Medium · CVSS 5.4
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress.
Published Nov 9, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.8
Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress.
Published Nov 2, 2022 · Updated Apr 28, 2026
Critical · CVSS 9.1
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress.
Published Nov 3, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.8
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress.
Published Nov 2, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.3
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.
Published Nov 8, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.
Published Nov 8, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.
Published Nov 9, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.8
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.8
Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8.
Published Nov 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.3
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
High · CVSS 8.8
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
Published Nov 9, 2022 · Updated Apr 28, 2026
High · CVSS 7.2
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.5
Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress.
Published Nov 10, 2022 · Updated Apr 28, 2026
Critical · CVSS 9.8
Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Critical · CVSS 10
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
High · CVSS 7.5
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Low · CVSS 3
Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.
Published Nov 8, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.8
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.
Published Nov 8, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.3
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.8
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.
Published Nov 17, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.5
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.8
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.5
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.3
Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.1
Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress.
Published Nov 17, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.1
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.
Published Nov 8, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.8
Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Low · CVSS 3.7
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
High · CVSS 8.8
Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1.
Published Nov 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.8
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.
Published Nov 17, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.5
Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.4
Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.3
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 6.1
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 4.8
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress.
Published Nov 17, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.
Published Nov 8, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
Published Nov 18, 2022 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
Published Nov 8, 2022 · Updated Apr 28, 2026