Brandon Roldan

Plugin

WOOCS – WooCommerce Currency Switcher <= 1.4.1.4 Cross Site Request Forgery (CSRF) vulnerability

Plugin

LiveChat <= 4.5.15 Cross Site Request Forgery (CSRF) vulnerability

Plugin

WP Photo Album Plus <= 8.5.02.005 IP Bypass vulnerability

Plugin

Business Directory Plugin <= 6.3.10 Cross Site Request Forgery (CSRF) vulnerability

Plugin

Qode Essential Addons <= 1.5.2 Arbitrary plugin installation and Activation vulnerability

Plugin

Legal Pages <= 1.3.8 Cross Site Request Forgery (CSRF) vulnerability

Plugin

Profile Builder <= 3.10.3 Cross Site Request Forgery (CSRF) vulnerability

Plugin

Top 10 <= 3.3.2 Cross Site Request Forgery (CSRF) vulnerability

Plugin

WP Google My Business Auto Publish <= 3.7 Cross Site Request Forgery (CSRF) vulnerability

Plugin

Kadence WooCommerce Email Designer <= 1.5.11 Cross Site Request Forgery (CSRF) vulnerability

Theme

Newsmag <= 2.4.4 Reflected CrossSite Scripting (XSS) vulnerability

Theme

Activello <= 1.4.4 Auth. Reflected CrossSite Scripting (XSS) vulnerability

Theme

Activello <= 1.4.4 Auth. Reflected CrossSite Scripting (XSS) vulnerability

Plugin

Media Library Assistant <= 3.00 Unauthenticated Error Log Disclosure vulnerability

Plugin

iQ Block Country <= 1.2.18 Block BYPASS vulnerability

Plugin

wpForo Forum <= 2.0.5 CrossSite Request Forgery (CSRF) vulnerability

Plugin

WPIDE – File Manager & Code Editor <= 2.6 Authenticated Arbitrary File Read vulnerability

Plugin

MultiSafepay plugin for WooCommerce <= 4.15.0 Unauthenticated Arbitrary File Read vulnerability

Plugin

Shareaholic <= 9.7.5 Information Disclosure vulnerability

Plugin

MapSVG <= 6.2.19 Unauthenticated SQL Injection (SQLi) vulnerability

Plugin

HubSpot <= 8.8.13 Blind ServerSide Request Forgery (SSRF) vulnerability

Plugin

LifterLMS PayPal <= 1.3.0 Reflected CrossSite Scripting (XSS) vulnerability

Plugin

DW Question & Answer Pro <= 1.3.4 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

Plugin

DW Question & Answer Pro <= 1.3.4 Arbitrary Comment Edition via IDOR vulnerability

Plugin

Plezi <= 1.0.2 Unauthenticated Stored CrossSite Scripting (XSS) vulnerability

Plugin

Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.2 Unauthenticated Stored CrossSite Scripting (XSS) vulnerability

Plugin

FormCraft 3 <= 3.8.27 Unauthenticated ServerSide Request Forgery (SSRF) vulnerability

Plugin

WP Voting Contest <= 2.1 Reflected CrossSite Scripting (XSS) vulnerability

Plugin

AnyComment <= 0.2.17 Comment Rating Increase/Decrease via Race Condition vulnerability

Plugin

AnyComment <= 0.2.17 Arbitrary HyperComments Import/Revert via CSRF vulnerability

Plugin

BP Better Messages <= 1.9.9.148 CrossSite Request Forgery (CSRF) vulnerability

Plugin

SupportCandy <= 2.2.6 Arbitrary Ticket Deletion via CrossSite Request Forgery (CSRF) vulnerability

Plugin

SupportCandy <= 2.2.4 Unauthenticated Arbitrary Ticket Deletion vulnerability

Plugin

AnyComment <= 0.3.4 Open Redirect vulnerability

Plugin

Tab – Accordion, FAQ <= 1.3.1 Unauthenticated AJAX Calls vulnerability

Plugin

Support Board <= 3.3.5 Arbitrary File Deletion via CrossSite Request Forgery (CSRF) vulnerability

Plugin

wpDiscuz <= 7.3.3 CrossSite Request Forgery (CSRF) vulnerability leading to Arbitrary Comment Addition/Edition/Deletion

Plugin

BP Better Messages <= 1.9.9.37 CrossSite Request Forgery (CSRF) vulnerability

Plugin

BP Better Messages <= 1.9.9.37 Reflected CrossSite Scripting (XSS) vulnerability