AI-Powered CVE Analysis for WordPress Plugins

The WebMan Amplifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected…

The Gmaper for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The The Moneytizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 10.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected…

The Funnelforms Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected…

The History Timeline plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a…

The Contact Form Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator…

The Bootstrap Modals plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected…

The Curator.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Add Custom Codes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an…