Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
Contributor Local File Inclusion in Panorama Viewer โ 360 Degree Image + Video Viewer <= 1.6.1 versions.
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.