Alerts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPPOOL FlexStock allows Blind SQL Injection. This issue affects FlexStock: from n/a...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor allows DOM-Based XSS. This issue affects...

Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.3.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows Stored XSS. This issue affects jAlbum Bridge: from n/a...

Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite allows Stored XSS. This issue affects WIP WooCarousel Lite: from n/a through 1.1.7.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable allows DOM-Based XSS. This issue affects Charitable: from n/a...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alain-Aymerick FRANCOIS WP Cassify allows DOM-Based XSS. This issue affects WP...

Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through 3.0.4.

Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress allows Object Injection. This issue affects TranslatePress: from n/a through 2.9.6.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Private Limited WPGuppy allows SQL Injection. This issue affects WPGuppy:...