| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions. |
| Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions. |
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions. |
| Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. |
| Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. |
| Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. |
| Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. |
| Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. |
| Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. |
| Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. |
| Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. |
| Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection.
This issue affects The Events Calendar: from 6.15.12 through 6.16.2. |
| Contributor PHP Object Injection in Avada <= 3.15.3 versions. |
| Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions. |
| Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection.
This issue affects Directorist Booking: from n/a through 3.0.3. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server.
This issue affects Academy LMS Pro: from n/a before 3.5.2. |