Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains

codesnippetspro Code Snippets

GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'

stellarwp GiveWP – Donation Plugin and Fundraising Platform givewp givewp

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting

smub Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM

Shelly Pro 4PM

Out-of-bounds Read in Shelly Pro 3EM

Shelly Pro 3EM

SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

brainstormforce SureForms – Contact Form, Custom Form Builder, Calculator & More

SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure

softaculous SiteSEO – SEO Simplified

WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload

Unknown WavePlayer

SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset

softaculous SiteSEO – SEO Simplified

WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure

cyberlord92 WP Login and Register using JWT

Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

dfactory Responsive Lightbox & Gallery

Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update

wpwax Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings

FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode

amans2k FunnelKit – Funnel Builder for WooCommerce Checkout

WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import

smackcoders WP Import – Ultimate CSV XML Importer for WordPress

Community Events <= 1.5.4 - Unauthenticated SQL Injection

jackdewey Community Events

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Pet-Manager – Petfinder <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode

kwmanagement Pet-Manager – Petfinder

WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

elextensions WSChat – WordPress Live Chat

Booking Plugin for WordPress Appointments – Time Slot <= 1.4.7 - Unauthenticated Arbitrary Email Sending

timeslotplugins Booking Plugin for WordPress Appointments – Time Slot

Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure

ays-pro Quiz Maker ays-pro quiz_maker