| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill – WooCommerce: from n/a through <= 1.1.53. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.36. |
| Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0. |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4. |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3. |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through <= 4.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through <= 3.1.1. |
| Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product Reviews for WooCommerce: from n/a through <= 3.1.26. |
| Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through <= 0.68. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.5.0. |
| Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through <= 1.2.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through <= 4.1.9. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0. |
| Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3. |
| Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through <= 3.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through <= 2.15.11. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through 1.6.4.1. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack – Complete Elementor Addons, Theme & CPT Builder: from n/a through <= 1.2.1. |
| Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3. |
