<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-star-review/rate-star-review-151-reflected-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-webfonts-for-sakura/ts-webfonts-for-311-cross-site-request-forgery</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/attorney/attorney-3-reflected-cross-site-scripting</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-554-cross-site-request-forgery</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ads-manager/simple-ads-manager-298125-unauthenticated-php-objection-injection</loc>
<lastmod>2017-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-video/gallery-video-gallery-and-youtube-gallery-203-cross-site-request-forgery</loc>
<lastmod>2016-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-site-contributors/list-site-contributors-118-reflected-cross-site-scripting-via-alpha</loc>
<lastmod>2026-01-13T17:25:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-flash-embed/top-flash-embed-034-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/arforms-form-builder-164-missing-authorization-to-authenticatedsubscriber-arbitrary-option-deletion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7611-unauthenticated-stored-cross-site-scripting-via-comment-uploaded-image-filename</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-blocks/gutenberg-blocks-unlimited-blocks-for-gutenberg-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-humanity/buddypress-humanity-12-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-872-server-side-request-forgery</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-3571-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noo-organici-library/organici-library-212-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversational-forms/conversational-forms-for-chatbot-116-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goanimate/go-animate-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-3593-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-responsive-video/wp-responsive-video-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/free-booking-plugin-for-hotels-restaurant-and-car-rental-easync-1115-arbitrary-file-upload</loc>
<lastmod>2022-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcrm/wpcrm-crm-for-contact-form-cf7-woocommerce-320-unauthenticated-sql-injection</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parone/parone-feeds-1171-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generateblocks/generateblocks-220-insecure-direct-object-reference-to-authenticated-contributor-sensitive-information-exposure-via-dynamic-tag-replacements</loc>
<lastmod>2026-05-04T17:58:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enl-newsletter/enl-newsletter-101-authenticated-admin-sql-injection</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/doctreat/doctreat-167-reflected-cross-site-scripting</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3318-authenticated-author-stored-cross-site-scripting-via-wpdm_user_dashboard-shortcode</loc>
<lastmod>2025-06-18T15:05:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-521-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/car-repair-services/car-repair-services-50-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/udesign/udesign-4112-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-gallery/wordpress-video-gallery-30-improper-access-control</loc>
<lastmod>2015-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-100-free-file-manager-for-wordpress-522-subscriber-arbitrary-file-creationuploaddeletion</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-capture/email-capture-3124-missing-authorization</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/picturefactory/picture-factory-unspecified-versions-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2077-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-1361-authenticated-shop-manager-arbitrary-options-update</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/book-previewer-for-woocommerce/book-previewer-for-woocommerce-106-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mylinksdump/mylinksdump-16-authenticated-administrator-sql-injection-via-sort_by-and-sort_order-parameters</loc>
<lastmod>2026-03-20T15:16:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-ai-powered-woocommerce-multivendor-marketplace-solution-431-unauthenticated-information-disclosure-in-store-reviews-rest-api-endpoint</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-poster/auto-poster-12-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybooktable/mybooktable-bookstore-333-cross-site-request-forgery</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/munk-sites/munk-sites-107-cross-site-request-forgery-to-arbitrary-plugin-installation</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-1120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-693-php-object-injection</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-272-unauthenticated-php-object-injection-in-prepare_unread_status</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vidmov/vidmov-194-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templately/templately-elementor-gutenberg-template-library-6500-free-pro-ready-templates-and-cloud-361-authenticated-contributor-information-exposure</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-widget-sidebar/dashboard-widget-sidebar-123-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wish-to-go/travel-bucket-list-052-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-06T20:47:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-contact-form-solution/easy-contact-form-solution-16-stored-cross-site-scripting</loc>
<lastmod>2014-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-1426-remote-code-execution</loc>
<lastmod>2018-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3_accordions/css3-accordions-for-wordpress-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraft/updraft-061-reflected-cross-site-scripting-via-backup_timestamp</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20260113-incorrect-authorization-to-unauthenticated-category-restriction-bypass-via-user-submitted-category-parameter</loc>
<lastmod>2026-02-17T20:36:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-113-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmention/webmention-562-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2026-04-01T19:17:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/builderall-cheetah-for-wp/builderall-builder-for-wordpress-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpler-checkout/simpler-checkout-070-1113-authentication-bypass</loc>
<lastmod>2025-08-22T15:41:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-326-stored-cross-site-scripting</loc>
<lastmod>2019-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rotatingtweets/rotating-tweets-twitter-widget-and-shortcode-1910-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-05T15:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-playlist-player/youtube-playlist-player-467-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-easy-duplicate-product/woocommerce-easy-duplicate-product-0307-missing-authorization-via-wedp_duplicate_product_action</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filr-protection/filr-secure-document-library-122-missing-authorization</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-1113-missing-authorization</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-5410-unauthenticated-privilege-escalation</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-aliexpress-dropshipping/sharkdropship-dropshipping-for-aliexpress-ebay-amazon-etsy-211-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-duplicate-posts/remove-duplicate-posts-135-missing-authorization-to-post-deletion</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-3542-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kp-fastest-tawk-to-chat/kp-fastest-tawkto-chat-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexter-extension/nexter-extension-site-enhancements-toolkit-446-unauthenticated-php-object-injection-via-nxt_unserialize_replace</loc>
<lastmod>2026-01-20T01:54:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-headers/http-headers-1192-authenticated-administrator-stored-cross-site-scripting-via-custom-headers-plugin-setting</loc>
<lastmod>2026-04-21T19:13:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/as-create-pinterest-pinboard-pages/as-create-pinterest-pinboard-pages-10-authenticated-options-change-to-stored-cross-site-scripting</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-396-unauthenticated-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-media-urls/export-media-urls-22-reflected-cross-site-scripting</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-grid/essential-grid-310-reflected-cross-site-scripting</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoxhibit/photoxhibit-218-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/diza/diza-139-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-2230-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-445-cross-site-scripting</loc>
<lastmod>2020-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce-style-email/wp-e-commerce-style-email-062-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-groups-extras/buddypress-groups-extras-3610-cross-site-request-forgery</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/optimizewp/optimize-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-addons-for-beaver-builder/beaver-builder-addons-by-wpzoom-134-authenticated-contributor-stored-cross-site-scripting-via-testimonials-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-548-cross-site-request-forgery-via-process_bulk_activate_product</loc>
<lastmod>2023-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-711-cross-site-request-forgery-to-license-update</loc>
<lastmod>2023-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/geoplaces4beta/geoplaces-4-arbitrary-file-upload</loc>
<lastmod>2013-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ione360-configurator/ione360-configurator-2057-unauthenticated-stored-cross-site-scripting-via-contact-form-parameters</loc>
<lastmod>2026-02-10T20:07:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-circliful/wp-circliful-12-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-04-14T19:47:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/esb-testimonials/esb-testimonials-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-filter-everything/penci-filter-everything-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-admin-ui-customize/wp-admin-ui-customize-1512-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-widget-addon-for-elementor/timeline-widget-for-elementor-elementor-timeline-vertical-horizontal-timeline-153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Rey-Core/rey-core-318-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acclectic-media-organizer/acclectic-media-organizer-14-missing-authorization</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-with-ticket-scanner/event-tickets-with-ticket-scanner-285-unauthenticated-remote-code-execution</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylebidet/stylebidet-100-reflected-cross-site-scripting</loc>
<lastmod>2026-02-13T18:26:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-iframe-geo-style-for-amazon-affiliates/wp-iframe-geo-style-for-amazon-affiliates-11-authenticated-contributor-stored-cross-site-scripting-via-adid-shortcode-attribute</loc>
<lastmod>2026-05-26T17:22:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-fonts/wp-google-fonts-313-reflected-cross-site-scripting</loc>
<lastmod>2015-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2033-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-commander-client/cms-commander-2288-authenticated-custom-sql-injection-via-or_blogname-parameter</loc>
<lastmod>2026-03-20T15:14:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-578-authenticated-subscriber-missing-authorization-to-arbitrary-group-deletion-via-season_groupdel-ajax-action</loc>
<lastmod>2026-06-30T14:47:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tochat-be/tochatbe-131-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-238-missing-authorization</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formlift/formlift-for-infusionsoft-web-forms-7519-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentlock/contentlock-103-cross-site-request-forgery-to-groupemail-deletion</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elasticpress/momentjs-2291-directory-traversal</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-catalog-enquiry/product-catalog-enquiry-502-missing-authorization</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-cross-site-request-forgery-to-settings-update-in-enableoptimization</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-4170-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/under-construction-page/under-construction-396-cross-site-request-forgery-via-admin_action_ucp_dismiss_notice</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openinviter-for-wordpress/openinviter-for-wordpress-170-sensitive-information-disclosure</loc>
<lastmod>2013-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-1106-authenticated-contributor-server-side-request-forgery-via-wp_ajax_powerpress_media_info</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pochipp/pochipp-1180-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osiris-signature-banner/osiris-signature-banner-05-cross-site-request-forgery-to-stored-cross-site-scripting-via-prepend_text-parameter</loc>
<lastmod>2026-06-23T16:38:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-4512-information-exposure-via-meta-description</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-222-reflected-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-hubspot/integration-for-contact-form-7-hubspot-142-authenticated-administrator-sql-injection</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-core/wp-gdpr-211-missing-authorization-checks</loc>
<lastmod>2020-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-editor/theme-editor-32-cross-site-request-forgery</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1176-cross-site-request-forgery-to-feedback-submission</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3492-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-security-8952-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ele-blog/eleblog-elementor-blog-and-magazine-addons-203-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/afi-the-easiest-integration-plugin-1894-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-rights-access-manager/user-rights-access-manager-112-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proxy-vpn-blocker/proxy-vpn-blocker-353-missing-authorization</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-lead-capture/woocommerce-wholesale-lead-capture-2031-unauthenticated-privilege-escalation</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribe/email-subscription-popup-1226-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/credova-financial/credova_financial-148-sensitive-information-disclosure</loc>
<lastmod>2021-09-29T16:39:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-taxonomies/restrict-taxonomies-133-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmlt-wordpress-satellite-plugin/bmlt-wordpress-plugin-3114-cross-site-request-forgery-to-settings-creation-and-deletion</loc>
<lastmod>2025-12-11T14:28:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-block-block/timeline-block-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-515-authenticatedadministrator-stored-cross-site-scripting-via-imported-form-title</loc>
<lastmod>2024-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgsi/spreadsheet-integration-382-cross-site-request-forgery-to-arbitrary-post-publish</loc>
<lastmod>2025-03-04T22:06:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-author/wp-post-author-367-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exitintentpopup/exit-intent-popup-101-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legalweb-cloud/legalweb-cloud-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jivochat/jivochat-live-chat-wp-live-chat-plugin-for-wordpress-1353-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-vehicle-manager/wp-vehicle-manager-31-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice-consent/cookie-notice-consent-165-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-08T13:55:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-addons-for-beaver-builder/beaver-builder-addons-by-wpzoom-134-authenticated-contributor-stored-cross-site-scripting-via-image-box-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unite-gallery-lite/unite-gallery-lite-1762-authenticated-contributor-sql-injection</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more-excerpt-link/download-read-more-excerpt-link-160-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder-pro/cost-calculator-builder-pro-3175-unauthenticated-arbitrary-email-sending</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-admin_widgets_welcome-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gigpress/gigpress-2329-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compe-woo-compare-products/compe-114-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-lead-form/listingpro-lead-form-102-missing-authorization</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6712-cross-site-request-forgery</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravityforms-2913-unauthenticated-stored-cross-site-scripting-via-alt-parameter</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box/meta-box-5111-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2026-03-06T19:09:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-free-widgets-extensions-and-templates-2714-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack-boost/jetpack-boost-346-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-511-cross-site-request-forgery-to-sensitive-information-exposure</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-inspiration-generator/daily-inspiration-generator-20-open-redirect</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpguppy-lite/one-to-one-user-chat-by-wpguppy-114-unauthenticated-information-disclosure-via-chat-message-interception</loc>
<lastmod>2026-02-13T18:16:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-shortcodes/nd-shortcodes-65-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-408-sql-injection</loc>
<lastmod>2019-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aa-block-country/aa-block-country-101-unauthenticated-ip-address-spoofing-via-x-forwarded-for-header</loc>
<lastmod>2026-01-06T20:30:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wmf-mobile-redirector/wmf-mobile-redirector-12-authenticated-administrator-stored-cross-site-scripting-via-settings-parameters</loc>
<lastmod>2026-01-13T17:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trinity-audio/trinity-audio-5233-missing-authorization</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-comments/wordpress-social-comments-plugin-for-vkontakte-comments-and-disqus-comments-161-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rccp-free/ringcentral-communications-15-168-missing-serverside-verification-to-authentication-bypass-via-ringcentral_admin_login_2fa_verify-function</loc>
<lastmod>2025-08-27T16:25:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fix-my-feed-rss-repair/fix-my-feed-rss-repair-14-cross-site-request-forgery</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-890-unauthenticated-stored-cross-site-scripting-via-google-analytics</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-airbnb-review-slider/wp-airbnb-review-slider-32-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-489-unauthenticated-local-file-inclusion-to-remote-code-execution</loc>
<lastmod>2025-07-01T14:53:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rewardswp/rewardswp-loyalty-points-referral-program-for-woocommerce-104-unauthenticated-privilege-escalation</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3715-authentication-bypass</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/urna/urna-2512-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hammas-calendar/hammas-calendar-1511-authenticated-contributor-stored-cross-site-scripting-via-apix-shortcode-attribute</loc>
<lastmod>2026-03-06T11:23:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravityforms-1935-sql-injection</loc>
<lastmod>2015-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels-pro/wpfunnels-pro-294-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-xpro-addons-for-elementor-free-1465-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-support/fluent-support-180-insufficient-authorization-on-email-verification</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-customizer-woocommerce/visual-email-designer-for-woocommerce-171-authenticated-author-sql-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-thumbnail-rebuild/ajax-thumbnail-rebuild-113-missing-authorization</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-users-data-distinct/export-users-data-distinct-13-authenticated-subscriber-csv-injection</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-460-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/improved-sale-badges-free-version/improved-sale-badges-free-version-101-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/headinger-elementor/headinger-for-elementor-114-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-print-pdf-woocommerce/share-print-and-pdf-products-for-woocommerce-312-missing-authorization</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sip-calculator/sip-calculator-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:57:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/computer-repair-shop-20-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2020-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-by-wbw-300-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-10-24T17:28:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sharethis-share-buttons/sharethis-share-buttons-230-authenticated-contributor-stored-cross-site-scripting-via-sharethis-inline-buttons-shortcode</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-5013-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-10-29T17:11:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transients-manager/transients-manager-206-cross-site-request-forgery</loc>
<lastmod>2024-10-22T19:33:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dtracker/dtracker-15-sql-injection</loc>
<lastmod>2017-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-signature/e-signature-1568-unauthenticated-remote-code-execution</loc>
<lastmod>2021-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-security-aios-514-authenticatedadmin-directory-traversal</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neobeat/neobeat-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drm-protected-video-streaming/s3player-woocommerce-elementor-integration-421-reflected-cross-site-scripting</loc>
<lastmod>2024-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neptunus/neptunus-1011-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magayo-lottery-results/magayo-lottery-results-2012-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:52:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-youtube-integration/streamweasels-youtube-integration-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-1347-authenticated-administrator-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ttv-easy-embed-player/twitch-player-210-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-651-authenticated-contributor-stored-cross-site-scripting-via-block-attribute</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-642-authenticated-editor-arbitrary-file-read-via-loadfile-parameter</loc>
<lastmod>2026-02-04T18:35:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-security-94-ip-protection-bypass</loc>
<lastmod>2024-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/custom-product-tabs-for-woocommerce-179-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dialog/wp-dialog-1255-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-blocks-pro/vk-blocks-15301-stored-contributor-cross-site-scripting-in-post</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mobile-themes/mobile-themes-111-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-accessible-event-manager-373-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-03T22:33:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postbox-email-logs/postbox-104-missing-authorization-to-authenticated-subscriber-log-export</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-spam/zero-spam-for-wordpress-544-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-2261-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-layouts/custom-layouts-post-product-grids-made-easy-1411-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-memberships-groups-and-communities-474-stored-cross-site-scripting-via-profile</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-warranty/woocommerce-warranty-requests-227-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-robots-txt/robotstxt-optimization-145-cross-site-request-forgery</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-118group-agent/team-118group-agent-160-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-and-drink-menu/restaurant-menu-and-food-ordering-2416-missing-authorization-to-menu-creation</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-labels/advanced-woo-labels-215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12025-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-dashboard/ultimate-dashboard-385-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-250-authenticated-contributor-stored-cross-site-scripting-via-gallery-justify</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-block-gutenberg/map-block-for-google-maps-131-unprotected-ajax-action</loc>
<lastmod>2021-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spacious/spacious-1911-missing-authorization-to-autheticated-subscriber-demo-data-import</loc>
<lastmod>2025-08-21T22:13:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cornerstone/cornerstone-788-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bootstrap-gallery/wp-bootstrap-gallery-11-missing-authorization</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quadmenu/wordpress-mega-menu-206-arbitrary-file-creation</loc>
<lastmod>2021-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-php-version-info/wplifecycle-331-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-contact-form-plugin-2216-missing-authorization-to-unauthenticated-workflow-replay</loc>
<lastmod>2026-01-06T17:34:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-purpose-mail-form/multi-purpose-mail-form-102-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gp-back-to-top/gp-back-to-top-30-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-firebase-sms-otp-verification/miniorange-otp-verification-with-firebase-360-authentication-bypass</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-logout-register-menu/login-logout-register-menu-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hms-testimonials/hms-testimonials-2010-cross-site-request-forgery</loc>
<lastmod>2013-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-comboblocks-236-unauthenticated-user-information-exposure</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/etruel-del-post-copies/wp-delete-post-copies-55-missing-authorization</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-553-cross-site-request-forgery-to-phar-deserialization</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/announcekit/announcekit-209-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-form-builder-lite/ultimate-form-builder-lite-132-reflected-cross-site-scripting</loc>
<lastmod>2017-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-548-cross-site-request-forgery-via-process_duplicate_product</loc>
<lastmod>2023-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-emberdder/document-embedder-176-sensitive-data-exposure</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-management-system-for-gamification-ranks-badges-and-loyalty-rewards-program-31-authenticated-contributor-stored-cross-site-scripting-via-wrap-shortcode-attribute</loc>
<lastmod>2026-06-16T17:41:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cssjockey-add-ons/wp-builder-307-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-09T13:35:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weather-effect/weather-effect-christmas-santa-snow-falling-133-cross-site-request-forgery</loc>
<lastmod>2021-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4103-reflected-cross-site-scripting-via-error-message</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imbachat-widget/imbachat-314-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pay-with-contact-form-7/pay-with-contact-form-7-104-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-tabs-for-woocommerce/additional-custom-product-tabs-for-woocommerce-173-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-334-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-20T14:59:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3214-parameter-tampering</loc>
<lastmod>2018-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wp-455-unauthenticated-sql-injection-via-swlatlng-nelatlng-parameters</loc>
<lastmod>2026-05-29T20:40:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepen-embedded-pen-shortcode/codepen-embedded-pens-shortcode-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-1255-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duracelltomi-google-tag-manager/google-tag-manager-for-wordpress-115-reflected-cross-site-scripting-via-site-search</loc>
<lastmod>2022-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-623-sql-injection</loc>
<lastmod>2021-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authnet-cim-for-woo/payment-gateway-authorizenet-cim-for-woocommerce-212-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-207-missing-authorization-to-subscriber-arbitrary-post-deletion</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/capella/capella-255-unauthenticated-php-object-injection</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-475-stored-cross-site-scripting-via-filenames</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/token-login/token-login-103-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-nextgen-galleryview/nextgen-galleryview-055-reflected-cross-site-scripting</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-112-cross-site-request-forgery</loc>
<lastmod>2019-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flo-forms/flo-forms-1041-missing-authorization-via-flo_send_test_email</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epic-review/epic-review-102-reflected-cross-site-scripting</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-woo-builder/jetwoobuilder-2120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-171-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-266-reflected-cross-site-scripting</loc>
<lastmod>2021-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotemedia-tools/quotemedia-tools-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mini-cart/mini-cart-1001-authenticated-admin-sql-injection</loc>
<lastmod>2016-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.3/wordpress-core-23-cross-site-scripting</loc>
<lastmod>2007-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-and-drink-menu/restaurant-menu-and-food-ordering-by-five-star-plugins-246-cross-site-request-forgery-via-maybe_duplicate_item</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alma-gateway-for-woocommerce/alma-pay-in-installments-or-later-for-woocommerce-520-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formilla-live-chat/formilla-live-chat-130-authenticated-administrator-cross-site-scripting-via-formillaid</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-cross-site-scripting-via-css</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/selio/selio-real-estate-directory-11-sql-injection</loc>
<lastmod>2019-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greeny/greeny-26-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-related-posts/easy-related-posts-202-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resend-welcome-email/resend-welcome-email-101-reflected-cross-site-scripting</loc>
<lastmod>2015-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/underconstruction/underconstruction-120-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/materialis-companion/materialis-companion-1352-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/faith-hope/faith-hope-2130-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-downloads-edd/free-downloads-edd-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amelia/amelia-115-amelia-pro-751-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-sell-digital-files-subscriptions-ecommerce-store-payments-made-easy-332-authenticated-admin-stored-cross-site-scripting-via-currency-settings</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-comment-remix/wp-comment-remix-144-cross-site-request-forgery</loc>
<lastmod>2008-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-1083-authenticated-editor-csv-path-traversal</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpleform/simpleform-contact-form-made-simple-220-reflected-cross-site-scripting</loc>
<lastmod>2024-11-15T14:58:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/wordpress-automatic-plugin-31351-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-3219-cross-site-request-forgery-to-post-creation-and-limited-data-loss</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/educare/educare-161-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-720-authorization-bypass-to-friend-invite</loc>
<lastmod>2021-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hmenu/hero-mega-menu-responsive-wordpress-menu-plugin-1165-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-qr-woo/payment-qr-woocommerce-116-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/organization-chart/organization-chart-150-authenticated-subscriber-stored-cross-site-scripting-via-title_input-and-node_description-parameters</loc>
<lastmod>2024-08-07T00:01:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eelv-newsletter/eelv-newsletter-482-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-4161-cross-site-scripting</loc>
<lastmod>2015-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-leagues-by-anwppro/anwp-football-leagues-01617-authenticated-administrator-csv-injection</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11319-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daves-wordpress-live-search/daves-wordpress-live-search-481-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/default-thumbnail-plus/default-thumbnail-plus-1023-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-154-unauthenticated-path-traversal</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unite-gallery-lite/unite-gallery-lite-146-cross-site-request-forgery-authenticated-sql-injection</loc>
<lastmod>2015-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metrika/metrika-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-widget/maps-widget-for-google-maps-423-cross-site-request-forgery-via-dismiss_notice</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-se/slideshow-se-255-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ekc-tournament-manager/ekc-tournament-manager-221-cross-site-request-forgery-to-tournament-deletion</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchpro/berqwp-2253-missing-authorization</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-814-open-redirection-via-redirect_to_https</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-137-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-04T17:24:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-430-missing-authorization-in-multiple-ajax-actions</loc>
<lastmod>2024-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsolr-search-engine/wpsolr-elasticsearch-and-solr-search-86-reflected-cross-site-scripting</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1126-missing-authorization-via-admin-notice-dismissal</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-233-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-shop-as-customer/wpc-shop-as-a-customer-for-woocommerce-128-authentication-bypass-due-to-insufficiently-unique-key</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dsk/dsk-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-cross-site-request-forgery-via-migratecommontoproductonly-function</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-builder/app-builder-387-open-redirection</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-320-unauthenticated-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manage-notification-emails/manage-notification-e-mails-185-missing-authorization</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-builder-forms-addon-for-wordpress-54-unauthenticated-private-message-disclosure</loc>
<lastmod>2022-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-113-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-drop-down-menu-plugin/jquery-dropdown-menu-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3228-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-bws/bestwebsoft-captcha-406-captcha-bypass</loc>
<lastmod>2014-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-for-wordpress-1318-reflected-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register-premium/pie-register-premium-3833-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-listings-pro/wp-listings-pro-3014-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-614-reflected-cross-site-scripting-via-delete_mobile</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-social-network-membership-registration-user-profiles-premium-mobile-app-7030-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:34:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadrebel/leadrebel-102-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-appointment-booking-calendar-plugin-and-online-scheduling-plugin-1087-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-a-better-search-4230-free-and-2260-premium-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/triton-lite/triton-lite-13-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-09-12T21:33:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-2416-missing-authorization-to-authenticated-subscriber-arbitrary-forum-post-modification-via-guestposting-parameter</loc>
<lastmod>2026-04-16T14:05:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appender/appender-111-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latest-post-accordian-slider/latest-post-accordian-slider-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-07-21T20:53:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-213-sensitive-information-disclosure</loc>
<lastmod>2022-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-657-authenticated-administrator-sql-injection</loc>
<lastmod>2022-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/we-client-logo-carousel/we-client-logo-carousel-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxwpbookmark/cbx-bookmark-favorite-1721-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-428-cross-site-request-forgery-to-stored-cross-site-scripting-and-settings-reset</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluet-keywords-tooltip-generator/tooltipy-tooltips-for-wp-50-reflected-cross-site-scripting</loc>
<lastmod>2018-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-chaty-302-authenticated-administrator-sql-injection</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-135-reflected-cross-site-scripting</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/culture-object/culture-object-401-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-menu-manager/advance-menu-manager-306-missing-authorization</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-dynamic-blocks-form-builder-3561-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compfight/compfight-15-cross-site-scrpting</loc>
<lastmod>2014-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-265-insecure-direct-object-reference-to-authenticated-contributor-sensitive-information-exposure-via-post_id-parameter</loc>
<lastmod>2026-05-26T15:59:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-ssl-pro/really-simple-security-pro-9540-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-345-arbitrary-file-upload</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2223-authenticated-administrator-sql-injection</loc>
<lastmod>2025-11-13T22:05:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/wp-jobsearch-267-authentication-bypass-to-account-takeover-and-privilege-escalation</loc>
<lastmod>2024-11-27T19:13:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-click-to-tweet/better-click-to-tweet-5103-cross-site-request-forgery</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powers-triggers-of-woo-to-chat/powerful-auto-chat-198-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portable-phpmyadmin/portable-phpmyadmin-150-authentication-bypass</loc>
<lastmod>2013-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-tv/live-tv-12-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-professional/wordpress-google-map-professional-10-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtoffee-product-feed/product-feed-for-woocommerce-231-missing-authorization</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capability-manager-enhanced/publishpress-capabilities-2310-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-user-registration-login-membership-plugin-250-authenticated-admin-directory-traversal</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist-booking/booking-reservation-appointment-303-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp/wp-chat-app-364-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sharebar/sharebar-121-sql-injection</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto-converter-widget/crypto-converter-widget-184-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-help-button/call-now-accessibility-button-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoom-image-shortcode/zoomify-embed-for-wp-152-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-524-type-confusion</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-42681-missing-authorization-to-unauthenticated-user-registration-bypass</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watchtowerhq/watchtowerhq-3615-unauthenticated-arbitrary-file-download</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg-lite-interactive-vector-maps/mapsvg-873-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strabl-a-checkout-solution/strabl-45-unauthenticated-arbitrary-webhook-creation-via-rest-api-endpoint</loc>
<lastmod>2026-06-18T17:50:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dn-shipping-by-weight/dn-shipping-by-weight-for-woocommerce-12-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-less/wp-less-196-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kstats-reloaded/kstats-reloaded-074-reflected-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelpayouts/travelpayouts-1112-cross-site-request-forgery-to-settings-import</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/diplomat/diplomat-theme-101-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classifieds-listing-1457-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion-and-listing-template-creation</loc>
<lastmod>2025-03-21T14:06:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-post-list-widget/category-post-list-widget-20-cross-site-request-forgery-via-get_cplw_settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/xcloner-473-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-471-insecure-direct-object-reference</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-106-sql-injection</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-addons-for-elementor/skt-addons-for-elementor-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-manager/broken-link-manager-065-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cnvrse/cnvrse-026021020-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conveythis-translate/language-translate-widget-for-wordpress-conveythis-234-missing-authorization-to-limited-option-update</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-261-cross-site-request-forgery-to-plugin-deactivation-and-data-erase</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-1155-authenticated-administrator-sql-injection</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melapress-role-editor/melapress-role-editor-111-improper-authorization-to-authenticated-subscriber-privilege-escalation-via-secondary-role-assignment</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-unauthenticated-sql-injection</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-browser-update/wp-browserupdate-441-cross-site-request-forgery-via-wpbu_administration</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horizontal-scroll-image-slideshow/horizontal-scroll-image-slideshow-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:18:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flx-dashboard-groups/flx-dashboard-groups-007-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-automated-link-building/internal-links-manager-210-multiple-stored-cross-site-scripting</loc>
<lastmod>2020-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recommended-products-edd/easy-digital-downloads-recommended-products-1232-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-cf7/extensions-for-cf7-208-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collapsing-categories/collapsing-categories-308-unauthenticated-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-post-list/admin-menu-post-list-207-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcom-member/wpcom-member-175-authentication-bypass-via-user_phone</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-baseball-scoreboard/simple-baseball-scoreboard-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepress-admin-columns/admin-columns-7018-authenticated-contributor-php-object-injection-to-remote-code-execution-via-custom-field-meta-value</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-641-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T20:10:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-of-contents-plus/table-of-contents-plus-2302-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/fusion-builder-3111-cross-site-request-forgery</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/malta/malta-133-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-compliance-cookie-consent/gdpr-compliance-cookie-consent-12-cross-site-request-forgery</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-pages-and-domain-aliases/landing-pages-and-domain-aliases-for-wordpress-08-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demon-image-annotation/demon-image-annotation-47-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-nextgen-galleryview/nextgen-galleryview-055-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-accordion-slideshow/jquery-accordion-slideshow-81-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/0.72/wordpress-core-072-sql-injection</loc>
<lastmod>2003-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-schema/review-schema-review-structure-data-schema-plugin-226-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubeportfolio/cube-portfolio-1168-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cds-simple-seo/simple-seo-2025-cross-site-request-forgery-via-multiple-admin_post-functions</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/registration-forms-user-profile-custom-registration-form-login-form-invitation-based-registrations-for-wordpress-2014-2015-authentication-bypass</loc>
<lastmod>2015-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webriti-smtp-mail/webriti-smtp-mail-10-cross-site-request-forgery-to-options-update</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-312-authenticated-administrator-sql-injection-via-columns-parameter</loc>
<lastmod>2025-03-07T16:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-log/wp-mail-log-plugin-112-authenticatedcontributor-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/showbizpro/showbiz-pro-responsive-teaser-wordpress-plugin-171-arbitrary-file-upload</loc>
<lastmod>2014-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drawblog/drawblog-081-cross-site-request-forgery</loc>
<lastmod>2013-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prdctfltr/multiple-xforwoocommerce-add-on-plugins-various-versions-missing-authorization</loc>
<lastmod>2021-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-file-upload-for-contact-form-7/drag-and-drop-file-upload-for-contact-form-7-113-unauthenticated-arbitrary-file-upload-via-sanitize_file_name-bypass</loc>
<lastmod>2026-04-23T16:36:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1388-cross-site-scripting</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-blocking-detector/ad-blocking-detector-121-full-path-disclosure</loc>
<lastmod>2014-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-cards/content-cards-096-cross-site-scripting</loc>
<lastmod>2017-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forecast/wp-forecast-75-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epermissions/epermissions-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-manager/media-file-manager-142-directory-traversal-to-directory-listing</loc>
<lastmod>2018-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/firestats/firestats-162-remote-file-inclusion</loc>
<lastmod>2009-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2319-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtoffee-gdpr-cookie-consent/gdpr-cookie-consent-260-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-650-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-slider-with-lightbox/thumbnail-slider-with-lightbox-10-cross-site-request-forgery</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rocket-maintenance-mode/rocket-maintenance-mode-coming-soon-page-43-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-login-and-signup-widget/custom-login-and-signup-widget-10-authenticated-administrator-remote-code-execution</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pie-coming-soon/ezp-coming-soon-page-1073-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1234-missing-authorization-to-authenticated-subscriber-feedback-form-submission</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coworking/coworking-161-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-459-reflected-cross-site-scripting</loc>
<lastmod>2022-08-10T12:34:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-response-newsletter-widget/verticalresponse-newsletter-widget-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T11:29:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-user-login/disable-user-login-138-cross-site-request-forgery</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/puca/puca-2639-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/saico/saico-102-arbitrary-file-upload</loc>
