#wordpress

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin <= 0.1 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin <= 6.13.0 versions.

A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that's installed on more than 30,000 websites. "This vulnerability makes it possible for an attacker to gain access to the accounts of users who have abandoned their carts, who are typically customers but can extend to other high-level users when the right conditions are met," Defiant's

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew Phillips VigilanTor plugin <= 1.3.10 versions.

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin <= 2.0.0 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions.

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.