The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Text Block’ feature in versions up to, and including,…

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file…

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to…

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘alm_repeaters_export’ parameter in versions up…

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘string-locator-path’ parameter in versions up to, and including 2.5.0. This…

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘file[package_dir]’ parameter in versions up to, and including 3.2.49. This…

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘$log_file’ value in versions up to, and including 1.11.16.…

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘path’ parameter in versions up to, and…

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is…

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is…