Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.