The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. Thi
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF a
Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.
The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauth
The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unaut
The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 du
The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all v
XSS vulnerability in DJ-HelpfulArticles component for Joomla.
The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. This makes it p
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability c
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampai
The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escap
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for una
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to
The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionless_form' shortcode[s] in all versions up to, and including, 0.0.23 due to insufficient in
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonc
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all ve
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to in
The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due t