The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_d
The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 due
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to,
The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanup_all AJAX action.
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and inc
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the `deleteFile()` method in the `Uploader` cl
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.7
The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and including, 2.1
The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability che
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and includ
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all ve
The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'custom_fields_controller' function in all versions up to, and i
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all
The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' fun
The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybe_delete_files function in all versions up to, and includin
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call() function in all versions up to, and including,
The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX
The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, a