| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions. |
| Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1. |
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. |
| Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25. |
| Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). |
| Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. |
| External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3. |
| Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. |
| Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion. |
