Plugin: Thumbnail Slider With Lightbox
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.0.1
Recommended Action: Update to version 1.0.1, or a newer patched version
Plugin: AI ChatBot
Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file
Patched Version: 4.9.1
Recommended Action: Update to version 4.9.1, or a newer patched version
Plugin: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce
Vulnerability: Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
Patched Version: 5.6.24
Recommended Action: Update to version 5.6.24, or a newer patched version
Plugin: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Vulnerability: Captcha Bypass
Patched Version: 1.15.21
Recommended Action: Update to version 1.15.21, or a newer patched version
Plugin: AI ChatBot
Vulnerability: Unauthenticated SQL Injection via qc_wpbo_search_response
Patched Version: 4.9.1
Recommended Action: Update to version 4.9.1, or a newer patched version
Plugin: AI ChatBot
Vulnerability: Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file
Patched Version: 4.9.1
Recommended Action: Update to version 4.9.1, or a newer patched version
Plugin: AI ChatBot
Vulnerability: Cross-Site Request Forgery on AJAX actions
Patched Version: 4.9.1
Recommended Action: Update to version 4.9.1, or a newer patched version
Plugin: AI ChatBot
Vulnerability: Missing Authorization on AJAX actions
Patched Version: 4.9.1
Recommended Action: Update to version 4.9.1, or a newer patched version
Plugin: Master Addons for Elementor
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting
Patched Version: 2.0.4
Recommended Action: Update to version 2.0.4, or a newer patched version
Plugin: AI ChatBot
Vulnerability: Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user
Patched Version: 4.9.1
Recommended Action: Update to version 4.9.1, or a newer patched version
Plugin: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting
Patched Version: 1.7.0.14
Recommended Action: Update to version 1.7.0.14, or a newer patched version
Plugin: Etsy Shop
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.0.5
Recommended Action: Update to version 3.0.5, or a newer patched version