| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. |
| Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions. |
| Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions. |
| Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions. |
| Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions. |
| Contributor Local File Inclusion in Shopify <= 1.0.0 versions. |
| Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. |
| Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions. |
| Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions. |
| Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. |
| Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions. |
| Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions. |
| Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions. |
| Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Sendcloud Shipping: from n/a through 1.0.29. |
| The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |