The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via t
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name o
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability c
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/ba
The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files cont
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' f
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookies_accepted shortcode in all versions up to, and including, 2.5.8
The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24_block_enqueue_scripts() function
The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including, 2.
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback_get_json function in all versions up to, and including, 1.0.15. This ma
The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler r
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unaut
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authoriza
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes Word
The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 0.5 due to insufficient input sanitization and ou
The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing
The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotel_booking_fetch_custo