Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions.
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.