#wordpress

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic Keywords Injector plugin <= 2.3.15 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin <= 2.4.49 versions.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions.

The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.