<lastmod>2013-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flaming-password-reset/flaming-password-reset-103-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dummy-content-generator/wp-dummy-content-generator-230-cross-site-request-forgery</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-mapper/image-mapper-0253-reflected-cross-site-scripting</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arlo/arlo-603-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happyforms/happyforms-12510-missing-authorization</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-271-privilege-escalation</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-restaurant-menu/quick-restaurant-menu-200-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-407-cross-site-request-forgery</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/streamit/streamit-402-authenticated-subscriber-privilege-escalation-via-user-email-changeaccount-takeover</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-1-wordpress-booking-plugin-29957-missing-authorization</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-woo-product-gallery/jetproductgallery-2122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lokalyze-call-now/call-me-now-30-cross-site-request-forgery</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-by-taxonomy/related-posts-by-taxonomy-276-authenticated-contributor-stored-cross-site-scripting-via-related_posts_by_tax-shortcode</loc>
<lastmod>2026-01-15T18:31:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-street-view/wp-google-street-view-115-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-4110-ldap-passback</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-hash-collision</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1735-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brookside/brookside-14-reflected-cross-site-scripting</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-831-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-prijsvergelijking-widget/cryptocurrency-prijsvergelijking-widget-10-authenticated-contributor-stored-cross-site-scripting-via-width-shortcode-attribute</loc>
<lastmod>2026-05-26T17:21:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envolve-plugin/envolve-plugin-10-unauthenticated-language-file-deletion</loc>
<lastmod>2025-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jitsi-shortcodes/wordpress-jitsi-shortcode-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goldenblatt/goldenblatt-130-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unitegallery/portfolio-gallery-10-missing-authorization</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-349-authenticated-subscriber-privilege-escalation-via-missing-authorization-in-mcp-oauth-bearer-token</loc>
<lastmod>2026-05-16T14:19:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1113-missing-authorization-to-authenticated-subscriber-plugin-settings-updates</loc>
<lastmod>2024-07-17T13:49:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadcenter/wp-adcenter-ad-manager-adsense-ads-257-authenticated-contributor-stored-cross-site-scripting-via-wpadcenter_ad-shortcode</loc>
<lastmod>2024-11-14T16:36:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-526-cross-site-request-forgery-to-ip-blocking</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-35136-authenticated-administrator-path-traversal-to-arbitrary-file-read-via-srcsrcset-attribute-in-html-export</loc>
<lastmod>2026-06-05T14:27:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2922-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optima-express/optima-express-marketboost-idx-plugin-730-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-database/contact-form-7-database-cfdb7-100-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/underconstruction/underconstruction-118-reflected-cross-site-scripting</loc>
<lastmod>2021-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hybrid-composer/hybrid-composer-146-missing-authorization</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xmlrpc-attacks-blocker/xmlrpc-attacks-blocker-10-unauthenticated-stored-cross-site-scripting-via-x-forwarded-for</loc>
<lastmod>2026-02-18T16:00:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3121-missing-authorization</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-purchase-orders/woocommerce-purchase-orders-102-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-08-11T13:49:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myftp-ftp-like-plugin-for-wordpress/myftp-11-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ogulo-360-tour/ogulo-360-tour-1011-authenticated-contributor-stored-cross-site-scripting-via-slug-parameter</loc>
<lastmod>2025-08-22T15:50:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiebar/cookiebar-170-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-powerful-seo-plugin-to-boost-seo-rankings-increase-traffic-489-missing-authorization-to-authenticated-contributor-arbitrary-media-deletion</loc>
<lastmod>2025-11-14T16:58:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/promolayer-popup-builder/pop-ups-exit-intent-popups-email-popups-banners-bars-countdowns-and-cart-savers-promolayer-110-missing-authorization</loc>
<lastmod>2024-06-19T12:18:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-245-authenticated-subscriber-stored-cross-site-scripting-via-profile-avatar</loc>
<lastmod>2025-07-09T12:30:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-on-demand-search-and-replace/cm-on-demand-search-and-replace-152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11518-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextcart-woocommerce-migration/next-cart-store-to-woocommerce-migration-394-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-system/wp-system-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T19:30:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/tag-category-and-taxonomy-manager-ai-autotagger-with-openai-3401-missing-authorization-to-authenticated-subscriber-arbitrary-taxonomy-term-manipulation</loc>
<lastmod>2025-12-03T00:31:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publish-confirm-message/publish-confirm-message-131-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/p3/pipdig-power-pack-p3-473-backdoor</loc>
<lastmod>2019-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-fancybox/firelight-lightbox-2315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2Framework/s2framework-415-reflected-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/artrium/artrium-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-309-unauthenticated-localremote-file-inclusion-remote-code-execution</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kata-plus/kata-plus-addons-for-elementor-widgets-extensions-and-templates-147-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-28T20:39:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-woocart-popup-lite/popup-cart-lite-for-woocommerce-11-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-3301-missing-authorization-to-authenticated-subscriber-generate-api-secret-key-via-wlm3_generate_api_key-ajax-action</loc>
<lastmod>2026-05-22T16:22:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-2818-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-mobile-friendly-drag-drop-contact-form-builder-11538-unauthenticated-sql-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-addon-for-elementor/image-hover-effects-elementor-addon-14-authenticated-contributor-stored-cross-site-scripting-via-eihe_align</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abcapp-creator/abcapp-creator-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-pro/widgetkit-pro-1131-reflected-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickymenu/my-sticky-bar-286-unauthenticated-sql-injection-via-stickymenu_contact_lead_form-action</loc>
<lastmod>2026-03-11T13:35:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-to-301/404-to-301-307-missing-authorization-to-redirect-creation</loc>
<lastmod>2021-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-print/pdf-print-by-bestwebsoft-wordpress-posts-and-pages-pdf-generator-plugin-175-cross-site-scripting</loc>
<lastmod>2014-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-wordfence-extension/mainwp-wordfence-extension-407-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/issabella/issabella-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-booking/travel-booking-139-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-130-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-3532-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/info-boxes-shortcode-and-widget/info-boxes-shortcode-and-widget-115-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-blocks/vk-blocks-16301-authenticated-contributor-stored-cross-site-scripting-via-block</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-preview/url-preview-10-unauthenticated-server-side-request-forgery-via-url-parameter</loc>
<lastmod>2026-06-23T16:41:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2552-authenticated-stored-cross-site-scripting-via-text-editor</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-769-password-protection-bypass</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-rating/comment-rating-2932-sql-injection</loc>
<lastmod>2013-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hl-twitter/hl-twitter-2014118-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-posts-with-multiple-custom-groups-fpmcg/featured-posts-with-multiple-custom-groups-fpmcg-40-cross-site-request-forgery</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-bar/top-bar-303-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-8510-missing-authorization</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post/yoast-duplicate-post-45-authenticated-contributor-missing-authorization-to-arbitrary-post-duplication-and-overwrite</loc>
<lastmod>2026-03-17T20:54:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-notes/wpc-order-notes-for-woocommerce-152-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-12-10T20:27:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wsecure/wsecure-lite-25-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-navigation-links-for-sections-and-headings-free-by-wp-masters/posts-navigation-links-for-sections-and-headings-free-by-wp-masters-101-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-11-03T15:28:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-312-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-243-limited-authentication-bypass-due-to-missing-empty-value-check</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/igms-direct-booking/igms-direct-booking-13-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-freightview-edition/ltl-freight-quotes-freightview-edition-1011-ltl-freight-quotes-daylight-edition-226-and-ltl-freight-quotes-day-ross-edition-2110-unauthenticated-stored-cross-site-scripting-via-expiry_date-parameter</loc>
<lastmod>2025-06-06T20:22:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-all-in-one-for-wp/dsgvo-all-in-one-for-wp-42-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-504-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-photo-gallery/photo-gallery-slideshow-masonry-tiled-gallery-103-authenticated-admin-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-local-pickup-for-woocommerce/advanced-local-pickup-for-woocommerce-152-missing-authorization</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-9993-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-489-unauthenticated-sql-injection</loc>
<lastmod>2025-07-01T14:53:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-252-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-3733-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-pt_cancel_subscription</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/equadio/equadio-113-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linked-variation-for-woocommerce/linked-variation-for-woocommerce-105-cross-site-request-forgery</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hel-online-classroom/hel-online-classroom-ai-powered-online-classrooms-103-missing-authorization-to-unauthenticated-arbitrary-classroom-deletion-via-id-parameter</loc>
<lastmod>2026-05-11T19:04:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-manager/booking-manager-sync-wp-booking-calendar-import-events-export-bookings-to-ics-calendar-2118-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wheel-of-life/wheel-of-life-coaching-and-assessment-tool-for-life-coach-117-missing-authorization-on-several-ajax-endpoints</loc>
