Critical · CVSS 9.8
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
Published Apr 25, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.8
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60.
Published Apr 24, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.8
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.
Published Apr 24, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.8
Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.
Published Apr 24, 2024 · Updated Apr 28, 2026
High · CVSS 8.2
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.
Published Apr 24, 2024 · Updated Apr 28, 2026
High · CVSS 7.7
Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6.
Published Apr 17, 2024 · Updated Apr 28, 2026
Critical · CVSS 10
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.
Published Apr 12, 2024 · Updated Apr 28, 2026
High · CVSS 8.2
Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74.
Published Apr 24, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.
Published Apr 18, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembly: from n/a through 2.0.10.
Published Apr 18, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.9
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.
Published Apr 18, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4.
Published Apr 24, 2024 · Updated Apr 28, 2026
High · CVSS 7.6
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
Published Apr 18, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.
Published Apr 24, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.
Published Apr 24, 2024 · Updated Apr 28, 2026
High · CVSS 8.2
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.
Published Apr 16, 2024 · Updated Apr 28, 2026
High · CVSS 7.5
Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9.
Published Apr 17, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0.
Published Apr 18, 2024 · Updated Apr 28, 2026
High · CVSS 8.3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
Published Apr 16, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.8
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
Published Apr 17, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.3
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
Published Apr 11, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6.
Published Apr 24, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.9
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60.
Published Apr 24, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II plugin <= 1.3 versions.
Published Apr 16, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.
Published Apr 25, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.5
Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions.
Published Apr 16, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin <= 1.9.9 versions.
Published Apr 23, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.
Published Apr 23, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions.
Published Apr 5, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.
Published Apr 3, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5.
Published Apr 24, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions.
Published Apr 25, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4.
Published Apr 24, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.8
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.
Published Apr 25, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Published Apr 7, 2023 · Updated Apr 28, 2026