WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malic
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and us
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce
The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insuffi
The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the
The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This mak
The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter in all versions up to, and including, 2.0
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the
The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not pr
The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of serv
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and incl
The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirl_plugin_optio
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be upda
The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied d
The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficien
The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in t
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of passwor