API Monitor free

Plugin

Admin Management Xtended

<= 2.4.4

Post Visibility/Date/Comment Status Update via CSRF vulnerability

6.3

20.06.2022

Plugin

Cache Images

<= 3.2

Image Upload / Import via CrossSite Request Forgery (CSRF) vulnerability

4.3

20.06.2022

Plugin

WP Maintenance Mode & Coming Soon

<= 2.4.4

Subscribed Users Deletion via CrossSite Request Forgery (CSRF) vulnerability

5.4

20.06.2022

Plugin

Shortcodes and extra features for Phlox theme

<= 2.9.7

Reflected CrossSiteScripting (XSS) vulnerability

4.7

20.06.2022

Plugin

WP Event Manager

<= 3.1.27

Reflected CrossSite Scripting (XSS) vulnerability

6.1

20.06.2022

Plugin

WooCommerce

<= 6.5.1

Authenticated Stored HTML Injection vulnerability

4.8

20.06.2022

Plugin

Bold Page Builder

<= 4.3.2

Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

20.06.2022

Plugin

Very Simple Breadcrumb

<= 1.0

Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

20.06.2022

Plugin

LinkedIn Company Updates

<= 1.5.3

Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

20.06.2022

Plugin

WooCommerce PDF Invoices & Packing Slips

<= 2.15.0

Reflected CrossSite Scripting (XSS) vulnerability

6.1

20.06.2022

Plugin

GiveWP

<= 2.20.2

Reflected CrossSite Scripting (XSS) vulnerability

6.1

20.06.2022

Plugin

Cache Images

<= 3.1

Authenticated SQL Injection (SQLi) vulnerability

7.4

17.06.2022

Plugin

Popup Builder

<= 4.1.0

CrossSite Request Forgery (CSRF) vulnerability leading to Popup Status Change

5.4

17.06.2022

Plugin

GiveWP

<= 2.20.2

Donor Information Disclosure vulnerability

5.3

17.06.2022

Plugin

Button Widget Smartsoft

<= 1.0.1

CrossSite Request Forgery (CSRF) vulnerability to CrossSite Scripting (XSS)

8.8

16.06.2022

Plugin

Wbcom Designs – BuddyPress Group Reviews

<= 2.8.3

Unauthorized AJAX Actions due to Nonce Bypass

8.8

16.06.2022

Plugin

Core plugin for Kitestudio themes

<= 2.3.0

Reflected CrossSiteScripting (XSS) vulnerability

6.1

16.06.2022

Plugin

WP-Paginate

<= 2.1.8

Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

16.06.2022

Plugin

Social Media Share Buttons

<= 3.8.1

Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

16.06.2022

Plugin

Ninja Forms

<= 3.6.10

Unauthenticated PHP Object Injection vulnerability

9.8

15.06.2022

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close