The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected…

The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as…

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to…

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber…

The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such…

The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…

The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL…

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL…

The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to…