CVE Database

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masud Hasan Unlock Addons for Elementor unlock-addons-for-elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor: from n/a through <= 2.2.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through <= 1.0.1.

Missing Authorization vulnerability in Dotstore Minimum and Maximum Quantity for WooCommerce min-and-max-quantity-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximum Quantity for WooCommerce: from n/a through <= 2.0.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.4.7.

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through <= 1.7.1.

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1.

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.15.

Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through <= 2.1.5.

Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion.This issue affects FloristPress: from n/a through <= 7.3.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows DOM-Based XSS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through <= 1.3.9.

Missing Authorization vulnerability in Alexander Volkov Chatter chatter.This issue affects Chatter: from n/a through <= 1.0.1.

Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0.

Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX woocommerce-catalog-enquiry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through <= 5.0.2.

Missing Authorization vulnerability in WBW Plugins Product Filter by WBW woo-product-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through <= 2.5.0.

Missing Authorization vulnerability in Molongui Molongui molongui-authorship allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through <= 4.7.3.

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.

Missing Authorization vulnerability in ilmdesigns Square Thumbnails square-thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through <= 1.1.1.

Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through <= 2.7.

Missing Authorization vulnerability in metaphorcreations Post Duplicator post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through <= 2.31.

Missing Authorization vulnerability in Webflow Webflow Pages webflow-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through <= 1.0.8.

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10.

Missing Authorization vulnerability in Satinder Singh Elementor Timeline Widget 3r-elementor-timeline-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Timeline Widget: from n/a through <= 2.2.

Missing Authorization vulnerability in Softaculous PageLayer pagelayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through <= 1.7.7.

Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a through <= 2.3.8.

Missing Authorization vulnerability in Northern Beaches Websites IdeaPush ideapush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through < 8.58.

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4.

Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through <= 1.9.0.

Missing Authorization vulnerability in WcMultishipping - Mondial Relay &amp; Chronopost for Wooommerce WCMultiShipping wc-multishipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through <= 2.3.5.

Missing Authorization vulnerability in itpathsolutions Contact Form to Any API contact-form-to-any-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through <= 1.1.6.

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tomdever wpForo Forum wpforo allows Code Injection.This issue affects wpForo Forum: from n/a through <= 2.2.5.

Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu paytr-taksit-tablosu-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayTR Taksit Tablosu: from n/a through <= 1.3.1.

Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.1.

Missing Authorization vulnerability in GusRuss89 Live Preview for Contact Form 7 cf7-live-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through <= 1.2.0.

Missing Authorization vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through <= 1.5.3.

Missing Authorization vulnerability in Formcrafts FormCraft formcraft-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through <= 1.2.7.

Missing Authorization vulnerability in CRUDLab WP Like Button wp-like-button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through <= 1.7.0.

Missing Authorization vulnerability in David Vongries Welcome Email Editor welcome-email-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through <= 5.0.6.

Missing Authorization vulnerability in appsbd Mini Cart Drawer For WooCommerce woo-mini-cart-drawer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mini Cart Drawer For WooCommerce: from n/a through <= 4.0.0.

Missing Authorization vulnerability in Realwebcare WRC Pricing Tables wrc-pricing-tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through <= 2.3.7.

Missing Authorization vulnerability in wpoperations SALERT salert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through <= 1.2.1.

Missing Authorization vulnerability in Felix W. Extended Post Status extended-post-status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through <= 1.0.19.

Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through <= 2.0.

Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields shortcode-to-display-post-and-user-data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through <= 1.2.0.

Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 1.9.8.

Missing Authorization vulnerability in Marc dooder Sharkdropship for AliExpress Dropship and Affiliate wooshark-aliexpress-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship for AliExpress Dropship and Affiliate: from n/a through <= 2.2.3.

Missing Authorization vulnerability in YummyWP Smart WooCommerce Search smart-woocommerce-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WooCommerce Search: from n/a through <= 2.5.0.

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through <= 1.2.7.

Missing Authorization vulnerability in hashthemes Square square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through <= 2.0.0.

Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce stampedio-product-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.io Product Reviews & UGC for WooCommerce: from n/a through <= 2.3.2.