Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
Subscriber SQL Injection in WooCommerce Frontend Manager โ Ultimate < 6.7.7 versions.
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.