Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.
Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.
Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.
Subscriber Broken Access Control in Motors < 1.4.107 versions.
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.