WPScanTeam

Title	CVSS	Vector	Date
MZ Mindbody API <= 2.8.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
BuddyPress Customer.io Analytics Integration <= 1.1.6 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
Strong Testimonials <= 2.51.2 - Authorization Bypass	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	June 30, 2021
WP Prayer <= 1.5.4 - Cross-Site Request Forgery	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 30, 2021
Journey Analytics <= 1.0.12 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
Fontsampler <= 0.4.12 - Cross-Site Request Forgery to Cross-Site Scripting	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
KONTXT Content Advisor <= 2.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
MZ MBO Access <= 2.0.8 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
intimate Payments Plugin <= 1.3.1 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
SEO <= 4.0.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
Adapta RGPD <= 1.3.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
Portfolio Responsive Gallery <= 1.1.7 - Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Photo Gallery by Ays – Responsive Image Gallery <= 4.4.3 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Popup box <= 2.3.3 - Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Popup Like box – Page Plugin <= 3.5.2 - Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Image Slider by Ays- Responsive Slider and Carousel <= 2.4.9 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Survey Maker – Best WordPress Survey Plugin <= 1.5.5 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
All 404 Redirect to Homepage & Broken images Redirection <= 2.0 - Cross-Site Scripting	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	June 1, 2021
MC4WP: Mailchimp for WordPress <= 4.8.4 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 1, 2021
MC4WP: Mailchimp for WordPress <= 4.8.4 - Open Redirect	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 1, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation