Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation vulnerability
17 September, 2025
CrossSite Request Forgery vulnerability
24 December, 2024
Authenticated (Author+) Stored CrossSite Scripting via Shortcode vulnerability
11 October, 2023
Arbitrary Settings Update to Stored CrossSite Scripting (XSS) vulnerability
5 January, 2022