“” の検索結果 | WordPress脆弱性情報 WPセキュリティ

脆弱性情報

重大性 7.2

【plugin】『WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto』(versions 8.0.9 以下)　Unauthenticated Stored Cross-Site Scriptingの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下)　Missing Authorization to Arbitrary User Deletionの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto』(versions 8.0.9 以下)　Cross-Site Request Forgery to Arbitrary Results Deletionの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下)　Missing Authorization to Privilege Escalation via Account Takeoverの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下)　Authenticated (Parent+) SQL Injectionの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下)　Authenticated (Teacher+) SQL Injectionの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『WC Affiliate – A Complete WooCommerce Affiliate Plugin』(versions 2.5.3 以下)　Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-allの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『pixelstats』(versions 0.8.2 以下)　Reflected Cross-Site Scriptingの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『WP01 – Speed, Security, SEO consultant』(versions 2.6.2 以下)　Authenticated (Subscriber+) Arbitrary File Downloadの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『GiveWP – Donation Plugin and Fundraising Platform』(versions 3.22.0 以下)　Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Functionの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『Directory Listings WordPress plugin – uListing』(versions 2.1.7 以下)　Authenticated (Subscriber+) Privilege Escalationの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『Directory Listings WordPress plugin – uListing』(versions 2.1.7 以下)　Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injectionの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『Zoorum Comments』(versions 0.9 以下)　Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 4.9

【plugin】『Portfolio and Projects』(versions 1.5.3 以下)　Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

2025.03.17

カテゴリーなし

脆弱性情報

重大性 9.8

【plugin】『Realteo』(versions 1.2.8 以下)　Authentication Bypass via ‘do_register_user’の脆弱性

2025.03.14

カテゴリーなし

脆弱性情報

重大性 7.5

【plugin】『WP Ghost (Hide My WP Ghost) – Security & Firewall』(versions 5.4.01 以下)　Unauthenticated Limited File Readの脆弱性

2025.03.14

カテゴリーなし

脆弱性情報

重大性 4.3

【theme】『Zegen – Church WordPress Theme』(versions 1.1.9 以下)　Missing Authorization to Authenticated (Subscriber+) Theme Options Updatesの脆弱性

2025.03.14

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Search & Filter Pro』(versions 2.5.19 以下)　Missing Authorization to Authenticated (Subscriber+) Post Meta Exposureの脆弱性

2025.03.14

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『CC-IMG-Shortcode』(versions 1.1.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

2025.03.13

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『CRM and Lead Management by vcita』(versions 2.7.1 以下)　Missing Authorization to Authenticated (Susbcriber+) Widget Toggleの脆弱性

2025.03.13

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『ProductDyno』(versions 1.0.24 以下)　Reflected Cross-Site Scripting via ‘res’ Parameterの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce』(versions 6.2.2 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgetsの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.8.3 以下)　Reflected Cross-Site Scriptingの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 8.1

【plugin】『miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon』(versions 200.3.9 以下)　Authentication Bypassの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel』(versions 2.4.29 以下)　Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updatesの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『NEX-Forms – Ultimate Form Builder – Contact forms and much more』(versions 8.8.1 以下)　Unauthenticated Sensitive Information Exposureの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)』(versions 1.5.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 9.8

【theme】『Golo – City Travel Guide WordPress Theme』(versions 1.6.10 以下)　Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Changeの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『Simple Amazon Affiliate』(versions 1.0.9 以下)　Reflected Cross-Site Scriptingの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『HT Mega – Absolute Addons For Elementor』(versions 2.8.2 以下)　Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widgetの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 9.8

【plugin】『InWave Jobs』(versions 3.5.1 以下)　Unauthenticated Privilege Escalation via Password Resetの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 5.5

【plugin】『WPGet API – Connect to any external REST API』(versions 2.2.10 以下)　Authenticated (Administrator+) Server-Side Request Forgeryの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor)』(versions 3.1.0 以下)　Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Moduleの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Gallery Styles』(versions 1.3.4 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『VK Blocks』(versions 1.94.2.2 以下)　Missing Authorization to Sensitive Information Exposureの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下)　Authenticated (Contributor+) Protected Post Disclosureの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『Wishlist for WooCommerce: Multi Wishlists Per Customer』(versions 3.1.7 以下)　Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Nameの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『Appsero Helper』(versions 1.3.2 以下)　Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『Eventer – WordPress Event & Booking Manager Plugin』(versions 3.9.9.2 以下)　Authenticated (Subscriber+) SQL Injection via reg_idの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『School Management System for WordPress』(versions 93.0.0 以下)　Authenticated (Student+) Account Takeover and Privilege Escalationの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 7.3

【plugin】『WPCS – WordPress Currency Switcher Professional』(versions 1.2.0.4 以下)　Unauthenticated Arbitrary Shortcode Executionの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 7.5

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下)　Unauthenticated SQL Injectionの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.3

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下)　Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuctionの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Finale Lite – Sales Countdown Timer & Discount for WooCommerce』(versions 2.19.0 以下)　Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timerの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 8.1

【plugin】『Product Input Fields for WooCommerce』(versions 1.12.1 以下)　Unauthenticated Limited File Uploadの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『School Management System for WordPress』(versions 92.0.0 以下)　Authenticated (Student+) SQL Injection via ‘view-attendance’の脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 7.2

【plugin】『SMTP by BestWebSoft』(versions 1.1.9 以下)　Authenticated (Administrator+) Arbitrary File Uploadの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 4.3

【theme】『Homey』(versions 2.4.3 以下)　Cross-Site Request Forgery to User Verificationの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『School Management System for WordPress』(versions 93.0.0 以下)　Missing Authorization to Unauthenticated Arbitrary Post Deletionの脆弱性

2025.03.12

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『Review Schema – Review & Structure Data Schema Plugin』(versions 2.2.4 以下)　Authenticated (Contributor+) Local File Inclusion via Post Metaの脆弱性

2025.03.12

カテゴリーなし

WordPress脆弱性情報

"キーワード指定なし"

【plugin】『WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto』(versions 8.0.9 以下) Unauthenticated Stored Cross-Site Scriptingの脆弱性

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下) Missing Authorization to Arbitrary User Deletionの脆弱性

【plugin】『WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto』(versions 8.0.9 以下) Cross-Site Request Forgery to Arbitrary Results Deletionの脆弱性

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下) Missing Authorization to Privilege Escalation via Account Takeoverの脆弱性

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下) Authenticated (Parent+) SQL Injectionの脆弱性

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下) Authenticated (Teacher+) SQL Injectionの脆弱性

【plugin】『WC Affiliate – A Complete WooCommerce Affiliate Plugin』(versions 2.5.3 以下) Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-allの脆弱性

【plugin】『pixelstats』(versions 0.8.2 以下) Reflected Cross-Site Scriptingの脆弱性

【plugin】『WP01 – Speed, Security, SEO consultant』(versions 2.6.2 以下) Authenticated (Subscriber+) Arbitrary File Downloadの脆弱性

【plugin】『GiveWP – Donation Plugin and Fundraising Platform』(versions 3.22.0 以下) Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Functionの脆弱性

【plugin】『Directory Listings WordPress plugin – uListing』(versions 2.1.7 以下) Authenticated (Subscriber+) Privilege Escalationの脆弱性

【plugin】『Directory Listings WordPress plugin – uListing』(versions 2.1.7 以下) Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injectionの脆弱性

【plugin】『Zoorum Comments』(versions 0.9 以下) Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

【plugin】『Portfolio and Projects』(versions 1.5.3 以下) Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Realteo』(versions 1.2.8 以下) Authentication Bypass via ‘do_register_user’の脆弱性

【plugin】『WP Ghost (Hide My WP Ghost) – Security & Firewall』(versions 5.4.01 以下) Unauthenticated Limited File Readの脆弱性

【theme】『Zegen – Church WordPress Theme』(versions 1.1.9 以下) Missing Authorization to Authenticated (Subscriber+) Theme Options Updatesの脆弱性

【plugin】『Search & Filter Pro』(versions 2.5.19 以下) Missing Authorization to Authenticated (Subscriber+) Post Meta Exposureの脆弱性

【plugin】『CC-IMG-Shortcode』(versions 1.1.0 以下) Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『CRM and Lead Management by vcita』(versions 2.7.1 以下) Missing Authorization to Authenticated (Susbcriber+) Widget Toggleの脆弱性

【plugin】『ProductDyno』(versions 1.0.24 以下) Reflected Cross-Site Scripting via ‘res’ Parameterの脆弱性

【plugin】『The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce』(versions 6.2.2 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgetsの脆弱性

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.8.3 以下) Reflected Cross-Site Scriptingの脆弱性

【plugin】『miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon』(versions 200.3.9 以下) Authentication Bypassの脆弱性

【plugin】『FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel』(versions 2.4.29 以下) Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updatesの脆弱性

【plugin】『NEX-Forms – Ultimate Form Builder – Contact forms and much more』(versions 8.8.1 以下) Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)』(versions 1.5.0 以下) Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【theme】『Golo – City Travel Guide WordPress Theme』(versions 1.6.10 以下) Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Changeの脆弱性

【plugin】『Simple Amazon Affiliate』(versions 1.0.9 以下) Reflected Cross-Site Scriptingの脆弱性

【plugin】『HT Mega – Absolute Addons For Elementor』(versions 2.8.2 以下) Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widgetの脆弱性

【plugin】『InWave Jobs』(versions 3.5.1 以下) Unauthenticated Privilege Escalation via Password Resetの脆弱性

【plugin】『WPGet API – Connect to any external REST API』(versions 2.2.10 以下) Authenticated (Administrator+) Server-Side Request Forgeryの脆弱性

【plugin】『ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor)』(versions 3.1.0 以下) Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Moduleの脆弱性

【plugin】『Gallery Styles』(versions 1.3.4 以下) Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『VK Blocks』(versions 1.94.2.2 以下) Missing Authorization to Sensitive Information Exposureの脆弱性

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下) Authenticated (Contributor+) Protected Post Disclosureの脆弱性

【plugin】『Wishlist for WooCommerce: Multi Wishlists Per Customer』(versions 3.1.7 以下) Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Nameの脆弱性

【plugin】『Appsero Helper』(versions 1.3.2 以下) Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

【plugin】『Eventer – WordPress Event & Booking Manager Plugin』(versions 3.9.9.2 以下) Authenticated (Subscriber+) SQL Injection via reg_idの脆弱性

【plugin】『School Management System for WordPress』(versions 93.0.0 以下) Authenticated (Student+) Account Takeover and Privilege Escalationの脆弱性

【plugin】『WPCS – WordPress Currency Switcher Professional』(versions 1.2.0.4 以下) Unauthenticated Arbitrary Shortcode Executionの脆弱性

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下) Unauthenticated SQL Injectionの脆弱性

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下) Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuctionの脆弱性

【plugin】『Finale Lite – Sales Countdown Timer & Discount for WooCommerce』(versions 2.19.0 以下) Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timerの脆弱性

【plugin】『Product Input Fields for WooCommerce』(versions 1.12.1 以下) Unauthenticated Limited File Uploadの脆弱性

【plugin】『School Management System for WordPress』(versions 92.0.0 以下) Authenticated (Student+) SQL Injection via ‘view-attendance’の脆弱性

【plugin】『SMTP by BestWebSoft』(versions 1.1.9 以下) Authenticated (Administrator+) Arbitrary File Uploadの脆弱性

【theme】『Homey』(versions 2.4.3 以下) Cross-Site Request Forgery to User Verificationの脆弱性

【plugin】『School Management System for WordPress』(versions 93.0.0 以下) Missing Authorization to Unauthenticated Arbitrary Post Deletionの脆弱性

【plugin】『Review Schema – Review & Structure Data Schema Plugin』(versions 2.2.4 以下) Authenticated (Contributor+) Local File Inclusion via Post Metaの脆弱性

【plugin】『WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto』(versions 8.0.9 以下)　Unauthenticated Stored Cross-Site Scriptingの脆弱性

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下)　Missing Authorization to Arbitrary User Deletionの脆弱性

【plugin】『WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto』(versions 8.0.9 以下)　Cross-Site Request Forgery to Arbitrary Results Deletionの脆弱性

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下)　Missing Authorization to Privilege Escalation via Account Takeoverの脆弱性

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下)　Authenticated (Parent+) SQL Injectionの脆弱性

【plugin】『School Management System – WPSchoolPress』(versions 2.2.16 以下)　Authenticated (Teacher+) SQL Injectionの脆弱性

【plugin】『WC Affiliate – A Complete WooCommerce Affiliate Plugin』(versions 2.5.3 以下)　Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-allの脆弱性

【plugin】『pixelstats』(versions 0.8.2 以下)　Reflected Cross-Site Scriptingの脆弱性

【plugin】『WP01 – Speed, Security, SEO consultant』(versions 2.6.2 以下)　Authenticated (Subscriber+) Arbitrary File Downloadの脆弱性

【plugin】『GiveWP – Donation Plugin and Fundraising Platform』(versions 3.22.0 以下)　Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Functionの脆弱性

【plugin】『Directory Listings WordPress plugin – uListing』(versions 2.1.7 以下)　Authenticated (Subscriber+) Privilege Escalationの脆弱性

【plugin】『Directory Listings WordPress plugin – uListing』(versions 2.1.7 以下)　Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injectionの脆弱性

【plugin】『Zoorum Comments』(versions 0.9 以下)　Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

【plugin】『Portfolio and Projects』(versions 1.5.3 以下)　Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Realteo』(versions 1.2.8 以下)　Authentication Bypass via ‘do_register_user’の脆弱性

【plugin】『WP Ghost (Hide My WP Ghost) – Security & Firewall』(versions 5.4.01 以下)　Unauthenticated Limited File Readの脆弱性

【theme】『Zegen – Church WordPress Theme』(versions 1.1.9 以下)　Missing Authorization to Authenticated (Subscriber+) Theme Options Updatesの脆弱性

【plugin】『Search & Filter Pro』(versions 2.5.19 以下)　Missing Authorization to Authenticated (Subscriber+) Post Meta Exposureの脆弱性

【plugin】『CC-IMG-Shortcode』(versions 1.1.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『CRM and Lead Management by vcita』(versions 2.7.1 以下)　Missing Authorization to Authenticated (Susbcriber+) Widget Toggleの脆弱性

【plugin】『ProductDyno』(versions 1.0.24 以下)　Reflected Cross-Site Scripting via ‘res’ Parameterの脆弱性

【plugin】『The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce』(versions 6.2.2 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgetsの脆弱性

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.8.3 以下)　Reflected Cross-Site Scriptingの脆弱性

【plugin】『miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon』(versions 200.3.9 以下)　Authentication Bypassの脆弱性

【plugin】『FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel』(versions 2.4.29 以下)　Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updatesの脆弱性

【plugin】『NEX-Forms – Ultimate Form Builder – Contact forms and much more』(versions 8.8.1 以下)　Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)』(versions 1.5.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【theme】『Golo – City Travel Guide WordPress Theme』(versions 1.6.10 以下)　Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Changeの脆弱性

【plugin】『Simple Amazon Affiliate』(versions 1.0.9 以下)　Reflected Cross-Site Scriptingの脆弱性

【plugin】『HT Mega – Absolute Addons For Elementor』(versions 2.8.2 以下)　Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widgetの脆弱性

【plugin】『InWave Jobs』(versions 3.5.1 以下)　Unauthenticated Privilege Escalation via Password Resetの脆弱性

【plugin】『WPGet API – Connect to any external REST API』(versions 2.2.10 以下)　Authenticated (Administrator+) Server-Side Request Forgeryの脆弱性

【plugin】『ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor)』(versions 3.1.0 以下)　Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Moduleの脆弱性

【plugin】『Gallery Styles』(versions 1.3.4 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『VK Blocks』(versions 1.94.2.2 以下)　Missing Authorization to Sensitive Information Exposureの脆弱性

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下)　Authenticated (Contributor+) Protected Post Disclosureの脆弱性

【plugin】『Wishlist for WooCommerce: Multi Wishlists Per Customer』(versions 3.1.7 以下)　Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Nameの脆弱性

【plugin】『Appsero Helper』(versions 1.3.2 以下)　Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

【plugin】『Eventer – WordPress Event & Booking Manager Plugin』(versions 3.9.9.2 以下)　Authenticated (Subscriber+) SQL Injection via reg_idの脆弱性

【plugin】『School Management System for WordPress』(versions 93.0.0 以下)　Authenticated (Student+) Account Takeover and Privilege Escalationの脆弱性

【plugin】『WPCS – WordPress Currency Switcher Professional』(versions 1.2.0.4 以下)　Unauthenticated Arbitrary Shortcode Executionの脆弱性

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下)　Unauthenticated SQL Injectionの脆弱性

【plugin】『WP-Recall – Registration, Profile, Commerce & More』(versions 16.26.10 以下)　Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuctionの脆弱性

【plugin】『Finale Lite – Sales Countdown Timer & Discount for WooCommerce』(versions 2.19.0 以下)　Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timerの脆弱性

【plugin】『Product Input Fields for WooCommerce』(versions 1.12.1 以下)　Unauthenticated Limited File Uploadの脆弱性

【plugin】『School Management System for WordPress』(versions 92.0.0 以下)　Authenticated (Student+) SQL Injection via ‘view-attendance’の脆弱性

【plugin】『SMTP by BestWebSoft』(versions 1.1.9 以下)　Authenticated (Administrator+) Arbitrary File Uploadの脆弱性

【theme】『Homey』(versions 2.4.3 以下)　Cross-Site Request Forgery to User Verificationの脆弱性

【plugin】『School Management System for WordPress』(versions 93.0.0 以下)　Missing Authorization to Unauthenticated Arbitrary Post Deletionの脆弱性

【plugin】『Review Schema – Review & Structure Data Schema Plugin』(versions 2.2.4 以下)　Authenticated (Contributor+) Local File Inclusion via Post Metaの脆弱性