Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Addons for Elementor skt-addons-for-elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through <= 3.5.

Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through <= 1.6.1.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Blind SQL Injection.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.0.1.

Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows SQL Injection.This issue affects Vimeotheque: from n/a through <= 2.3.4.2.

Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible Cookies flexible-cookies allows Cross Site Request Forgery.This issue affects Flexible Cookies: from n/a through <= 1.1.8.

Cross-Site Request Forgery (CSRF) vulnerability in maennchen1.de wpShopGermany IT-RECHT KANZLEI wpshopgermany-it-recht-kanzlei allows Cross Site Request Forgery.This issue affects wpShopGermany IT-RECHT KANZLEI: from n/a through <= 2.0.

Missing Authorization vulnerability in Greg Ross Just Writing Statistics just-writing-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Writing Statistics: from n/a through <= 5.3.

Cross-Site Request Forgery (CSRF) vulnerability in Abu Bakar TWB Woocommerce Reviews twb-woocommerce-reviews allows Cross Site Request Forgery.This issue affects TWB Woocommerce Reviews: from n/a through <= 1.7.7.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atawai Gum Elementor Addon gum-elementor-addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through <= 1.3.10.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup WP Google Street View wp-google-street-view allows Stored XSS.This issue affects WP Google Street View: from n/a through <= 1.1.5.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through <= 3.5.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ufukart Comment Approved Notifier Extended comment-approved-notifier-extended allows Stored XSS.This issue affects Comment Approved Notifier Extended: from n/a through <= 5.2.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce cart-tracking-for-woocommerce allows SQL Injection.This issue affects Cart tracking for WooCommerce: from n/a through <= 1.0.16.

Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chatbox Manager: from n/a through <= 1.2.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clearoutio Clearout Email Validator clearout-email-validator allows Stored XSS.This issue affects Clearout Email Validator: from n/a through <= 3.2.0.

Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows SQL Injection.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through <= 5.25.08.

Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through <= 5.25.08.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama quotes-llama allows DOM-Based XSS.This issue affects Quotes llama: from n/a through <= 3.1.0.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Download Lite subscribe-to-download-lite allows PHP Local File Inclusion.This issue affects Subscribe to Download Lite: from n/a through <= 1.2.9.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows SQL Injection.This issue affects WP Subscription Forms: from n/a through <= 1.2.3.

Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows SQL Injection.This issue affects WP Google Review Slider: from n/a through <= 16.0.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through <= 3.7.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cubecolour Audio Album audio-album allows Stored XSS.This issue affects Audio Album: from n/a through <= 1.5.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick van Wobbie Doneren met Mollie doneren-met-mollie allows Stored XSS.This issue affects Doneren met Mollie: from n/a through <= 2.10.7.