SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset

softaculous SiteSEO – SEO Simplified

WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure

cyberlord92 WP Login and Register using JWT

Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

dfactory Responsive Lightbox & Gallery

Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update

wpwax Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings

FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode

amans2k FunnelKit – Funnel Builder for WooCommerce Checkout

WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import

smackcoders WP Import – Ultimate CSV XML Importer for WordPress

Community Events <= 1.5.4 - Unauthenticated SQL Injection

jackdewey Community Events

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Pet-Manager – Petfinder <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode

kwmanagement Pet-Manager – Petfinder

WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

elextensions WSChat – WordPress Live Chat

Booking Plugin for WordPress Appointments – Time Slot <= 1.4.7 - Unauthenticated Arbitrary Email Sending

timeslotplugins Booking Plugin for WordPress Appointments – Time Slot

Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure

ays-pro Quiz Maker ays-pro quiz_maker

Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger

icegram Email Subscribers & Newsletters – Powerful Email Marketing, Post Notification & Newsletter Plugin for WordPress & WooCommerce

YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

yithemes YITH WooCommerce Wishlist

Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting

wproyal Royal Addons for Elementor – Addons and Templates Kit for Elementor

New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling

saadiqbal New User Approve

YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion

yithemes YITH WooCommerce Wishlist

Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges

ASUSTOR ABP and AES

Tanium addressed an arbitrary file deletion vulnerability in TanOS.

Tanium TanOS tanium tanos

DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker t...

NEC Corporation RakurakuMusen Start EX