WordPress 漏洞資料庫

WordPress ZoloBlocks 插件 <= 2.3.11 - 破損的訪問控制漏洞

WordPress Easy Digital Download plugin <= 3.5.2 - Insufficient Verification to Order Manipulation vulnerability

WordPress 事件日曆插件 6.15.1.1 - 6.15.9 - 通過 s 漏洞的未經身份驗證的 SQL 注入

WordPress LC Wizard 插件 1.2.10 - 1.3.0 - 缺少對未經身份驗證的特權提升的授權漏洞

WordPress IDonate 插件 2.1.5 - 2.1.9 - 缺少對已驗證 (訂閱者+) 帳戶接管/權限提升的授權，通過 idonate_donor_password 函數漏洞

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

WordPress 事件日曆插件 6.15.1.1 - 6.15.9 - 通過 s 漏洞的未經身份驗證的 SQL 注入

WordPress FunnelKit 自動化插件 <= 3.6.4.1 - 缺少授權的經身份驗證（訂閱者+）任意電子郵件發送漏洞

WordPress Depicter Slider plugin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload vulnerability

WordPress Document Embedder plugin <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation vulnerability