Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6.
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.