Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.
Published Jun 19, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4.
Published Jun 4, 2024 · Updated Apr 28, 2026
Low · CVSS 3.7
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
Published Jun 4, 2024 · Updated Apr 28, 2026
Low · CVSS 3.7
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11.
Published Jun 4, 2024 · Updated Apr 28, 2026
Low · CVSS 3.7
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3.
Published Jun 4, 2024 · Updated Apr 28, 2026
High · CVSS 7.5
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Published Jun 19, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.3
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Published Jun 19, 2024 · Updated Apr 28, 2026
High · CVSS 8.2
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
Published Jun 19, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through 7.4.1.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9.
Published Jun 4, 2024 · Updated Apr 28, 2026
Low · CVSS 3.7
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue affects Form Maker by 10Web: from n/a through 1.15.20.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through 0.10.3.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2.
Published Jun 11, 2024 · Updated Apr 28, 2026
High · CVSS 7.5
Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1.
Published Jun 12, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4.
Published Jun 12, 2024 · Updated Apr 28, 2026
High · CVSS 8.3
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
Published Jun 4, 2024 · Updated Apr 28, 2026
Low · CVSS 3.7
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33.
Published Jun 12, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.
Published Jun 19, 2024 · Updated Apr 28, 2026
High · CVSS 8.3
Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
Published Jun 19, 2024 · Updated Apr 28, 2026
High · CVSS 7.6
Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1.
Published Jun 19, 2024 · Updated Apr 28, 2026
High · CVSS 8.3
Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18.
Published Jun 19, 2024 · Updated Apr 28, 2026
Low · CVSS 3.7
Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0.
Published Jun 19, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.
Published Jun 4, 2024 · Updated Apr 28, 2026
High · CVSS 7.5
Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10.
Published Jun 4, 2024 · Updated Apr 28, 2026
High · CVSS 8.8
Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
Published Jun 19, 2024 · Updated Apr 28, 2026
High · CVSS 8.3
Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
Published Jun 19, 2024 · Updated Apr 28, 2026
High · CVSS 7.6
Missing Authorization vulnerability in POSIMYTH Nexter.This issue affects Nexter: from n/a through 2.0.3.
Published Jun 19, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through 1.3.3.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08.
Published Jun 12, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha allows Functionality Bypass.This issue affects WP Captcha: from n/a through 2.0.0.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1.
Published Jun 19, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
Published Jun 19, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.
Published Jun 19, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2.
Published Jun 12, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.3
Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 6.5
: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02.
Published Jun 4, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.
Published Jun 12, 2024 · Updated Apr 28, 2026
High · CVSS 8.2
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.
Published Jun 19, 2024 · Updated Apr 28, 2026