| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. |
| Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. |
| Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. |
| Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. |
| Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions. |
| Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. |
| Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. |
| Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. |
| Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. |
| WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server. |
| Subscriber Broken Access Control in Groundhogg < 4.4.1 versions. |
| Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions. |
| Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions. |
| Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. |
| Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. |
| Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. |
| Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. |
| Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. |
| NPM package next-npm-version1.0.1 is vulnerable to Command injection. |
| Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. |