Father
Professional
- Messages
- 2,602
- Reaction score
- 850
- Points
- 113
WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer https://wpscan.com/vulnerability/4cd46653-4470-40ff-8aac-318bee2f998d
WordPress Plugin Vulnerabilities
FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting https://wpscan.com/vulnerability/950f46ae-4476-4969-863a-0e55752953b3
Yes/No Chart < 1.0.12 - Authenticated (contributor+) Blind SQL Injection https://wpscan.com/vulnerability/d9586453-cc5c-4d26-bb45-a6370c9427fe
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect https://wpscan.com/vulnerability/fd4352ad-dae0-4404-94d1-11083cb1f44d
The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending https://wpscan.com/vulnerability/486b82d1-30d4-44d2-9542-f33e3f149e92
The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/2ee62f85-7aea-4b7d-8b2d-5d86d9fb8016
NinjaFirewall < 4.3.4 - Authenticated (admin+) PHAR Deserialization https://wpscan.com/vulnerability/63180c28-6d05-4f97-9565-b48b6d9a8cc2
Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection https://wpscan.com/vulnerability/1eba1c73-a19b-4226-afec-d27c48388a04
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection https://wpscan.com/vulnerability/e0ca257e-6e78-4611-a9ad-be43d37cf474
Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/c25146fd-4143-463c-8c85-05dd33e9a77b
Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection https://wpscan.com/vulnerability/02ba4d8b-f4d2-42cd-9fae-b543e112fa04
Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/06f1889d-8e2f-481a-b91b-3a8008e00ffc
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d
Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66ca
Gallery From Files <= 1.6.0 - Unauthenticated RCE https://wpscan.com/vulnerability/426cf3b5-1bb7-4e81-b240-f3c962590721
Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment https://wpscan.com/vulnerability/3d06075a-c106-48bb-849e-39b71f4c6818
Cookie Law Bar <= 1.2.1 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/d2b3c245-385e-495e-a19e-730a1ee28906
SP Project & Document Manager <= 4.21 - Authenticated Shell Upload https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
Easy Preloader <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/6d6c1d46-5c3d-4d56-9728-2f94064132aa
iFlyChat – WordPress Chat <= 4.6.4 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/d6c72d90-e321-47b9-957a-6fea7c944293
Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a
FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection https://wpscan.com/vulnerability/dda0593e-cd97-454e-a8c8-15d7f690311c
WP Statistics < 13.0.8 - Unauthenticated SQL Injection https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c
WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/c7ab736d-27c4-4ec5-9681-a3f0dda86586
CM Registration Pro < 3.2.1 - PHP Object Injection https://wpscan.com/vulnerability/e5376e60-5f39-41be-a644-4e4a510bb848
Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS https://wpscan.com/vulnerability/ae79189a-6b63-4110-9567-cd7c97d71e4f
Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS https://wpscan.com/vulnerability/2c7ca586-def8-4723-b779-09d7f37fa1ab
Funnel Builder by CartFlows < 1.6.13 - Authenticated Stored XSS via FB Pixel ID and Google Analytics ID https://wpscan.com/vulnerability/b9748066-83b7-4762-9124-de021f687477
Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/6bea6301-0762-45c3-a4eb-15d6ac4f9f37
WP Super Cache < 1.7.3 - Authenticated Remote Code Execution https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f
External Media < 1.0.34 - Authenticated Arbitrary File Upload https://wpscan.com/vulnerability/4fb90999-6f91-4200-a0cc-bfe9b34a5de9
Weekly Schedule < 3.4.3 - Authenticated Stored XSS https://wpscan.com/vulnerability/ba1d01dc-16e4-464f-94be-ed311ff6ccf9
Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165
LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout https://wpscan.com/vulnerability/5ce667ae-9e38-4d25-919e-3b956874f869
LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile https://wpscan.com/vulnerability/f29f68a5-6575-441d-98c9-867145f2b082
All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize https://wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1
ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670
Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91
ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 - Unauthorised AJAX call https://wpscan.com/vulnerability/ad09a648-3c34-4870-b156-097af4fd7a57
Zlick Paywall < 2.2.2 - CSRF Bypasses https://wpscan.com/vulnerability/c13a0932-ec35-414a-af4b-8115281b5590
Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb
Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/35516555-c50c-486a-886c-df49c9e51e2c
UltimateWoo <= 0.1.10 - PHP Object Injection https://wpscan.com/vulnerability/3d689de8-3c0c-49f0-a697-39a6dab52022
DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/43b8cfb4-f875-432b-8e3b-52653fdee87c
Leads-5050 Visitor Insights < 1.0.4 - Unauthenticated License Change https://wpscan.com/vulnerability/8ab02102-e4ee-4262-a785-0e9c6a30251f
Leads-5050 Visitor Insights < 1.1.0 - Unauthorised License Change https://wpscan.com/vulnerability/3a7636bd-9535-4c2c-8263-1f00fff1c296
PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837
Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key https://wpscan.com/vulnerability/4d55d1f5-a7b8-4029-942d-7a13e2498f64
Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/372a66ca-1c3c-4429-86a5-81dbdaa9ec7d
Parcel Tracker eCourier < 1.0.2 - Plugin's Settings Update via CSRF https://wpscan.com/vulnerability/6b9be00b-6eef-4f9f-8f78-16ab34e16f7d
Ship To Ecourier < 1.0.2 - Plugin's Settings Update via CSRF https://wpscan.com/vulnerability/c84ce716-f7ed-449c-b41d-daff9f19174e
Simple Admin Language Change < 2.0.2 - Arbitrary User Locale Change https://wpscan.com/vulnerability/2411d7d8-3c1f-4d0a-98cb-050a7adf04e5
Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/eb8e2b9d-f153-49c9-862a-5c016934f9ad
WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/c450f54a-3372-49b2-8ad8-68d5cc0dd49e
Spam protection https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b
WordPress Theme Vulnerabilities
JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e
Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS https://wpscan.com/vulnerability/39258aba-2449-4214-a490-b8e46945117d
Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities https://wpscan.com/vulnerability/704d8886-df9e-4217-88d1-a72a71924174
Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities https://wpscan.com/vulnerability/9afa7e11-68b3-4196-975e-8b3f8e68ce56
Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS https://wpscan.com/vulnerability/2c274eb7-25f1-49d4-a2c8-8ce8cecebe68
Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
Bello < 1.6.0 - Unauthenticated Blind SQL Injection https://wpscan.com/vulnerability/7314f9fa-c047-4e0c-b145-940240a50c02
Goto < 2.1 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/a64a3b2e-7924-47aa-96e8-3aa02a6cdccc
WordPress Plugin Vulnerabilities
FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting https://wpscan.com/vulnerability/950f46ae-4476-4969-863a-0e55752953b3
Yes/No Chart < 1.0.12 - Authenticated (contributor+) Blind SQL Injection https://wpscan.com/vulnerability/d9586453-cc5c-4d26-bb45-a6370c9427fe
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect https://wpscan.com/vulnerability/fd4352ad-dae0-4404-94d1-11083cb1f44d
The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending https://wpscan.com/vulnerability/486b82d1-30d4-44d2-9542-f33e3f149e92
The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/2ee62f85-7aea-4b7d-8b2d-5d86d9fb8016
NinjaFirewall < 4.3.4 - Authenticated (admin+) PHAR Deserialization https://wpscan.com/vulnerability/63180c28-6d05-4f97-9565-b48b6d9a8cc2
Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection https://wpscan.com/vulnerability/1eba1c73-a19b-4226-afec-d27c48388a04
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection https://wpscan.com/vulnerability/e0ca257e-6e78-4611-a9ad-be43d37cf474
Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/c25146fd-4143-463c-8c85-05dd33e9a77b
Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection https://wpscan.com/vulnerability/02ba4d8b-f4d2-42cd-9fae-b543e112fa04
Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/06f1889d-8e2f-481a-b91b-3a8008e00ffc
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d
Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66ca
Gallery From Files <= 1.6.0 - Unauthenticated RCE https://wpscan.com/vulnerability/426cf3b5-1bb7-4e81-b240-f3c962590721
Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment https://wpscan.com/vulnerability/3d06075a-c106-48bb-849e-39b71f4c6818
Cookie Law Bar <= 1.2.1 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/d2b3c245-385e-495e-a19e-730a1ee28906
SP Project & Document Manager <= 4.21 - Authenticated Shell Upload https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
Easy Preloader <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/6d6c1d46-5c3d-4d56-9728-2f94064132aa
iFlyChat – WordPress Chat <= 4.6.4 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/d6c72d90-e321-47b9-957a-6fea7c944293
Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a
FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection https://wpscan.com/vulnerability/dda0593e-cd97-454e-a8c8-15d7f690311c
WP Statistics < 13.0.8 - Unauthenticated SQL Injection https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c
WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/c7ab736d-27c4-4ec5-9681-a3f0dda86586
CM Registration Pro < 3.2.1 - PHP Object Injection https://wpscan.com/vulnerability/e5376e60-5f39-41be-a644-4e4a510bb848
Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS https://wpscan.com/vulnerability/ae79189a-6b63-4110-9567-cd7c97d71e4f
Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS https://wpscan.com/vulnerability/2c7ca586-def8-4723-b779-09d7f37fa1ab
Funnel Builder by CartFlows < 1.6.13 - Authenticated Stored XSS via FB Pixel ID and Google Analytics ID https://wpscan.com/vulnerability/b9748066-83b7-4762-9124-de021f687477
Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/6bea6301-0762-45c3-a4eb-15d6ac4f9f37
WP Super Cache < 1.7.3 - Authenticated Remote Code Execution https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f
External Media < 1.0.34 - Authenticated Arbitrary File Upload https://wpscan.com/vulnerability/4fb90999-6f91-4200-a0cc-bfe9b34a5de9
Weekly Schedule < 3.4.3 - Authenticated Stored XSS https://wpscan.com/vulnerability/ba1d01dc-16e4-464f-94be-ed311ff6ccf9
Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165
LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout https://wpscan.com/vulnerability/5ce667ae-9e38-4d25-919e-3b956874f869
LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile https://wpscan.com/vulnerability/f29f68a5-6575-441d-98c9-867145f2b082
All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize https://wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1
ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670
Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91
ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 - Unauthorised AJAX call https://wpscan.com/vulnerability/ad09a648-3c34-4870-b156-097af4fd7a57
Zlick Paywall < 2.2.2 - CSRF Bypasses https://wpscan.com/vulnerability/c13a0932-ec35-414a-af4b-8115281b5590
Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb
Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/35516555-c50c-486a-886c-df49c9e51e2c
UltimateWoo <= 0.1.10 - PHP Object Injection https://wpscan.com/vulnerability/3d689de8-3c0c-49f0-a697-39a6dab52022
DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/43b8cfb4-f875-432b-8e3b-52653fdee87c
Leads-5050 Visitor Insights < 1.0.4 - Unauthenticated License Change https://wpscan.com/vulnerability/8ab02102-e4ee-4262-a785-0e9c6a30251f
Leads-5050 Visitor Insights < 1.1.0 - Unauthorised License Change https://wpscan.com/vulnerability/3a7636bd-9535-4c2c-8263-1f00fff1c296
PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837
Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key https://wpscan.com/vulnerability/4d55d1f5-a7b8-4029-942d-7a13e2498f64
Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/372a66ca-1c3c-4429-86a5-81dbdaa9ec7d
Parcel Tracker eCourier < 1.0.2 - Plugin's Settings Update via CSRF https://wpscan.com/vulnerability/6b9be00b-6eef-4f9f-8f78-16ab34e16f7d
Ship To Ecourier < 1.0.2 - Plugin's Settings Update via CSRF https://wpscan.com/vulnerability/c84ce716-f7ed-449c-b41d-daff9f19174e
Simple Admin Language Change < 2.0.2 - Arbitrary User Locale Change https://wpscan.com/vulnerability/2411d7d8-3c1f-4d0a-98cb-050a7adf04e5
Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/eb8e2b9d-f153-49c9-862a-5c016934f9ad
WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/c450f54a-3372-49b2-8ad8-68d5cc0dd49e
Spam protection https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b
WordPress Theme Vulnerabilities
JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e
Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS https://wpscan.com/vulnerability/39258aba-2449-4214-a490-b8e46945117d
Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities https://wpscan.com/vulnerability/704d8886-df9e-4217-88d1-a72a71924174
Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities https://wpscan.com/vulnerability/9afa7e11-68b3-4196-975e-8b3f8e68ce56
Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS https://wpscan.com/vulnerability/2c274eb7-25f1-49d4-a2c8-8ce8cecebe68
Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
Bello < 1.6.0 - Unauthenticated Blind SQL Injection https://wpscan.com/vulnerability/7314f9fa-c047-4e0c-b145-940240a50c02
Goto < 2.1 - Reflected Cross-Site Scripting (XSS) https://wpscan.com/vulnerability/a64a3b2e-7924-47aa-96e8-3aa02a6cdccc
