WPScanTeam

Title	CVSS	Vector	Date
Tracked Tweets <= 0.2.9 - Cross-Site Request Forgery to Cross-Site Scripting	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	April 25, 2022
Easy Embed for HubSpot Forms, CTAs, Links, Files & add HubSpot to WP Search Results <= 1.1.0 - Missing Authorization to Arbitrary Options Update	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 16, 2022
WP-Appbox <= 4.3.17 - Local File Inclusion	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 17, 2022
Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 24, 2021
Kudos Donations – Easy donations and payments with Mollie < 3.1.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 22, 2021
Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 18, 2021
WooCommerce Affiliate Plugin – Coupon Affiliates < 4.11.3.4 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 11, 2021
Two Way CHAT – Send or receive messages to your user <= 3.1.4 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 5, 2021
Travelpayouts <= 1.0.16 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 13, 2021
Listing, Classified Ads & Business Directory – uListing <= 2.0.8 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 6, 2021
Meow Gallery (+ Gallery Block) <= 4.1.9 - Missing Authorization to Arbitrary Options Update	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 2, 2021
RestroPress <= 2.8.2 - Cross-Site Request Forgery to Cart Manipulation	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 19, 2021
WOWRestro – Online Ordering System For WooCommerce < 1.1 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 12, 2021
Advanced Menu Manager <= 2.9.6 - Cross-Site Request Forgery to Menu Edition	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 12, 2021
WooCommerce Extra Cost <= 2.6 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 5, 2021
Unlimited Category slider for WooCommerce <= 2.0.0 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 5, 2021
Travel Light <= 1.0 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 5, 2021
Woo MerchantX <= 1.0 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 5, 2021
Request for Quote < 1.3 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 5, 2021
NMI Gateway For WooCommerce <= 1.6.11 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 5, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation