Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5. More...

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through

Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8. More information : https://patchstack.com/database/Wordpress/Theme/gaea/vulnerability/wordpress-gaea-theme-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: from n/a through

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2. More...

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1.2. More information : https://patchstack.com/database/Wordpress/Theme/miraculous/vulnerability/wordpress-miraculous-theme-2-1-2-broken-access-control-vulnerability?_s_id=cve

Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through

Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10. More information : https://patchstack.com/database/Wordpress/Theme/pelicula-video-production-and-movie-theme/vulnerability/wordpress-pelicula-theme-1-10-php-object-injection-vulnerability?_s_id=cve

Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7. More information : https://patchstack.com/database/Wordpress/Theme/stal/vulnerability/wordpress-staal-theme-1-7-arbitrary-object-instantiation-vulnerability?_s_id=cve