HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection

devitemsllc HT Mega – Absolute Addons For Elementor

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification

publishpress Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

bdeleasa WP Company Info

简数采集器 <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read

zhengdon 简数采集器

BigBuy Dropshipping Connector for WooCommerce <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure

devsmip BigBuy Dropshipping Connector for WooCommerce

WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

wpfanyi WPSite Shortcode

Surbma | MiniCRM Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

surbma Surbma | MiniCRM Shortcode

Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

nootheme Realty Portal

Bulma Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

bartboy011 Bulma Shortcodes

Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Contract Address Update

beycanpress Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO

Display Pages Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

rustybadrobot Display Pages Shortcode

HotelRunner Booking Widget <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

integrationshotelrunner HotelRunner Booking Widget

Shortcodes Bootstrap <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

fastmover Shortcodes Bootstrap

UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

admintwentytwenty UiPress lite | Effortless custom dashboards, admin themes and pages

Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.6 - Missing Authentication to Unauthenticated Presale Update

beycanpress Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO

UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

admintwentytwenty UiPress lite | Effortless custom dashboards, admin themes and pages

Affiliate AI Lite <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

rustaurius Affiliate AI Lite

ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload

elextensions ELEX WordPress HelpDesk & Customer Ticketing System elula wsdesk

Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read

wpswings Return Refund and Exchange For WooCommerce

UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

admintwentytwenty UiPress lite | Effortless custom dashboards, admin themes and pages