Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack β Powered by GPT-4.This issue affects AI Power: Complete AI Pack β Powered by GPT-4: from n/a through 1.8.2.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28.
Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.
Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds β Simple Classifieds Plugin.This issue affects TerraClassifieds β Simple Classifieds Plugin: from n/a through 2.0.3.
Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre β Dating Site.This issue affects Rencontre β Dating Site: from n/a through 3.10.1.
Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.
Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.
Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.
Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career β Manage job board listings, and recruitments.This issue affects Job Manager & Career β Manage job board listings, and recruitments: from n/a through 1.4.4.
Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6.
Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre β Dating Site.This issue affects Rencontre β Dating Site: from n/a through 3.11.1.
Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvΓaloSimple: Email Marketing y Newsletters.This issue affects EnvΓaloSimple: Email Marketing y Newsletters: from n/a through 2.1.
Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1.
Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza β WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza β WordPress Website and WooCommerce Builder: from n/a through 8.17.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress β Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress β Zoho Forms: from n/a through 3.0.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder β WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder β WordPress Page Builder: from n/a through 2.7.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown β Protect Login Form.This issue affects Login Lockdown β Protect Login Form: from n/a through 2.06.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE β Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE β Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar UroΕ‘eviΔ Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy β Page Builder allows Stored XSS.This issue affects Brizy β Page Builder: from n/a through 2.4.29.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar β WordPress Notification Bar allows Stored XSS.This issue affects HashBar β WordPress Notification Bar: from n/a through 1.4.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS.This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: from n/a through 1.1.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega β Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega β Absolute Addons For Elementor: from n/a through 2.3.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms β Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms β Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3.