AI-Powered CVE Analysis for WordPress Plugins

The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.5.1. This is due to a broken oAuth implementation. This makes it possible for unauthenticated attackers to log in as an administrator.

The Penci Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected…

The Penci Pay Writer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an…

The X Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.23. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.

The Simple GDPR Cookie Compliance plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…

The Universal Google Adsense and Ads manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.10.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web…

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments…