Medium · CVSS 4.3
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <= 1.0.7 versions.
Published Nov 9, 2023 · Updated Apr 29, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.
Published Nov 3, 2023 · Updated Apr 29, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.
Published Nov 6, 2023 · Updated Apr 29, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.
Published Nov 6, 2023 · Updated Apr 29, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.
Published Nov 6, 2023 · Updated Apr 29, 2026
Medium · CVSS 6.5
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.
Published Nov 6, 2023 · Updated Apr 29, 2026
Medium · CVSS 5.3
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Stored XSS.This issue affects Salient Core: from n/a through 2.0.2.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Menard Simply Exclude allows Reflected XSS.This issue affects Simply Exclude: from n/a through 2.0.6.6.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Easy Social Icons allows Stored XSS.This issue affects Easy Social Icons: from n/a through 3.2.4.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard Fast Custom Social Share by CodeBard allows Stored XSS.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.1.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS.This issue affects TriPay Payment Gateway: from n/a through 3.2.7.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery.This issue affects Bulk Comment Remove: from n/a through 2.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through 1.13.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a through 1.5.22.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application – Best WordPress Job Manager for Employees: from n/a through 1.13.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.This issue affects Display Custom Post: from n/a through 2.2.1.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery.This issue affects Broken Link Checker for YouTube: from n/a through 1.3.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
Published Nov 30, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS.This issue affects Parallax Image: from n/a through 1.7.1.
Published Nov 30, 2023 · Updated Apr 28, 2026
Medium · CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1.
Published Nov 30, 2023 · Updated Apr 28, 2026