The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file exte
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the ext
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update() method does not valida
The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This ma
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up
The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6
The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zf_get_file_by_url function. This make
The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input
The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Ad
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin rely
The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authen
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callback_get_text_from_url() function. This makes it possible for authent
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validati
The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and including, 2.1
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.
The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and includi
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and inclu
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validatio