AI-Powered CVE Analysis for WordPress Plugins

The iRobots.txt SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such…

The TableOn plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as…

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an…

The Ai Image Alt Text Generator for WP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.6.9.15. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

The WANotifier plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.7.12. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The WishList Member X plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.29.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with subscriber level access and above, to start, cancel, or revert the Custom Tables V1…

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor level…