Reflected XSS in WooCommerce allows attackers ability to do almost anything an admin user can do
Severity: Medium
Advisories
CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated attackers to do anything an admin can do
Severity: Medium
Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations
Severity: Medium
Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes
Severity: Low
Advanced Access Manager allows admin users to write arbitrary files and execute arbitrary php
Severity: Medium
Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts
Severity: Medium
CSRF and XSS in Improved user search allow execution of arbitrary javascript in WordPress admin area
Severity: Medium
Reflected XSS in Fourteen Extended allows arbitrary javascript to be run in administrator session
Severity: Medium
CSRF and stored XSS in Simple Share Buttons Adder 4.4 allows attackers to execute javascript
Severity: Medium
Local File Inclusion in Theme My Login 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution
Severity: Medium