AI-Powered CVE Analysis for WordPress Plugins

The Institutions Directory plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.3..4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The AppExperts plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already…

The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.37. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web…

The JobBank plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to…

The Hospital Doctor Directory plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.3.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

The Hospital Doctor Directory plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.3.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The ListingHub plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Hospital Doctor Directory plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Final User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

The LifePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The Final User plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Hotel Listing plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

The Hotel Listing plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Easy Property Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.5.20. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The ArtPlacer Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.23.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected…

The WP Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

The Eventin plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.1.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is…

The Membership plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.6.4. This makes it possible for unauthenticated attackers to perform an unauthorized action.