Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.