NextGEN Gallery WordPress NextGen Gallery plugin <= 3.4.7 - Cross-Site Request Forgery (CSRF) leading to XSS and RCE via file upload and LFI Plugin <= 3.4.7 2021-02-08
Backup by Supsystic WordPress Backup by Supsystic plugin <= 2.3.12 - Local File Inclusion (LFI) vulnerability Plugin <= 2.3.12 2021-02-08
Contact Form by Supsystic WordPress Contact Form by Supsystic plugin <= 1.7.5 - SQL injection (SQLi) vulnerability Plugin <= 1.7.5 2021-02-08
Contact Form by Supsystic WordPress Contact Form by Supsystic plugin <= 1.7.5 - Stored Cross-Site Scripting (XSS) vulnerability Plugin <= 1.7.5 2021-02-08
Data Tables Generator by Supsystic WordPress Data Tables Generator by Supsystic plugin <= 1.9.96 - SQL injection (SQLi) vulnerability Plugin <= 1.9.96 2021-02-08
Data Tables Generator by Supsystic WordPress Data Tables Generator by Supsystic plugin <= 1.9.96 - Stored Cross-Site Scripting (XSS) vulnerability Plugin <= 1.9.96 2021-02-08
Digital Publications by Supsystic WordPress Digital Publications by Supsystic plugin <= 1.6.11 - Path Traversal and DoS vulnerability Plugin <= 1.6.11 2021-02-08
Digital Publications by Supsystic WordPress Digital Publications by Supsystic plugin <= 1.6.11 - Stored Cross-Site Scripting (XSS) vulnerability Plugin <= 1.6.11 2021-02-08
Membership by Supsystic WordPress Membership by Supsystic plugin <= 1.5.0 - SQL injection (SQLi) vulnerability Plugin <= 1.5.0 2021-02-08
Newsletter by Supsystic WordPress Newsletter by Supsystic plugin <= 1.5.6 - SQL injection (SQLi) vulnerability Plugin <= 1.5.6 2021-02-08
Pricing Table by Supsystic WordPress Pricing Table by Supsystic plugin <= 1.8.8 - SQL injection (SQLi) vulnerability Plugin <= 1.8.8 2021-02-08
Pricing Table by Supsystic WordPress Pricing Table by Supsystic plugin <= 1.8.8 - Stored Cross-Site Scripting (XSS) vulnerability Plugin <= 1.8.8 2021-02-08
Ultimate Maps by Supsystic WordPress Ultimate Maps by Supsystic plugin <= 1.1.14 - SQL injection (SQLi) vulnerability Plugin <= 1.1.14 2021-02-08
WP Armour – Honeypot Anti Spam WordPress WP Armour – Honeypot Anti Spam plugin <= 1.5.6 - Cross-Site Scripting (XSS) vulnerability Plugin <= 1.5.6 2021-02-08
Wyzi WordPress Wyzi premium theme <= 2.4.2 - Cross-Site Scripting (XSS) vulnerability Theme <= 2.4.2 2021-02-06
Paid Memberships Pro WordPress Paid Memberships Pro plugin <= 2.5.2 - Insecure Direct Object Reference & sensitive information disclosure vulnerability Plugin <= 2.5.2 2021-02-06
Like Button Rating WordPress Like Button Rating plugin <= 2.6.31 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability Plugin <= 2.6.31 2021-02-06
Ultimate GDPR & CCPA Compliance Toolkit WordPress Ultimate GDPR & CCPA Compliance Toolkit premium plugin <= 2.4 - Unauthenticated Settings Import & Export vulnerability Plugin <= 2.4 2021-02-05
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.67 - Cross-Site Scripting (XSS) vulnerability Plugin <= 1.5.67 2021-02-04
Contact Form 7 Style WordPress Contact Form 7 Style plugin <= 3.1.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability Plugin <= 3.1.9 2021-02-04
