Header Footer Script Adder – Insert Code in Header, Body & Footer <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

mahethekiller Header Footer Script Adder – Insert Code in Header, Body & Footer

Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Unauthenticated Information Expsoure

ajitdas Devs CRM – Manage tasks, attendance and teams all together

Popover Windows <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration Update

melodicmedia Popover Windows

Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion

dugudlabs Eyewear prescription form

WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage

f1logic WP to LinkedIn Auto Publish

Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation

creativthemes Mavix Education

Login Lockdown & Protection <= 2.14 - IP Block Bypass

webfactory Login Lockdown & Protection

JAY Login & Register <= 2.4.01 - Authentication Bypass via Cookie

jayarsiech JAY Login & Register

MediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion

yalogica MediaCommander – Bring Folders to Media, Posts, and Pages

Shortcode Loader <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter

rang501 Shortcode Ajax

YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode

yithemes YITH WooCommerce Quick View

Easy Theme Options <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Import

corsonr Easy Theme Options

Kingcabs <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter

sparklewpthemes Kingcabs

Social Media Auto Publish <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage

f1logic Social Media Auto Publish

Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update

ajitdas Devs CRM – Manage tasks, attendance and teams all together

افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection

payamito افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce

Solutions Ad Manager <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter

solutionsbysteve Solutions Ad Manager

rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function

rtcamp rtMedia for WordPress, BuddyPress and bbPress

Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification

gallerycreator Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery

Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter

blakelong Custom Frames