Medium · CVSS 6.5
Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0.
Published Mar 20, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3.
Published Mar 26, 2024 · Updated Apr 28, 2026
High · CVSS 7.5
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
Published Mar 21, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4.
Published Mar 15, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18.
Published Mar 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4.
Published Mar 15, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6.
Published Mar 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0.
Published Mar 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32.
Published Mar 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101.
Published Mar 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6.
Published Mar 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.
Published Mar 16, 2024 · Updated Apr 28, 2026
High · CVSS 8.8
Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.This issue affects TerraClassifieds: from n/a through 2.0.3.
Published Mar 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.2.
Published Mar 26, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9.
Published Mar 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.
Published Mar 15, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2.
Published Mar 15, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7.
Published Mar 15, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3.
Published Mar 15, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.5
Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10.
Published Mar 28, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6.
Published Mar 21, 2024 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin), KlbTheme Furnob theme (core plugin), KlbTheme Clotya theme (core plugin) allows Reflected XSS.This issue affects Cosmetsy theme (core plugin): from n/a through 1.3.0; Partdo theme (core plugin): from n/a through 1.0.9; Bacola theme (core plugin): from n/a through 1.3.3; Medibazar theme (core plugin): from n/a through 1.2.3; Furnob theme (core plugin): from n/a through 1.1.7; Clotya theme (core plugin): from n/a through 1.1.5.
Published Mar 26, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n/a through 1.1.6; Cosmetsy theme: from n/a through 1.7.7; Furnob theme: from n/a through 1.2.2; Bacola theme: from n/a through 1.3.3; Partdo theme: from n/a through 1.1.1; Medibazar theme: from n/a through 1.8.6; Machic theme: from n/a through 1.2.8.
Published Mar 26, 2024 · Updated Apr 28, 2026
Critical · CVSS 10
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.
Published Mar 27, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.9
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.
Published Mar 26, 2024 · Updated Apr 28, 2026
High · CVSS 8
Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.
Published Mar 26, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.1
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.
Published Mar 26, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.1
Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.
Published Mar 26, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.1
Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
Published Mar 26, 2024 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.
Published Mar 26, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.
Published Mar 27, 2024 · Updated Apr 28, 2026
High · CVSS 7.5
Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.
Published Mar 26, 2024 · Updated Apr 28, 2026
High · CVSS 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
Published Mar 28, 2024 · Updated Apr 28, 2026
High · CVSS 7.7
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
Published Mar 28, 2024 · Updated Apr 28, 2026
High · CVSS 7.1
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
Published Mar 27, 2024 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1.
Published Mar 27, 2024 · Updated Apr 28, 2026
High · CVSS 8.5
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
Published Mar 26, 2024 · Updated Apr 28, 2026
Critical · CVSS 9
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.
Published Mar 26, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.
Published Mar 25, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.
Published Mar 25, 2024 · Updated Apr 28, 2026
High · CVSS 7.1
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
Published Mar 28, 2024 · Updated Apr 28, 2026
High · CVSS 7.1
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.
Published Mar 28, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.7
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.
Published Mar 27, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0.
Published Mar 25, 2024 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.
Published Mar 26, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.
Published Mar 26, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5.
Published Mar 25, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.1
Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.
Published Mar 26, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
Published Mar 26, 2024 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.
Published Mar 26, 2024 · Updated Apr 28, 2026