“” の検索結果 | WordPress脆弱性情報 WPセキュリティ

脆弱性情報

重大性 4.3

【plugin】『Newsletter – Send awesome emails from WordPress』(versions 9.1.0 以下)　Cross-Site Request Forgery to Newsletter Unsubscriptionの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 9.8

【plugin】『Advanced Custom Fields: Extended』(versions 0.9.2.1 以下)　Unauthenticated Privilege Escalation via Insert User Form Actionの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『WP Hello Bar』(versions 1.02 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via ‘digit_one’ and ‘digit_two’ Parametersの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Custom Fonts – Host Your Fonts Locally』(versions 2.1.16 以下)　Missing Authorization to Unauthenticated Font Deletionの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『LearnPress – WordPress LMS Plugin for Create and Sell Online Courses』(versions 4.3.2.4 以下)　Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST APIの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『weMail – Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation』(versions 2.0.7 以下)　Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosureの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 8.1

【plugin】『Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy』(versions 4.2.4 以下)　Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosureの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net)』(versions 1.119.8 以下)　Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Viet contact』(versions 1.3.2 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via ‘ll1’, ‘ll2’, ‘ll3’, and ‘ll4’ Parametersの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 5.4

【plugin】『Image Photo Gallery Final Tiles Grid』(versions 3.6.9 以下)　Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Managementの脆弱性

2026.01.20

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『CubeWP Framework』(versions 1.1.26 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcodeの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.8

【plugin】『Quick Contact Form』(versions 8.2.6 以下)　Unauthenticated Open Mail Relayの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.9

【plugin】『YouTube Feed Pro』(versions 2.6.0 以下)　Unauthenticated Arbitrary File Read via Path Traversalの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Filr – Secure document library』(versions 1.2.11 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Uploadの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『PAYGENT for WooCommerce』(versions 2.4.6 以下)　Missing Authorization to Unauthenticated Payment Callback Manipulationの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Spin Wheel – Interactive spinning wheel that offers coupons』(versions 2.1.0 以下)　Unauthenticated Client-Side Prize Manipulation via ‘prize_index’ Parameterの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Payment Button for PayPal』(versions 1.2.3.41 以下)　Missing Authorization to Unauthenticated Arbitrary Order Creationの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 2.2

【plugin】『Church Admin』(versions 5.0.28 以下)　Authenticated (Administrator+) Blind Server-Side Request Forgery via ‘audio_url’ Parameterの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『Thim Blocks』(versions 1.0.1 以下)　Authenticated (Contributor+) Arbitrary File Read via ‘iconSVG’ Parameterの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Integrate Dynamics 365 CRM』(versions 1.1.1 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configurationの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 9.8

【plugin】『RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login』(versions 6.0.7.1 以下)　Privilege Escalation via admin_orderの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments』(versions 2.7.2 以下)　Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulationの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Team Section Block – Showcase Team Members with Layout Options』(versions 2.0.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Linkの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Phrase TMS Integration for WordPress』(versions 4.7.5 以下)　Missing Authorization to Authenticated (Subscriber+) Log Deletionの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『WP Hotel Booking』(versions 2.2.7 以下)　Unauthenticated Sensitive Information Exposure via ‘email’ Parameterの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『CubeWP Framework』(versions 1.1.27 以下)　Unauthenticated Information Exposureの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress』(versions 4.1116 以下)　Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Ordersの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Community Events』(versions 1.5.6 以下)　Missing Authorization to Unauthenticated Arbitrary Event Approval via ‘eventlist’ Parameterの脆弱性

2026.01.19

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Shield: Blocks Bots, Protects Users, and Prevents Security Breaches』(versions 21.0.9 以下)　Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticatorの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic』(versions 4.9.2 以下)　Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosureの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5

【plugin】『DK PDF – WordPress PDF Generator』(versions 2.3.0 以下)　Authenticated (Author+) Server-Side Request Forgeryの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Cost Calculator Builder』(versions 3.6.9 以下)　Missing Authorization to Unauthenticated Payment Status Bypassの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『All-in-One Video Gallery』(versions 4.5.7 以下)　Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypassの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『Awesome Support – WordPress HelpDesk & Support Plugin』(versions 6.3.6 以下)　Missing Authorization to Unauthenticated Role Demotionの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『LEAV Last Email Address Validator』(versions 1.7.1 以下)　Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下)　Unauthenticated Order Status Manipulationの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging』(versions 5.0.10 以下)　Reflected Cross-Site Scripting via classNameの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下)　Missing Authorization to Unauthenticated Rede Order Logs Deletionの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 8.2

【plugin】『Membership Plugin – Restrict Content』(versions 3.2.16 以下)　Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposureの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Booking Calendar』(versions 10.14.11 以下)　Missing Authorization to Sensitive Information Exposureの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Essential Addons for Elementor – Popular Elementor Templates & Widgets』(versions 6.5.5 以下)　Missing Authorization to Unauthenticated Sensitive Information Exposureの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Related Posts by Taxonomy』(versions 2.7.6 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via ‘related_posts_by_tax’ Shortcodeの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 7.5

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.9.9 以下)　Unauthenticated SQL Injection via `order` and `append_where_sql` Parametersの脆弱性

2026.01.15

カテゴリーなし

脆弱性情報

重大性 5.4

【plugin】『WP-Members Membership Plugin』(versions 3.5.4.3 以下)　Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fieldsの脆弱性

2026.01.15

カテゴリーなし

脆弱性情報

重大性 3.7

【plugin】『Drag and Drop Multiple File Upload for Contact Form 7』(versions 1.3.9.2 以下)　Missing Authorization to Unauthenticated File Deletionの脆弱性

2026.01.15

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『PayHere Payment Gateway Plugin for WooCommerce』(versions 2.3.9 以下)　Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Kunze Law』(versions 2.1 以下)　Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 9.8

【plugin】『News and Blog Designer Bundle』(versions 1.1 以下)　Unauthenticated Local File Inclusionの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 5.4

【plugin】『WP-CRM System – Manage Clients and Projects』(versions 3.4.5 以下)　Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modificationの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Stopwords for comments』(versions 1.1 以下)　Missing Authorization to Cross-Site Request Forgeryの脆弱性

2026.01.14

カテゴリーなし

WordPress脆弱性情報

"キーワード指定なし"

【plugin】『Newsletter – Send awesome emails from WordPress』(versions 9.1.0 以下) Cross-Site Request Forgery to Newsletter Unsubscriptionの脆弱性

【plugin】『Advanced Custom Fields: Extended』(versions 0.9.2.1 以下) Unauthenticated Privilege Escalation via Insert User Form Actionの脆弱性

【plugin】『WP Hello Bar』(versions 1.02 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via ‘digit_one’ and ‘digit_two’ Parametersの脆弱性

【plugin】『Custom Fonts – Host Your Fonts Locally』(versions 2.1.16 以下) Missing Authorization to Unauthenticated Font Deletionの脆弱性

【plugin】『LearnPress – WordPress LMS Plugin for Create and Sell Online Courses』(versions 4.3.2.4 以下) Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST APIの脆弱性

【plugin】『weMail – Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation』(versions 2.0.7 以下) Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosureの脆弱性

【plugin】『Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy』(versions 4.2.4 以下) Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosureの脆弱性

【plugin】『PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net)』(versions 1.119.8 以下) Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

【plugin】『Viet contact』(versions 1.3.2 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via ‘ll1’, ‘ll2’, ‘ll3’, and ‘ll4’ Parametersの脆弱性

【plugin】『Image Photo Gallery Final Tiles Grid』(versions 3.6.9 以下) Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Managementの脆弱性

【plugin】『CubeWP Framework』(versions 1.1.26 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcodeの脆弱性

【plugin】『Quick Contact Form』(versions 8.2.6 以下) Unauthenticated Open Mail Relayの脆弱性

【plugin】『YouTube Feed Pro』(versions 2.6.0 以下) Unauthenticated Arbitrary File Read via Path Traversalの脆弱性

【plugin】『Filr – Secure document library』(versions 1.2.11 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Uploadの脆弱性

【plugin】『PAYGENT for WooCommerce』(versions 2.4.6 以下) Missing Authorization to Unauthenticated Payment Callback Manipulationの脆弱性

【plugin】『Spin Wheel – Interactive spinning wheel that offers coupons』(versions 2.1.0 以下) Unauthenticated Client-Side Prize Manipulation via ‘prize_index’ Parameterの脆弱性

【plugin】『Payment Button for PayPal』(versions 1.2.3.41 以下) Missing Authorization to Unauthenticated Arbitrary Order Creationの脆弱性

【plugin】『Church Admin』(versions 5.0.28 以下) Authenticated (Administrator+) Blind Server-Side Request Forgery via ‘audio_url’ Parameterの脆弱性

【plugin】『Thim Blocks』(versions 1.0.1 以下) Authenticated (Contributor+) Arbitrary File Read via ‘iconSVG’ Parameterの脆弱性

【plugin】『Integrate Dynamics 365 CRM』(versions 1.1.1 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configurationの脆弱性

【plugin】『RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login』(versions 6.0.7.1 以下) Privilege Escalation via admin_orderの脆弱性

【plugin】『Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments』(versions 2.7.2 以下) Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulationの脆弱性

【plugin】『Team Section Block – Showcase Team Members with Layout Options』(versions 2.0.0 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Linkの脆弱性

【plugin】『Phrase TMS Integration for WordPress』(versions 4.7.5 以下) Missing Authorization to Authenticated (Subscriber+) Log Deletionの脆弱性

【plugin】『WP Hotel Booking』(versions 2.2.7 以下) Unauthenticated Sensitive Information Exposure via ‘email’ Parameterの脆弱性

【plugin】『CubeWP Framework』(versions 1.1.27 以下) Unauthenticated Information Exposureの脆弱性

【plugin】『RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress』(versions 4.1116 以下) Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Ordersの脆弱性

【plugin】『Community Events』(versions 1.5.6 以下) Missing Authorization to Unauthenticated Arbitrary Event Approval via ‘eventlist’ Parameterの脆弱性

【plugin】『Shield: Blocks Bots, Protects Users, and Prevents Security Breaches』(versions 21.0.9 以下) Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticatorの脆弱性

【plugin】『All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic』(versions 4.9.2 以下) Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosureの脆弱性

【plugin】『DK PDF – WordPress PDF Generator』(versions 2.3.0 以下) Authenticated (Author+) Server-Side Request Forgeryの脆弱性

【plugin】『Cost Calculator Builder』(versions 3.6.9 以下) Missing Authorization to Unauthenticated Payment Status Bypassの脆弱性

【plugin】『All-in-One Video Gallery』(versions 4.5.7 以下) Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypassの脆弱性

【plugin】『Awesome Support – WordPress HelpDesk & Support Plugin』(versions 6.3.6 以下) Missing Authorization to Unauthenticated Role Demotionの脆弱性

【plugin】『LEAV Last Email Address Validator』(versions 1.7.1 以下) Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下) Unauthenticated Order Status Manipulationの脆弱性

【plugin】『RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging』(versions 5.0.10 以下) Reflected Cross-Site Scripting via classNameの脆弱性

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下) Missing Authorization to Unauthenticated Rede Order Logs Deletionの脆弱性

【plugin】『Membership Plugin – Restrict Content』(versions 3.2.16 以下) Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposureの脆弱性

【plugin】『Booking Calendar』(versions 10.14.11 以下) Missing Authorization to Sensitive Information Exposureの脆弱性

【plugin】『Essential Addons for Elementor – Popular Elementor Templates & Widgets』(versions 6.5.5 以下) Missing Authorization to Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『Related Posts by Taxonomy』(versions 2.7.6 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via ‘related_posts_by_tax’ Shortcodeの脆弱性

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.9.9 以下) Unauthenticated SQL Injection via `order` and `append_where_sql` Parametersの脆弱性

【plugin】『WP-Members Membership Plugin』(versions 3.5.4.3 以下) Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fieldsの脆弱性

【plugin】『Drag and Drop Multiple File Upload for Contact Form 7』(versions 1.3.9.2 以下) Missing Authorization to Unauthenticated File Deletionの脆弱性

【plugin】『PayHere Payment Gateway Plugin for WooCommerce』(versions 2.3.9 以下) Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

【plugin】『Kunze Law』(versions 2.1 以下) Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

【plugin】『News and Blog Designer Bundle』(versions 1.1 以下) Unauthenticated Local File Inclusionの脆弱性

【plugin】『WP-CRM System – Manage Clients and Projects』(versions 3.4.5 以下) Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modificationの脆弱性

【plugin】『Stopwords for comments』(versions 1.1 以下) Missing Authorization to Cross-Site Request Forgeryの脆弱性

【plugin】『Newsletter – Send awesome emails from WordPress』(versions 9.1.0 以下)　Cross-Site Request Forgery to Newsletter Unsubscriptionの脆弱性

【plugin】『Advanced Custom Fields: Extended』(versions 0.9.2.1 以下)　Unauthenticated Privilege Escalation via Insert User Form Actionの脆弱性

【plugin】『WP Hello Bar』(versions 1.02 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via ‘digit_one’ and ‘digit_two’ Parametersの脆弱性

【plugin】『Custom Fonts – Host Your Fonts Locally』(versions 2.1.16 以下)　Missing Authorization to Unauthenticated Font Deletionの脆弱性

【plugin】『LearnPress – WordPress LMS Plugin for Create and Sell Online Courses』(versions 4.3.2.4 以下)　Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST APIの脆弱性

【plugin】『weMail – Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation』(versions 2.0.7 以下)　Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosureの脆弱性

【plugin】『Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy』(versions 4.2.4 以下)　Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosureの脆弱性

【plugin】『PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net)』(versions 1.119.8 以下)　Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

【plugin】『Viet contact』(versions 1.3.2 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via ‘ll1’, ‘ll2’, ‘ll3’, and ‘ll4’ Parametersの脆弱性

【plugin】『Image Photo Gallery Final Tiles Grid』(versions 3.6.9 以下)　Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Managementの脆弱性

【plugin】『CubeWP Framework』(versions 1.1.26 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcodeの脆弱性

【plugin】『Quick Contact Form』(versions 8.2.6 以下)　Unauthenticated Open Mail Relayの脆弱性

【plugin】『YouTube Feed Pro』(versions 2.6.0 以下)　Unauthenticated Arbitrary File Read via Path Traversalの脆弱性

【plugin】『Filr – Secure document library』(versions 1.2.11 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Uploadの脆弱性

【plugin】『PAYGENT for WooCommerce』(versions 2.4.6 以下)　Missing Authorization to Unauthenticated Payment Callback Manipulationの脆弱性

【plugin】『Spin Wheel – Interactive spinning wheel that offers coupons』(versions 2.1.0 以下)　Unauthenticated Client-Side Prize Manipulation via ‘prize_index’ Parameterの脆弱性

【plugin】『Payment Button for PayPal』(versions 1.2.3.41 以下)　Missing Authorization to Unauthenticated Arbitrary Order Creationの脆弱性

【plugin】『Church Admin』(versions 5.0.28 以下)　Authenticated (Administrator+) Blind Server-Side Request Forgery via ‘audio_url’ Parameterの脆弱性

【plugin】『Thim Blocks』(versions 1.0.1 以下)　Authenticated (Contributor+) Arbitrary File Read via ‘iconSVG’ Parameterの脆弱性

【plugin】『Integrate Dynamics 365 CRM』(versions 1.1.1 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configurationの脆弱性

【plugin】『RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login』(versions 6.0.7.1 以下)　Privilege Escalation via admin_orderの脆弱性

【plugin】『Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments』(versions 2.7.2 以下)　Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulationの脆弱性

【plugin】『Team Section Block – Showcase Team Members with Layout Options』(versions 2.0.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Linkの脆弱性

【plugin】『Phrase TMS Integration for WordPress』(versions 4.7.5 以下)　Missing Authorization to Authenticated (Subscriber+) Log Deletionの脆弱性

【plugin】『WP Hotel Booking』(versions 2.2.7 以下)　Unauthenticated Sensitive Information Exposure via ‘email’ Parameterの脆弱性

【plugin】『CubeWP Framework』(versions 1.1.27 以下)　Unauthenticated Information Exposureの脆弱性

【plugin】『RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress』(versions 4.1116 以下)　Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Ordersの脆弱性

【plugin】『Community Events』(versions 1.5.6 以下)　Missing Authorization to Unauthenticated Arbitrary Event Approval via ‘eventlist’ Parameterの脆弱性

【plugin】『Shield: Blocks Bots, Protects Users, and Prevents Security Breaches』(versions 21.0.9 以下)　Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticatorの脆弱性

【plugin】『All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic』(versions 4.9.2 以下)　Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosureの脆弱性

【plugin】『DK PDF – WordPress PDF Generator』(versions 2.3.0 以下)　Authenticated (Author+) Server-Side Request Forgeryの脆弱性

【plugin】『Cost Calculator Builder』(versions 3.6.9 以下)　Missing Authorization to Unauthenticated Payment Status Bypassの脆弱性

【plugin】『All-in-One Video Gallery』(versions 4.5.7 以下)　Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypassの脆弱性

【plugin】『Awesome Support – WordPress HelpDesk & Support Plugin』(versions 6.3.6 以下)　Missing Authorization to Unauthenticated Role Demotionの脆弱性

【plugin】『LEAV Last Email Address Validator』(versions 1.7.1 以下)　Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下)　Unauthenticated Order Status Manipulationの脆弱性

【plugin】『RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging』(versions 5.0.10 以下)　Reflected Cross-Site Scripting via classNameの脆弱性

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下)　Missing Authorization to Unauthenticated Rede Order Logs Deletionの脆弱性

【plugin】『Membership Plugin – Restrict Content』(versions 3.2.16 以下)　Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposureの脆弱性

【plugin】『Booking Calendar』(versions 10.14.11 以下)　Missing Authorization to Sensitive Information Exposureの脆弱性

【plugin】『Essential Addons for Elementor – Popular Elementor Templates & Widgets』(versions 6.5.5 以下)　Missing Authorization to Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『Related Posts by Taxonomy』(versions 2.7.6 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via ‘related_posts_by_tax’ Shortcodeの脆弱性

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.9.9 以下)　Unauthenticated SQL Injection via `order` and `append_where_sql` Parametersの脆弱性

【plugin】『WP-Members Membership Plugin』(versions 3.5.4.3 以下)　Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fieldsの脆弱性

【plugin】『Drag and Drop Multiple File Upload for Contact Form 7』(versions 1.3.9.2 以下)　Missing Authorization to Unauthenticated File Deletionの脆弱性

【plugin】『PayHere Payment Gateway Plugin for WooCommerce』(versions 2.3.9 以下)　Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

【plugin】『Kunze Law』(versions 2.1 以下)　Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

【plugin】『News and Blog Designer Bundle』(versions 1.1 以下)　Unauthenticated Local File Inclusionの脆弱性

【plugin】『WP-CRM System – Manage Clients and Projects』(versions 3.4.5 以下)　Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modificationの脆弱性

【plugin】『Stopwords for comments』(versions 1.1 以下)　Missing Authorization to Cross-Site Request Forgeryの脆弱性