“” の検索結果 | ページ 2 | WordPress脆弱性情報 WPセキュリティ

脆弱性情報

重大性 5.3

【plugin】『Find Unused Images』(versions 1.0.7 以下)　Missing Authorization to Unauthenticated Arbitrary Attachment Deletionの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 5.4

【plugin】『Progress Bar Blocks for Gutenberg』(versions 1.0.0 以下)　Authenticated (Author+) Stored Cross-Site Scripting via SVGの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Fleet Manager』(versions 2.5.1 以下)　Authenticated (Editor+) Stored Cross-Site Scriptingの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Ungapped Widgets』(versions 1 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Five9 Live Chat』(versions 1.1.2 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 10

【plugin】『TNC Toolbox: Web Performance』(versions 1.4.2 以下)　Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeoverの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Crypto Tool』(versions 2.22 以下)　Missing Authentication to Unauthenticated Limited File Deletionの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 5.4

【plugin】『Slippy Slider – Responsive Touch Navigation Slider』(versions 2.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『WP BBCode』(versions 1.8.1 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『Mementor Core』(versions 2.2.5 以下)　Authenticated (Subscriber+) Privilege Escalationの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『WP Bootstrap Tabs』(versions 1.0.4 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Shelf Planner』(versions 2.7.0 以下)　Unauthenticated Information Exposure via Log Filesの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Shelf Planner』(versions 2.7.0 以下)　Missing Authorization to Unauthenticated Settings Updateの脆弱性

2025.11.11

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Insert Headers and Footers Code – HT Script』(versions 1.1.6 以下)　Authenticated (Author+) Stored Cross-Site Scriptingの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Simple Downloads List』(versions 1.4.3 以下)　Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scriptingの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 7.2

【plugin】『Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more』(versions 1.18.10 以下)　Authenticated (Admin+) Arbitrary File Uploadの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels』(versions 3.6.2 以下)　Authenticated (Administrator+) Arbitrary File Deletion via Path Traversalの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 7.2

【plugin】『Alex Reservations: Smart Restaurant Booking』(versions 2.2.3 以下)　Authenticated (Admin+) Arbitrary File Uploadの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『aThemes Addons for Elementor』(versions 1.1.5 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widgetの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 7.5

【plugin】『Asgaros Forum』(versions 3.1.0 以下)　Unauthenticated SQL Injectionの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『Mang Board WP』(versions 2.3.1 以下)　Reflected Cross-Site Scriptingの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Gallery Plugin for WordPress – Envira Photo Gallery』(versions 1.11.0 以下)　Missing Authorization to Authenticated (Contributor+) Gallery Conversionの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『Ovatheme Events Manager』(versions 1.8.6 以下)　Missing Authorizationの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 4.9

【plugin】『Quick Featured Images』(versions 13.7.3 以下)　Authenticated (Editor+) SQL Injection via delete_orphanedの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Saphali LiqPay for donate』(versions 1.0.2 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『CYAN Backup』(versions 2.5.4 以下)　Authenticated (Admin+) Arbitrary File Deletionの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels』(versions 3.6.2 以下)　Unauthorized User Registrationの脆弱性

2025.11.10

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Page & Post Notes』(versions 1.3.4 以下)　Missing Authorization to Authenticated (Subscriber+) Note Update/Deletionの脆弱性

2025.11.07

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『IDonate – Blood Donation, Request And Donor Management System』(versions 2.0.0 – 2.1.9)　Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Functionの脆弱性

2025.11.07

カテゴリーなし

脆弱性情報

重大性 9.8

【plugin】『Gravity Forms』(versions 2.9.20 以下)　Unauthenticated Arbitrary File Upload via ‘copy_post_image’の脆弱性

2025.11.07

カテゴリーなし

脆弱性情報

重大性 8.1

【plugin】『Connector Wizard (formerly LC Wizard)』(versions 1.2.10 – 1.3.0)　Missing Authorization to Unauthenticated Privilege Escalationの脆弱性

2025.11.07

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『IDonate – Blood Donation, Request And Donor Management System』(versions 2.1.5 – 2.1.9)　Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Functionの脆弱性

2025.11.07

カテゴリーなし

脆弱性情報

重大性 4.9

【plugin】『Easy Email Subscription』(versions 1.3 以下)　Authenticated (Admin+) SQL Injection via uidの脆弱性

2025.11.06

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Strong Testimonials』(versions 3.2.16 以下)　Unauthenticated Arbitrary Shortcode Executionの脆弱性

2025.11.06

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『Hubbub Lite – Fast, free social sharing and follow buttons』(versions 1.36.0 以下)　Reflected Cross-Site Scriptingの脆弱性

2025.11.06

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Easy Digital Downloads – eCommerce Payments and Subscriptions made easy』(versions 3.5.2 以下)　Insufficient Verification to Order Manipulationの脆弱性

2025.11.06

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Easy Email Subscription』(versions 1.3 以下)　Cross-Site Request Forgery to Arbitrary Subscriber Deletionの脆弱性

2025.11.06

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Better Find and Replace – AI-Powered Suggestions』(versions 1.7.7 以下)　Missing Authorizationの脆弱性

2025.11.06

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Blog2Social: Social Media Auto Post & Scheduler』(versions 8.6.0 以下)　Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_urlの脆弱性

2025.11.06

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Blog2Social: Social Media Auto Post & Scheduler』(versions 8.6.0 以下)　Incorrect Authorization to Video File Uploadの脆弱性

2025.11.06

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction』(versions 2.16.4 以下)　Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewalの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 8.6

【plugin】『Document Embedder – Embed PDFs, Word, Excel, and Other Files』(versions 2.0.0 以下)　Missing Authorization to Unauthenticated Document Manipulationの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Carousel Block – Responsive Image and Content Carousel』(versions 1.1.5 以下)　Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgeryの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『SMS for WordPress』(versions 1.1.8 以下)　Reflected Cross-Site Scriptingの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『The Events Calendar』(versions 6.15.9 以下)　Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposureの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『KiotViet Sync』(versions 1.8.5 以下)　Missing Authorization to Authenticated (Subscriber+) Settings Updateの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Ad Inserter – Ad Manager & AdSense Ads』(versions 2.8.7 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fieldの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『KiotViet Sync』(versions 1.8.5 以下)　Use of Hard-coded Password to Authorization Bypassの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel』(versions 4.0.4 以下)　Missing Authorization to Authenticated (Contributor+) Safe File Type Uploadの脆弱性

2025.11.05

カテゴリーなし

脆弱性情報

重大性 7.5

【plugin】『The Events Calendar』(versions 6.15.1.1 – 6.15.9)　Unauthenticated SQL Injection via sの脆弱性

2025.11.05

カテゴリーなし

WordPress脆弱性情報

"キーワード指定なし"

【plugin】『Find Unused Images』(versions 1.0.7 以下) Missing Authorization to Unauthenticated Arbitrary Attachment Deletionの脆弱性

【plugin】『Progress Bar Blocks for Gutenberg』(versions 1.0.0 以下) Authenticated (Author+) Stored Cross-Site Scripting via SVGの脆弱性

【plugin】『Fleet Manager』(versions 2.5.1 以下) Authenticated (Editor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Ungapped Widgets』(versions 1 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

【plugin】『Five9 Live Chat』(versions 1.1.2 以下) Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『TNC Toolbox: Web Performance』(versions 1.4.2 以下) Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeoverの脆弱性

【plugin】『Crypto Tool』(versions 2.22 以下) Missing Authentication to Unauthenticated Limited File Deletionの脆弱性

【plugin】『Slippy Slider – Responsive Touch Navigation Slider』(versions 2.0 以下) Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『WP BBCode』(versions 1.8.1 以下) Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Mementor Core』(versions 2.2.5 以下) Authenticated (Subscriber+) Privilege Escalationの脆弱性

【plugin】『WP Bootstrap Tabs』(versions 1.0.4 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

【plugin】『Shelf Planner』(versions 2.7.0 以下) Unauthenticated Information Exposure via Log Filesの脆弱性

【plugin】『Shelf Planner』(versions 2.7.0 以下) Missing Authorization to Unauthenticated Settings Updateの脆弱性

【plugin】『Insert Headers and Footers Code – HT Script』(versions 1.1.6 以下) Authenticated (Author+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Simple Downloads List』(versions 1.4.3 以下) Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more』(versions 1.18.10 以下) Authenticated (Admin+) Arbitrary File Uploadの脆弱性

【plugin】『Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels』(versions 3.6.2 以下) Authenticated (Administrator+) Arbitrary File Deletion via Path Traversalの脆弱性

【plugin】『Alex Reservations: Smart Restaurant Booking』(versions 2.2.3 以下) Authenticated (Admin+) Arbitrary File Uploadの脆弱性

【plugin】『aThemes Addons for Elementor』(versions 1.1.5 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widgetの脆弱性

【plugin】『Asgaros Forum』(versions 3.1.0 以下) Unauthenticated SQL Injectionの脆弱性

【plugin】『Mang Board WP』(versions 2.3.1 以下) Reflected Cross-Site Scriptingの脆弱性

【plugin】『Gallery Plugin for WordPress – Envira Photo Gallery』(versions 1.11.0 以下) Missing Authorization to Authenticated (Contributor+) Gallery Conversionの脆弱性

【plugin】『Ovatheme Events Manager』(versions 1.8.6 以下) Missing Authorizationの脆弱性

【plugin】『Quick Featured Images』(versions 13.7.3 以下) Authenticated (Editor+) SQL Injection via delete_orphanedの脆弱性

【plugin】『Saphali LiqPay for donate』(versions 1.0.2 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

【plugin】『CYAN Backup』(versions 2.5.4 以下) Authenticated (Admin+) Arbitrary File Deletionの脆弱性

【plugin】『Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels』(versions 3.6.2 以下) Unauthorized User Registrationの脆弱性

【plugin】『Page & Post Notes』(versions 1.3.4 以下) Missing Authorization to Authenticated (Subscriber+) Note Update/Deletionの脆弱性

【plugin】『IDonate – Blood Donation, Request And Donor Management System』(versions 2.0.0 – 2.1.9) Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Functionの脆弱性

【plugin】『Gravity Forms』(versions 2.9.20 以下) Unauthenticated Arbitrary File Upload via ‘copy_post_image’の脆弱性

【plugin】『Connector Wizard (formerly LC Wizard)』(versions 1.2.10 – 1.3.0) Missing Authorization to Unauthenticated Privilege Escalationの脆弱性

【plugin】『IDonate – Blood Donation, Request And Donor Management System』(versions 2.1.5 – 2.1.9) Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Functionの脆弱性

【plugin】『Easy Email Subscription』(versions 1.3 以下) Authenticated (Admin+) SQL Injection via uidの脆弱性

【plugin】『Strong Testimonials』(versions 3.2.16 以下) Unauthenticated Arbitrary Shortcode Executionの脆弱性

【plugin】『Hubbub Lite – Fast, free social sharing and follow buttons』(versions 1.36.0 以下) Reflected Cross-Site Scriptingの脆弱性

【plugin】『Easy Digital Downloads – eCommerce Payments and Subscriptions made easy』(versions 3.5.2 以下) Insufficient Verification to Order Manipulationの脆弱性

【plugin】『Easy Email Subscription』(versions 1.3 以下) Cross-Site Request Forgery to Arbitrary Subscriber Deletionの脆弱性

【plugin】『Better Find and Replace – AI-Powered Suggestions』(versions 1.7.7 以下) Missing Authorizationの脆弱性

【plugin】『Blog2Social: Social Media Auto Post & Scheduler』(versions 8.6.0 以下) Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_urlの脆弱性

【plugin】『Blog2Social: Social Media Auto Post & Scheduler』(versions 8.6.0 以下) Incorrect Authorization to Video File Uploadの脆弱性

【plugin】『Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction』(versions 2.16.4 以下) Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewalの脆弱性

【plugin】『Document Embedder – Embed PDFs, Word, Excel, and Other Files』(versions 2.0.0 以下) Missing Authorization to Unauthenticated Document Manipulationの脆弱性

【plugin】『Carousel Block – Responsive Image and Content Carousel』(versions 1.1.5 以下) Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgeryの脆弱性

【plugin】『SMS for WordPress』(versions 1.1.8 以下) Reflected Cross-Site Scriptingの脆弱性

【plugin】『The Events Calendar』(versions 6.15.9 以下) Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『KiotViet Sync』(versions 1.8.5 以下) Missing Authorization to Authenticated (Subscriber+) Settings Updateの脆弱性

【plugin】『Ad Inserter – Ad Manager & AdSense Ads』(versions 2.8.7 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fieldの脆弱性

【plugin】『KiotViet Sync』(versions 1.8.5 以下) Use of Hard-coded Password to Authorization Bypassの脆弱性

【plugin】『Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel』(versions 4.0.4 以下) Missing Authorization to Authenticated (Contributor+) Safe File Type Uploadの脆弱性

【plugin】『The Events Calendar』(versions 6.15.1.1 – 6.15.9) Unauthenticated SQL Injection via sの脆弱性

【plugin】『Find Unused Images』(versions 1.0.7 以下)　Missing Authorization to Unauthenticated Arbitrary Attachment Deletionの脆弱性

【plugin】『Progress Bar Blocks for Gutenberg』(versions 1.0.0 以下)　Authenticated (Author+) Stored Cross-Site Scripting via SVGの脆弱性

【plugin】『Fleet Manager』(versions 2.5.1 以下)　Authenticated (Editor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Ungapped Widgets』(versions 1 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

【plugin】『Five9 Live Chat』(versions 1.1.2 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『TNC Toolbox: Web Performance』(versions 1.4.2 以下)　Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeoverの脆弱性

【plugin】『Crypto Tool』(versions 2.22 以下)　Missing Authentication to Unauthenticated Limited File Deletionの脆弱性

【plugin】『Slippy Slider – Responsive Touch Navigation Slider』(versions 2.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『WP BBCode』(versions 1.8.1 以下)　Authenticated (Contributor+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Mementor Core』(versions 2.2.5 以下)　Authenticated (Subscriber+) Privilege Escalationの脆弱性

【plugin】『WP Bootstrap Tabs』(versions 1.0.4 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

【plugin】『Shelf Planner』(versions 2.7.0 以下)　Unauthenticated Information Exposure via Log Filesの脆弱性

【plugin】『Shelf Planner』(versions 2.7.0 以下)　Missing Authorization to Unauthenticated Settings Updateの脆弱性

【plugin】『Insert Headers and Footers Code – HT Script』(versions 1.1.6 以下)　Authenticated (Author+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Simple Downloads List』(versions 1.4.3 以下)　Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more』(versions 1.18.10 以下)　Authenticated (Admin+) Arbitrary File Uploadの脆弱性

【plugin】『Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels』(versions 3.6.2 以下)　Authenticated (Administrator+) Arbitrary File Deletion via Path Traversalの脆弱性

【plugin】『Alex Reservations: Smart Restaurant Booking』(versions 2.2.3 以下)　Authenticated (Admin+) Arbitrary File Uploadの脆弱性

【plugin】『aThemes Addons for Elementor』(versions 1.1.5 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widgetの脆弱性

【plugin】『Asgaros Forum』(versions 3.1.0 以下)　Unauthenticated SQL Injectionの脆弱性

【plugin】『Mang Board WP』(versions 2.3.1 以下)　Reflected Cross-Site Scriptingの脆弱性

【plugin】『Gallery Plugin for WordPress – Envira Photo Gallery』(versions 1.11.0 以下)　Missing Authorization to Authenticated (Contributor+) Gallery Conversionの脆弱性

【plugin】『Ovatheme Events Manager』(versions 1.8.6 以下)　Missing Authorizationの脆弱性

【plugin】『Quick Featured Images』(versions 13.7.3 以下)　Authenticated (Editor+) SQL Injection via delete_orphanedの脆弱性

【plugin】『Saphali LiqPay for donate』(versions 1.0.2 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

【plugin】『CYAN Backup』(versions 2.5.4 以下)　Authenticated (Admin+) Arbitrary File Deletionの脆弱性

【plugin】『Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels』(versions 3.6.2 以下)　Unauthorized User Registrationの脆弱性

【plugin】『Page & Post Notes』(versions 1.3.4 以下)　Missing Authorization to Authenticated (Subscriber+) Note Update/Deletionの脆弱性

【plugin】『IDonate – Blood Donation, Request And Donor Management System』(versions 2.0.0 – 2.1.9)　Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Functionの脆弱性

【plugin】『Gravity Forms』(versions 2.9.20 以下)　Unauthenticated Arbitrary File Upload via ‘copy_post_image’の脆弱性

【plugin】『Connector Wizard (formerly LC Wizard)』(versions 1.2.10 – 1.3.0)　Missing Authorization to Unauthenticated Privilege Escalationの脆弱性

【plugin】『IDonate – Blood Donation, Request And Donor Management System』(versions 2.1.5 – 2.1.9)　Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Functionの脆弱性

【plugin】『Easy Email Subscription』(versions 1.3 以下)　Authenticated (Admin+) SQL Injection via uidの脆弱性

【plugin】『Strong Testimonials』(versions 3.2.16 以下)　Unauthenticated Arbitrary Shortcode Executionの脆弱性

【plugin】『Hubbub Lite – Fast, free social sharing and follow buttons』(versions 1.36.0 以下)　Reflected Cross-Site Scriptingの脆弱性

【plugin】『Easy Digital Downloads – eCommerce Payments and Subscriptions made easy』(versions 3.5.2 以下)　Insufficient Verification to Order Manipulationの脆弱性

【plugin】『Easy Email Subscription』(versions 1.3 以下)　Cross-Site Request Forgery to Arbitrary Subscriber Deletionの脆弱性

【plugin】『Better Find and Replace – AI-Powered Suggestions』(versions 1.7.7 以下)　Missing Authorizationの脆弱性

【plugin】『Blog2Social: Social Media Auto Post & Scheduler』(versions 8.6.0 以下)　Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_urlの脆弱性

【plugin】『Blog2Social: Social Media Auto Post & Scheduler』(versions 8.6.0 以下)　Incorrect Authorization to Video File Uploadの脆弱性

【plugin】『Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction』(versions 2.16.4 以下)　Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewalの脆弱性

【plugin】『Document Embedder – Embed PDFs, Word, Excel, and Other Files』(versions 2.0.0 以下)　Missing Authorization to Unauthenticated Document Manipulationの脆弱性

【plugin】『Carousel Block – Responsive Image and Content Carousel』(versions 1.1.5 以下)　Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgeryの脆弱性

【plugin】『SMS for WordPress』(versions 1.1.8 以下)　Reflected Cross-Site Scriptingの脆弱性

【plugin】『The Events Calendar』(versions 6.15.9 以下)　Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『KiotViet Sync』(versions 1.8.5 以下)　Missing Authorization to Authenticated (Subscriber+) Settings Updateの脆弱性

【plugin】『Ad Inserter – Ad Manager & AdSense Ads』(versions 2.8.7 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fieldの脆弱性

【plugin】『KiotViet Sync』(versions 1.8.5 以下)　Use of Hard-coded Password to Authorization Bypassの脆弱性

【plugin】『Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel』(versions 4.0.4 以下)　Missing Authorization to Authenticated (Contributor+) Safe File Type Uploadの脆弱性

【plugin】『The Events Calendar』(versions 6.15.1.1 – 6.15.9)　Unauthenticated SQL Injection via sの脆弱性