WPScanTeam

Title	CVSS	Vector	Date
Kudos Donations – Easy donations and payments with Mollie < 3.1.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 22, 2021
Pixel Cat – Conversion Pixel Manager <= 2.6.3 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 18, 2021
Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.1 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 17, 2021
Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) < 5.2.6 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 3, 2021
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Arbitrary Settings Change	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	November 3, 2021
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Missing Authorization	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 3, 2021
Ibtana - Ecommerce Product Addons <= 0.2.3 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 1, 2021
Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 1, 2021
Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 25, 2021
Ecommerce - Two Factor Authentication <= 1.0.4 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 25, 2021
WP Spell Check <= 9.2 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 25, 2021
Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments <= 3.7.2.3 - Open Redirect	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 21, 2021
Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Missing Authorization	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	October 20, 2021
Active Directory Integration / LDAP Integration <= 3.6.94 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 18, 2021
Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 18, 2021
IMPress for IDX Broker <= 3.0.5 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 18, 2021
TableOn – WordPress Posts Table Filterable <= 1.0.0 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 18, 2021
Discounts Manager for Products <= 3.4.4 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 12, 2021
ImageLinks Interactive Image Builder <= 1.5.2 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 11, 2021
Easy Custom JS And CSS <= 1.1.2 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 11, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation