Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not call a...
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level variable in service/internal/tpl/templates.go) across all goroutines. Every action execution calls tpl....