<lastmod>2024-06-19T12:15:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tc-logo-slider/logo-slider-logo-carousel-logo-showcase-client-logo-181-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-load/lazy-load-061-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-221-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-172-authenticated-contributor-stored-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-06-05T14:59:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-088-reflected-cross-site-scripting</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-settings-for-rocketchat/extra-settings-for-rocketchat-01-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-08T15:05:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/as-password-field-in-default-registration-form/as-password-field-in-default-registration-form-200-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-01-05T16:08:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweet-old-post/revive-old-posts-933-missing-authorization</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexmls-idx/flexmls-idx-plugin-31426-authenticated-contributor-stored-cross-site-scripting-via-api-parameters</loc>
<lastmod>2025-01-24T18:17:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spabiz/spabiz-1018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-politic/ht-politic-244-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campaign-url-builder/campaign-url-builder-181-authenticated-admin-stored-cross-site-scripting-via-create-link</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxgalleria/maxgalleria-642-missing-authorization</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jb-news-ticker/jb-news-ticker-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:18:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autotitle-for-wordpress/autotitle-for-wordpress-103-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-feed/smash-balloon-social-photo-feed-1462-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2016-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedbucket/feedbucket-website-feedback-tool-106-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-353-missing-authorization</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-carousel-ultimate/post-grid-slider-carousel-ultimate-166-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ketchup-shortcodes-pack/ketchup-shortcodes-012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rezgo/rezgo-online-booking-182-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-6069-unauthenticated-payment-bypass-via-rm_process_paypal_sdk_payment</loc>
<lastmod>2026-02-17T21:54:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/BuilderChild-Depot/ithemes-builder-depot-theme-5030-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogger-301-redirect/blogger-301-redirect-253-unauthenticated-sql-injection-via-br</loc>
<lastmod>2024-11-15T19:50:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hblpay-payment-gateway-for-woocommerce/hblpay-payment-gateway-for-woocommerce-500-reflected-cross-site-scripting-via-cusdata-parameter</loc>
<lastmod>2026-01-06T18:34:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-smart-bot-blocking-intrusion-prevention-security-1859-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-discord-integration/miniorange-discord-integration-222-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-owl-carousel-elementor/responsive-owl-carousel-for-elementor-120-local-file-inclusion</loc>
<lastmod>2024-05-30T14:04:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fitvids-for-wordpress/fitvids-for-wordpress-401-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T17:28:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-management/hospital-management-system-47020-11-2023-unauthenticated-sql-injection</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-655-missing-authorization</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-woocommerce-dynamic-pricing-and-discounts/elex-woocommerce-dynamic-pricing-and-discounts-217-missing-authorization</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-photo-sphere/simple-photo-sphere-0010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bizcalendar-web/bizcalendar-web-11053-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-08-14T20:14:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telephone-number-linker/telephone-number-linker-12-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sender-net-automated-emails/sender-newsletter-sms-and-email-marketing-automation-for-woocommerce-2618-cross-site-request-forgery</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-pdf-for-contact-form-7/send-pdf-for-contact-form-7-1023-missing-authorization</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starfish-reviews/starfish-review-generation-marketing-for-wordpress-3119-authenticated-subscriber-arbitrary-options-update-via-srm_restore_options_defaults</loc>
<lastmod>2026-02-13T08:50:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetize-pages-light/widgetize-pages-light-30-widgets-as-shortcodes-5910-reflected-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-search/wordpress-wp-advanced-search-3392-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-juice-keeper/link-juice-keeper-202-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-merchant/audio-merchant-504-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2023-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-members/facebook-members-505-cross-site-request-forgery</loc>
<lastmod>2013-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-broken-link-checker/url-shortener-conversion-tracking-ab-testing-woocommerce-902-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-cleaner/wp-media-cleaner-226-cross-site-scripting</loc>
<lastmod>2015-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-canadian-mortgage-calculator/cc-canadian-mortgage-calculator-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:19:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-786-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gm-woocommerce-quote-popup/product-enquiry-for-woocommerce-30-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/cloudinary-330-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flow-flow-social-streams/flow-flow-social-feed-stream-300-475-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting-via-flow_flow_social_auth-ajax-action</loc>
<lastmod>2025-12-11T15:12:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-square/woocommerce-square-381-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogprise/blogprise-109-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-293-326-cross-site-scripting-in-accept-language-header</loc>
<lastmod>2015-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-urls/export-all-urls-45-reflected-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelers-map/travelers-map-232-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-testimonial/testimonials-305-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-shortcodes-creator/shortcodes-blocks-creator-ultimate-220-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-vibes/form-vibes-145-authenticated-admininstrator-sql-injection</loc>
<lastmod>2022-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3340-unauthenticated-limited-privilege-escalation-via-updatepassword</loc>
<lastmod>2026-01-05T13:11:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3117-missing-authorization</loc>
<lastmod>2021-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pronamic-google-maps/pronamic-google-maps-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-5111-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-154-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepress-admin-columns/admin-columns-free-43-and-pro-551-stored-cross-site-scripting</loc>
<lastmod>2021-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pb-oembed-html5-audio-with-cache-support/pb-oembed-html5-audio-26-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rac/woocommerce-recover-abandoned-cart-2440-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-04T21:10:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adif-log-search-widget/adif-log-search-widget-10f-cross-site-scripting</loc>
<lastmod>2013-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stax-buddy-builder/buddypress-builder-for-elementor-buddybuilder-174-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-12T13:22:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-body-mass-index-calculator/global-body-mass-index-calculator-12-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-08T15:07:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fribbo/fribbo-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rest-api-fns/wp-rest-api-fns-100-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kamperen/kamperen-13-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-6502-authenticated-administrator-php-object-injection</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-contact-form7-for-elementor/awesome-contact-form7-for-elementor-29-authenticated-contributor-stored-cross-site-scripting-via-aep-contact-form-7-widget</loc>
<lastmod>2024-05-22T12:55:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wechat-social-login/wechat-social-login-130-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-6100-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-147-arbitrary-file-upload</loc>
<lastmod>2014-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scoutnet-kalender/scoutnet-kalender-110-cross-site-scripting</loc>
<lastmod>2019-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-synchro-pdf/videos-sync-pdf-174-unauthenticated-local-file-inclusion</loc>
<lastmod>2022-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reciply/reciply-117-unauthenticated-arbitrary-file-upload-in-uploadimagephp</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hippoo/hippoo-mobile-app-for-woocommerce-171-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-12-09T16:23:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-links-generator/internal-links-generator-351-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-0526-authenticated-admin-cross-site-scripting</loc>
<lastmod>2015-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12809-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplms_plugin/wplms-19953-unauthenticated-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-wp-security-backup-speed-growth-391-cross-site-scripting-via-latex-markup-within-html-elements</loc>
<lastmod>2016-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-pro/timeline-pro-13-authenticated-contributor-stored-cross-site-scripting-via-placeholder</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breadcrumbs-by-menu/breadcrumbs-by-menu-103-cross-site-scripting</loc>
<lastmod>2019-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-health-check/sitealert-formerly-wp-health-198-missing-authorization-to-unauthenticated-site-health-information-exposure</loc>
<lastmod>2025-10-02T21:55:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coaching-staffs/coaching-staffs-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:27:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-409-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-12-17T23:36:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notice-board-by-towkir/notice-board-by-towkir-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:40:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php/woody-ad-snippets-225-arbitrary-post-deletion</loc>
<lastmod>2019-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-replace-image/easy-replace-image-350-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-433-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/append-extensions-on-pages/append-extensions-on-pages-112-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-20220115-cross-site-request-forgery</loc>
<lastmod>2022-04-15T10:48:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3193-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-calendar/appointment-calendar-296-cross-site-request-forgery</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/explore-pages/explore-pages-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-expirator/post-expirator-493-missing-authorization</loc>
<lastmod>2026-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-woocommerce-product-reviews-with-multi-criteria-reminder-emails-google-reviews-schema-more-2212-unauthenticated-sensitive-information-exposure-to-data-export</loc>
<lastmod>2026-03-22T16:26:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-icons-for-elementor/custom-icons-for-elementor-033-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-wordpress-affiliate-plugin-339-open-redirect-via-atkpoutphp</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-language/xili-language-2213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybookprogress/mybookprogress-by-stormhill-media-108-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/panda-pods-repeater-field/panda-pods-repeater-field-153-reflected-cross-site-scripting</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-testimonials/wp-testimonials-341-sql-injection</loc>
