CVE Database

Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.

Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.

Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.

Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.

Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.

Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.

Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi &#8211; Save Entries, File Upload &amp; Country Code Field <= 1.0.6 versions.

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.

Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.

Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.

Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.

Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.

Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.

Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.

Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.

Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.

Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.

Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.

Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.

Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.

Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.

Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.

Subscriber Broken Access Control in Motors < 1.4.107 versions.

Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.

Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.

Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.

Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.

Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.

Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.

Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.

Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.

Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.

Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.

Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.

Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.

Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.

Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.

Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions.

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.