The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the s
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter p
The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS88_2FAVE::wp_login()
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functio
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. Th
The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to p
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to aut
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in
The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insuff
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user vali
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied d
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'aja
The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn logi
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that t
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated a
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' param
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' functi
The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to upda