<lastmod>2017-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-406-sql-injection</loc>
<lastmod>2016-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-1601-cross-site-scripting</loc>
<lastmod>2020-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-design-iconic-font-integration/material-design-iconic-font-integration-2-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:21:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-flat-countdown/responsive-coming-soon-landing-page-holding-page-for-wordpress-30-authenticated-susbcriber-privilege-escalation</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-easy-listing-directories-for-wordpress-6414-insecure-direct-object-reference-to-listing-arbitrary-image-addition</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3482-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-me/include-me-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-marquee-plugin/vertical-marquee-plugin-71-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/presto-player/presto-player-302-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-responsive-gallery/portfolio-responsive-gallery-117-cross-site-scripting</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blizzard-quotes/blizzard-quotes-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshopify/shopwp-524-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riovizual/table-block-by-riovizual-232-missing-authorization</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accesspress-facebook-auto-post/social-auto-poster-214-cross-site-request-forgery-to-plugin-settings-reset</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/construct/construct-14-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amfissa/amfissa-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-by-made-it/forms-280-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/funnelkit-automations-email-marketing-automation-and-crm-for-wordpress-woocommerce-373-missing-authorization</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagebar/pagebar-265-cross-site-request-forgery-to-settings-update-and-cross-site-scripting</loc>
<lastmod>2022-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-444-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-202-sensitive-information-disclosure</loc>
<lastmod>2006-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nuance/nuance-12-arbitrary-file-upload</loc>
<lastmod>2013-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-313-unauthenticated-sensitive-information-exposure-to-privilege-escalation</loc>
<lastmod>2025-11-04T17:19:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-ticker/stock-ticker-3233-reflected-cross-site-scripting-in-ajax_stockticker_load</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alo-easymail/alo-easymail-newsletter-292-cross-site-request-forgery</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/independent-analytics/independent-analytics-2149-unauthenticated-server-side-request-forgery-via-tracking-route</loc>
<lastmod>2026-05-27T14:52:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gt3-photo-video-gallery/photo-gallery-gt3-image-gallery-gutenberg-block-gallery-27721-authenticated-author-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doppler-form/doppler-forms-246-missing-authorization</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons-pro/happy-addons-for-elementor-3911-reflected-cross-site-scripting</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-655-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-15T20:04:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-sort-posts/wp-meta-sort-posts-09-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-06-08T15:06:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-3194-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smarter-analytics/smarter-analytics-20-missing-authorization-to-unauthenticated-plugin-settings-reset-via-reset-parameter</loc>
<lastmod>2026-03-20T15:09:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realia/realia-140-cross-site-request-forgery-to-user-email-change</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdeepl/deepl-pro-api-translation-174-sensitive-information-disclosure</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-option-tree/traveler-option-tree-28-authenticated-editor-information-exposure</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-bike-rental/simple-bike-rental-106-missing-authorization-to-authenticated-subscriber-sensitive-booking-data-exposure</loc>
<lastmod>2025-12-11T21:44:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-taxonomy-manager/ultimate-taxonomy-manager-20-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-background-changer/custom-background-changer-30-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-14109-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-chocolate/chocolate-wp-responsive-photography-theme-all-versions-cross-site-scripting</loc>
<lastmod>2013-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitor-maps/visitor-maps-1586-stored-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qnotsquiz/qnotsquiz-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-23T19:55:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/single-mailchimp/single-mailchimp-14-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:25:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-435-blind-sql-injection</loc>
<lastmod>2015-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio4-html5/radio-player-shoutcast-icecast-wordpress-plugin-446-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shortcm/shortio-240-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-counter/rich-counter-120-javascript-injection</loc>
<lastmod>2014-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-booking-calendar-201912-unauthenticated-information-exposure</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xml-for-google-merchant-center/xml-for-google-merchant-center-3011-reflected-cross-site-scripting</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-facebook-plugin/simple-like-page-plugin-152-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-29T21:40:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-channel-gallery/youtube-channel-gallery-24-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-859-cross-site-scripting</loc>
<lastmod>2016-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5116-missing-authorization-to-settings-update-and-limited-privilege-escalation</loc>
<lastmod>2024-05-17T19:02:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-contact-icons-messages-telegram-email-sms-call-button-chaty-282-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raisely-donation-form/raisely-donation-form-11-authenticated-contributor-stored-cross-site-scripting-via-raisely_donation_form-shortcode</loc>
<lastmod>2025-05-20T20:32:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whydowork-adsense/whydowork-adsense-12-reflected-cross-site-scripting</loc>
<lastmod>2014-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kanban/kanban-boards-for-wordpress-2521-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1358-missing-authorization</loc>
<lastmod>2025-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-multi-criteria-rating-reviews-for-woocommerce-168-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-telegram-chat-cc/elfsight-telegram-chat-cc-110-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3267-unauthenticated-denial-of-service</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-avatars/author-avatars-listblock-2123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-options/editorskit-1315-authenticated-contributor-code-injection</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-22052-authenticated-subscriber-server-side-request-forgery-in-onadminapi_htmlcheck</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bread-butter/bread-butter-content-gating-for-verified-leads-82025-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-21T19:07:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wootique/woothemes-wooframework-5310-remote-code-execution-via-shortcodes</loc>
<lastmod>2012-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-111312-cross-site-request-forgery</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-testimonial-widget/wp-testimonial-widget-31-authenticated-admin-sql-injection</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pool/pool-107-reflected-cross-site-scripting</loc>
<lastmod>2007-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-maybe_install_suggested_plugins</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor_widget_clever_radio_player/clever-html5-radio-player-with-history-shoutcast-and-icecast-elementor-widget-addon-24-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-post-list/advanced-post-list-0561-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-draft-list/draft-list-263-authenticated-author-stored-cross-site-scripting-via-draft-post-title</loc>
<lastmod>2026-05-21T14:52:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yatra/yatra-2114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-github-gist/wp-github-gist-05-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doccheck-login/doccheck-login-115-unauthorized-post-access</loc>
<lastmod>2025-07-03T12:24:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-broken-links-checker-extension/mainwp-broken-link-checker-40-unauthenticated-sql-injection</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/am-events/am-events-1131-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hanani/hanani-1211-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dashboard-notes/wp-dashboard-notes-1011-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-framework/gutenberg-template-and-pattern-library-redux-framework-4120-cross-site-request-forgery</loc>
<lastmod>2020-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3146-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-google-icalendar-widget/simple-google-calendar-outlook-events-block-widget-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-615-missing-authorization-checks</loc>
<lastmod>2016-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-524-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ewww-image-optimizer/ewww-image-optimizer-723-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kvcore-idx/kvcore-idx-2335-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T15:24:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/er-swiffy-insert/er-swiffy-insert-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-21T19:06:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-to-do-list/dashboard-to-do-list-120-missing-authorization-via-ardtdw_widgetsetup</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5811-missing-authorization</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-catcher/wp-mail-catcher-219-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-openings/wp-job-openings-341-missing-authorization</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-389-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/export-all-posts-products-orders-refunds-users-293-information-disclosure-through-unprotected-directory</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartarget-popup/smartarget-popup-14-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bradmax-player/bradmax-player-1127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-configurator-pro/wp-configurator-pro-379-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailpoet/mailpoet-emails-and-newsletters-in-wordpress-3231-reflected-cross-site-scripting-via-url-parameter</loc>
<lastmod>2019-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-1183-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-simplified-for-oap-members-only/membership-simplified-158-beta-sql-injection</loc>
<lastmod>2017-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-style/change-cart-button-colors-woocommerce-10-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/who-hit-the-page-hit-counter/who-hit-the-page-hit-counter-14143-cross-site-request-forgery</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-4027-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kodex-posts-likes/kodex-posts-likes-250-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ris-version-switcher/ris-version-switcher-8211-downgrade-or-upgrade-wp-versions-easily-10-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-backlink-monitor/seo-backlink-monitor-160-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-4116-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-cafe-addon-for-elementor/restaurant-cafe-addon-for-elementor-152-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beyot-framework/smart-framework-multiple-plugins-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bibtex/wp-bibtex-301-cross-site-request-forgery-to-stored-and-reflected-cross-site-scripting</loc>
