RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className

rebelcode RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion

roxnor GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery

torstenbulk DK PDF – WordPress PDF Generator

LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update

smings LEAV Last Email Address Validator

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation

linknacional Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Missing Authorization to Unauthenticated Rede Order Logs Deletion

linknacional Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit

Related Posts by Taxonomy <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode

keesiemeijer Related Posts by Taxonomy

DIAView - Command Injection Vulnerability

Delta Electronics DIAView

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to impr...

NAVER lucy-xss-filter

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbi...

NAVER lucy-xss-filter

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored X...

未知

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure

smub All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion

mailerlite MailerLite – WooCommerce integration

Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator

paultgoodchild Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

All-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass

plugins360 All-in-One Video Gallery

Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion

awesomesupport Awesome Support – WordPress HelpDesk & Support Plugin

Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter

radykal Fancy Product Designer

WP Recipe Maker <= 10.2.2 - Insecure Direct Object Reference to Sensitive Information Exposure

brechtvds WP Recipe Maker

Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure

wpdevelop Booking Calendar

Gotac｜Statistics Database System - Missing Authentication

Gotac Statistics Database System