Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.