The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute a
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sani
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitizatio
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrell
The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sa
The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanit
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key wh
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrec
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `cryptx` shortcode in all versions up to, and including, 4.0.5 due to insufficient input sanitization and
The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on t
The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input
The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode in all versions up to, and including, 2.8.2 due to insufficient input san
The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient
The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitizat
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compress
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sani
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting us