WPScanTeam

Title	CVSS	Vector	Date
UltimateWoo – The Ultimate WooCommerce Plugin with Unlimited Usage <= 0.1.10 - PHP Object Injection	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 7, 2021
leads5050-visitor-insights <= 1.0.5 - Authorization Bypass	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 7, 2021
Wishlist and Compare for WooCommerce <= 1.0.4 - Authorization Bypass	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	May 8, 2021
WooCommerce Amazon Pay 2.0.0 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 14, 2021
CM Registration Pro <= 3.2.0 - PHP Object Injection	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 17, 2021
Gallery From Files <= 1.60 - Arbitrary File Upload	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 26, 2021
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 26, 2021
All 404 Redirect to Homepage & Broken images Redirection <= 2.0 - Cross-Site Scripting	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	June 1, 2021
MC4WP: Mailchimp for WordPress <= 4.8.4 - Open Redirect	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 1, 2021
MC4WP: Mailchimp for WordPress <= 4.8.4 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 1, 2021
Popup Like box – Page Plugin <= 3.5.2 - Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Survey Maker – Best WordPress Survey Plugin <= 1.5.5 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Popup box <= 2.3.3 - Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Image Slider by Ays- Responsive Slider and Carousel <= 2.4.9 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Photo Gallery by Ays – Responsive Image Gallery <= 4.4.3 - Reflected Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
Portfolio Responsive Gallery <= 1.1.7 - Cross-Site Scripting	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2021
BuddyPress Customer.io Analytics Integration <= 1.1.6 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
Adapta RGPD <= 1.3.2 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
intimate Payments Plugin <= 1.3.1 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021
Woocommerce Tabs Plugin, Add Custom Product Tabs <= 1.0.1 - Cross-Site Request Forgery	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation