Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee Wishlist for WooCommerce wt-woocommerce-wishlist allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 2.1.2.

Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6.

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from n/a through <= 2.15.3.

Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 7.6.2.

Cross-Site Request Forgery (CSRF) vulnerability in datafeedr WooCommerce Cloak Affiliate Links woocommerce-cloak-affiliate-links allows Cross Site Request Forgery.This issue affects WooCommerce Cloak Affiliate Links: from n/a through <= 1.0.35.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels print-invoices-packing-slip-labels-for-woocommerce allows Stored XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through <= 4.7.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pddring Create with Code create-with-code allows DOM-Based XSS.This issue affects Create with Code: from n/a through <= 1.4.

Cross-Site Request Forgery (CSRF) vulnerability in Rick Laymance MachForm Shortcode machform-shortcode allows Stored XSS.This issue affects MachForm Shortcode: from n/a through <= 1.4.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Svetoslav Marinov Orbisius Simple Notice orbisius-simple-notice allows Stored XSS.This issue affects Orbisius Simple Notice: from n/a through <= 1.1.3.

Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce build-private-store-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Build Private Store For Woocommerce: from n/a through <= 1.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linnea Huxford Blur Text blur-text allows Stored XSS.This issue affects Blur Text: from n/a through <= 1.0.0.

Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through <= 5.1.

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Cross Site Request Forgery.This issue affects Really Simple SSL: from n/a through <= 9.1.4.

Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager job-board-manager allows Cross Site Request Forgery.This issue affects Job Board Manager: from n/a through <= 2.1.59.

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.3.1.

Missing Authorization vulnerability in FolioVision FV Thoughtful Comments thoughtful-comments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Thoughtful Comments: from n/a through <= 0.3.5.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows Absolute Path Traversal.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christian Leuenberg Restrict Anonymous Access restrict-anonymous-access allows Stored XSS.This issue affects Restrict Anonymous Access: from n/a through <= 1.2.

Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.0.5.

Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite wc-product-table-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Table Lite: from n/a through <= 3.8.7.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through <= 1.1.3.

Missing Authorization vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.7.

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1.

Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata jsm-show-post-meta allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JSM Show Post Metadata: from n/a through <= 4.6.0.

Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through <= 1.9.1.