| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. |
| Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. |
| Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. |
| Contributor Broken Access Control in Slim SEO <= 4.6.2 versions. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection.
This issue affects YMC Filter: from n/a through 3.11.5. |
| The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against any visitor of a page rendering the affected form, even when the `unfiltered_html` capability is disallowed (e.g. in a multisite network). |
| Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.
This issue affects Masteriyo - LMS: from n/a through 2.2.0. |
| Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions. |
| Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects MasterStudy LMS Pro: from n/a before 4.7.16. |
| Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. |
| Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions. |
| Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. |
| Editor Privilege Escalation in AI Engine <= 3.4.9 versions. |
| Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. |
| Subscriber Broken Access Control in Motors < 1.4.107 versions. |
| Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. |
| Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions. |
| Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. |
| Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions. |
| Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. |