Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.

Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Subscriber Privilege Escalation in Amelia <= 2.3 versions.

Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.