The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and includi
The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_
The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including, 1.1.2. This is due
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw m
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'features_revert_option AJAX endpoint in all versions up to, and including
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' funct
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for
The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configurat
The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7_Telegram::ajax' function in versi
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo_reset_settings function in all versions up to, a
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswpt_remove_plugin() and ajax_update_export_code() functions in a
The Pure Chat – Live Chat & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘purechatWidgetName’ parameter in all versions up to, and including, 2.4 due to insufficient
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, an
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/adm
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes
The WP-Asambleas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'polls_popup' shortcode in all versions up to, and including, 2.85.0 due to insufficient input sanit
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions u