The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in al
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_aj
The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mo_jwt_generate_new_api_key' function in all versions up
The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'reset_settings' AJAX endpoint in all versions up to,
The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions (i.e. wrld_set_configuration, wrld_exclude_se
The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, and
The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_option_rest' function in all versions up to, and including, 2.1.1. Th
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This m
The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and incl
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon’ parameter in all versions up to, and including, 3.4.
The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in version
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of multiple widgets, in all versions
The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks o
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4