The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'aife_post_meta' shortcode. This issue affects versions up to and including 1.0.22, allowing attackers with Contributor-level access to execute scripts within pages.

The Events Manager plugin for WordPress, versions up to and including 7.2.2.2, is vulnerable to Cross-Site Request Forgery (CSRF). This vulnerability allows unauthenticated attackers to delete locations by exploiting improper nonce validation on the 'location_delete' action.

The Events Manager plugin for WordPress has a vulnerability that allows unauthorized access to sensitive event location data. The flaw exists in all versions up to 7.2.2.2, exposing information of password protected, private, or draft events.

The 'Magical Posts Display' plugin for WordPress contains a Stored Cross-Site Scripting vulnerability in versions up to and including 1.2.54. The issue arises due to inadequate sanitization of the 'mpac_title_tag' parameter, allowing attackers to inject malicious scripts.

The Secure Copy Content Protection and Content Locking plugin for WordPress is prone to a Cross-Site Request Forgery (CSRF) vulnerability. This affects all versions up to 4.9.2 and permits unauthorized data export from the plugin.

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to misconfigured exported CSV file storage. This flaw allows unauthenticated attackers to access sensitive user data through predictable filenames stored in a publicly accessible directory.

The Simple Bike Rental plugin for WordPress, versions up to and including 1.0.6, allows unauthorized data access due to a missing capability check in the 'simpbire_carica_prenotazioni' AJAX action. This vulnerability enables attackers with at least Subscriber-level access to retrieve sensitive customer booking data.

The WooMulti WordPress plugin versions through 17 are vulnerable due to improper validation of a file parameter, allowing authenticated users to delete arbitrary files on the server. This flaw could potentially be exploited by users with minimal permissions, such as subscribers.

The Bookit plugin for WordPress, prior to version 2.5.1, exposes a REST endpoint that does not require authentication to alter Stripe payment settings. This vulnerability can lead to the manipulation of financial transactions by unauthorized users.

The Icegram Express Plugin for WordPress up to version 5.9.10 suffers from a Missing Authorization vulnerability that allows attackers to prematurely or repeatedly execute scheduled actions. This can result in unexpected side effects such as triggering unauthorized emails or maintenance tasks.

The MailerLite – Signup forms plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) via the 'form_description' and 'success_message' parameters. This vulnerability affects versions up to 1.7.16, allowing authenticated administrators to inject scripts that execute when accessed.

The PDF for Contact Form 7 + Drag and Drop Template Builder WordPress plugin is vulnerable to unauthorized post duplication in versions up to 6.3.3. This vulnerability arises from a missing capability check, allowing authenticated users with minimal access to duplicate sensitive posts.

The Simple CSV Table plugin for WordPress contains a directory traversal vulnerability in versions up to and including 1.0.1. It allows authenticated users with Contributor-level access and above to access arbitrary files on the server by exploiting insufficient path validation in the `href` parameter of the `[csv]` shortcode.

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is susceptible to a time-based blind SQL Injection attack via the 'opid' parameter. This vulnerability affects versions up to 3.13.1.5, allowing unauthenticated attackers to execute arbitrary SQL queries against the database.

The WP Fastest Cache plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability affecting all versions up to 1.7.4. This allows authenticated users with minimal privileges to make unauthorized web requests from the server, potentially accessing or modifying internal resources.

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is affected by a path traversal vulnerability due to inadequate validation in the modula_list_folders AJAX endpoint. This flaw permits authenticated users with Author-level or higher access to gain unauthorized directory enumeration on the server hosting WordPress.

The VikRentItems Flexible Rental Management System plugin for WordPress is affected by a Reflected Cross-Site Scripting (XSS) vulnerability due to insufficient input sanitization and output escaping on the 'delto' parameter. This vulnerability affects versions up to 1.2.0 and allows attackers to execute arbitrary scripts in the context of a user's browser session.

The Mailgun Subscriptions plugin for WordPress has a stored cross-site scripting (XSS) vulnerability affecting versions up to 1.3.1. Insufficient input sanitization and output escaping in the 'mailgun_subscription_form' shortcode allows authenticated users with contributor-level access to execute arbitrary scripts.

The Hippoo Mobile App for WooCommerce plugin has a vulnerability that allows unauthenticated users to write arbitrary JSON files to the server. This issue arises from a missing authorization check in the plugin's REST API endpoint.

The WPNakama plugin for WordPress is affected by a time-based SQL Injection vulnerability in versions up to 0.6.3. This flaw occurs due to inadequate escaping and preparation of the 'order_by' parameter, potentially allowing unauthorized attackers to manipulate database queries.

A vulnerability in the Ultra Addons for Contact Form 7 WordPress plugin allows unauthorized data access due to insufficient capability checks in its PDF generation functionality. This issue affects all plugin versions up to 3.5.33 when both the 'PDF Generator' and 'Database' addons are activated, enabling Subscriber-level users to generate and access PDF copies of form submissions.