The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.11.2 due to the 'exlog_test_connection' AJAX action lacking capability c
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output es
The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttp_get_accounts' AJAX action. This
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2
The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitiz
The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps_options_page' f
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendanc
The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbp_user_add_role
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_upda
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgc_remove' action in all versions up to, and including,
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7.
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configurat
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindex_feed_hook_instagram/t
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback_get_json function in all versions up to, and including, 1.0.15. This ma
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient valida
The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xshare_plugin_reset()' function
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to in