For providers

The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible...

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to...

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing...

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to...

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to...

Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in...

Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a...

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the...

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization...

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the...