Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6.
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.