settings Modification

markutos987 Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus

Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

imran3229 Zenost Shortcodes

Animated Pixel Marquee Creator <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter

tekafran Animated Pixel Marquee Creator

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation

lazycoders LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart