WordPress Plugin Vulnerabilities
1. WPJobBoard
WPJobBoard versions below 5.7.0 have Unauthenticated SQL Injection, Reflected XSS, & XFS vulnerabilities.
2. WP Google Map Plugin
WP Google Map Plugin versions below 4.1.4 have an Authenticated SQL Injection vulnerability.
3. BuddyPress
BuddyPress versions below 6.4.0 Lack of Capability Check vulnerability.
4. Events Manager
Events Manager versions below 5.9.8 have a Cross-Site Scripting & an SQL Injection vulnerability.
5. Age Gate
Age Gate versions below 2.13.5 have an Unauthenticated Open Redirect vulnerability.
6. Canto
All versions of Canto have an Unauthenticated Blind SSRF vulnerability.
7. Profile Builder
Profile Builder versions below 3.3.3 have an Authenticated Blind SQL Injection vulnerability.
8. Paid Memberships Pro
Paid Memberships Pro versions below 2.5.1 have an Authenticated Cross-Site Scripting vulnerability.
9. Themify Portfolio Post
Themify Portfolio Post versions below 1.1.6 an Authenticated Stored Cross-Site Scripting vulnerability.
10. Easy WP SMTP
Easy WP SMTP versions below 1.4.3 have a Debug Log Disclosure vulnerability.
WordPress Theme Vulnerabilities
1. Wibar
Wibar versions below 1.2.1 has an Authenticated Stored Cross-Site Scripting vulnerability.