<lastmod>2025-01-20T20:29:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/configurable-tag-cloud-widget/configurable-tag-cloud-52-cross-site-request-forgery-via-ctc_options_page</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-force-images-download/wp-force-images-download-18-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:17:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-311-missing-authorization-to-unauthenticated-file-upload</loc>
<lastmod>2026-03-20T15:13:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gosign-posts-slider-block/gosign-posts-slider-block-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T14:11:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-kick-integration/sw-kick-integration-blocks-and-shortcodes-for-embedding-kick-streams-111-authenticated-contributor-stored-cross-site-scripting-via-sw-kick-embed-shortcode</loc>
<lastmod>2024-10-28T21:38:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-48-missing-authorization-on-ajax-actions</loc>
<lastmod>2019-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-producttables-pro/wbw-product-table-pro-226-unauthenticated-sql-injection</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/utm-tracker/utm-tracker-131-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytm-donation/paytm-payment-donation-233-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-flipbox-addon-for-elementor/ultimate-flipbox-addon-for-elementor-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-repeatable-fields/contact-form-7-repeatable-fields-201-authenticated-contributor-stored-cross-site-scripting-via-field_group-shortcode</loc>
<lastmod>2024-10-23T23:47:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-multi-step-form-calculation-contact-form-payment-contact-form-custom-contact-form-builder-20-2139-authenticated-administrator-sql-injection-via-getloghistory-function</loc>
<lastmod>2024-08-19T15:12:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doppler-form/doppler-forms-251-missing-authorization-to-authenticated-subscriber-limited-plugin-install</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-473-authenticated-cross-site-scripting-in-youtube-url-embeds</loc>
<lastmod>2017-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-422-authenticated-sales-representative-php-object-injection</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-user-role-editor/wpfront-user-role-editor-32111184-limited-information-exposure</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-6111-reflected-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-seo-tool/smart-seo-tool-wordpress-seo-401-cross-site-request-forgery-via-wp_ajax_wb_smart_seo_tool</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lymcoin/lymcoin-1312-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fb-status-updater/status-updater-192-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-website-translator/prisna-gwt-google-website-translator-1413-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thoughtful-comments/fv-thoughtful-comments-035-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-message-filter/message-filter-for-contact-form-7-163-missing-authorization</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-24-missing-authorization</loc>
<lastmod>2015-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yext/yext-113-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posti-shipping/posti-shipping-3103-reflected-cross-site-scripting</loc>
<lastmod>2024-12-03T14:18:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web3-authentication/web3-280-authentication-bypass</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelligent-importer/catalog-importer-scraper-crawler-513-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/uncode/uncode-2944-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webd-woocommerce-product-excel-importer-bulk-edit/product-excel-import-export-bulk-edit-for-woocommerce-47-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/post-grid-gutenberg-blocks-and-wordpress-blog-plugin-postx-412-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2024-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2317-missing-authorization</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-3111-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-for-the-events-calendar/the-events-calendar-countdown-addon-1415-missing-authorization</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-users-media/wp-users-media-423-cross-site-request-forgery-in-wpusme_save_settings</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-416-authenticated-contributor-stored-cross-site-scripting-via-file_modified-shortcode</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prdctfltr/product-filter-for-woocommerce-912-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gecka-terms-thumbnails/gecka-terms-thumbnails-11-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/note-press/note-press-012-sql-injection</loc>
<lastmod>2017-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baslider/image-slider-by-nextcode-112-multiple-cross-site-request-forgery</loc>
<lastmod>2022-05-26T10:08:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-download/zedna-ebook-download-12-directory-traversal</loc>
<lastmod>2016-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-204-reflected-cross-site-scripting-via-message_id</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-vault-wp-firewall/ip-vault-wp-firewall-20-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/storeengine/storeengine-powerful-wordpress-ecommerce-plugin-for-payments-memberships-affiliates-sales-more-150-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-300-311-reflected-cross-site-scripting-issue-on-the-ld_profile-search-field</loc>
<lastmod>2020-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-special-characters/guzzlehttppsr7-184-and-200-210-improper-input-validation</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobboardwp/jobboardwp-job-board-listings-and-submissions-130-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ignitiondeck/ignitiondeck-crowdfunding-platform-198-missing-authorization</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-support/svg-support-2514-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swiss-toolkit-for-wp/swiss-toolkit-for-wp-140-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meow-gallery/meow-gallery-gallery-block-418-sql-injection</loc>
<lastmod>2021-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/boldy/site5-various-affected-themes-various-versions-email-spoofing</loc>
<lastmod>2012-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-and-lightbox/gallery-and-lightbox-1014-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-209-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-ad-manager-adsense-ads-5822-authenticated-stored-cross-site-scripting-via-group-names</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-313-sensitive-data-exposure</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-509-authenticated-contributor-blind-sql-injection-via-shortcode</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-memberships/crm-memberships-22-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer/error-log-viewer-112-sensitive-information-exposure</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-512-authenticated-subscriber-sql-injection-via-membership_ids</loc>
<lastmod>2026-04-07T23:11:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-331-missing-authorization-to-authenticated-subscriber-role-removal</loc>
<lastmod>2025-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-566-cross-site-request-forgery</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-5310-missing-authorization-to-authenticated-subscriber-arbitrary-modification-via-add_order_note-and-send_email_to_user_by_moderator-ajax-actions</loc>
<lastmod>2026-05-14T19:53:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hrm/wp-human-resource-management-226-sensitive-information-disclosure</loc>
<lastmod>2019-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crafty-social-buttons/crafty-social-buttons-158-cross-site-scripting</loc>
<lastmod>2017-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notifier/wanotifier-2713-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailing-group/mailing-group-listserv-209-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-370-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copysafe-web/copysafe-web-protection-313-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zem-stl-viewer/zem-stl-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-01T19:45:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/130-widgets-best-addons-for-elementor-free-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-42174-reflected-cross-site-scripting</loc>
<lastmod>2022-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-wp-login/block-wp-login-130-cross-site-request-forgery</loc>
<lastmod>2019-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wapppress-builds-android-app-for-website/wapppress-503-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32829-unauthenticated-privilege-escalation-to-administrator-via-role-form-field</loc>
<lastmod>2026-01-08T17:45:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/i-transform/i-transform-309-cross-site-request-forgery</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/assistant-for-nextgen-gallery/assistant-for-nextgen-gallery-109-unauthenticated-arbitrary-directory-deletion</loc>
<lastmod>2025-08-14T20:15:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/member-database/membership-database-10-reflected-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/noo-jobmonster-466-sensitive-information-disclosure-via-directory-listing</loc>
<lastmod>2020-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-photos-media-sell-with-paypal-stripe-28122-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpleform-contact-form-submissions/simpleform-contact-form-submissions-210-reflected-cross-site-scripting</loc>
<lastmod>2024-11-15T15:09:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-checker/accessibility-checker-by-equalize-digital-1300-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-drag-drop-wordpress-form-builder-19136-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-the-most-popular-privacy-friendly-analytics-plugin-14133-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-update</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-340-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-lite/contact-form-plugin-401-stored-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/root-cookie/root-cookie-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-21120-cross-site-request-forgery-in-multiple-functions</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0895-directory-traversal</loc>
<lastmod>2019-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hypercomments/hypercomments-122-unauthenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-06-04T22:12:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-database/backup-database-49-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-kit-for-elementor-powerful-elementor-addons-widgets-templates-for-wordpress-269-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletin-announcements/bulletin-announcements-3117-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:37:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-2131-2132-authenticated-author-arbitrary-file-deletion</loc>
<lastmod>2025-12-02T14:05:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-ui/custom-post-type-ui-173-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2020-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-filter-posts/post-grid-master-3413-reflected-cross-site-scripting-via-argsarrayread_more_text</loc>
<lastmod>2025-07-23T20:38:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/patricia-lite/patricia-lite-123-cross-site-request-forgery</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-amazon/wp-lister-lite-for-amazon-268-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5116-missing-authorization-to-setting-manipulation</loc>
<lastmod>2024-05-17T19:02:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10276-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-eu-cookie-law/easy-eu-cookie-law-1331-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-security-90-user-enumeration-bypass</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-170-local-file-disclosure</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embed-thumbnail-generator/videopack-4103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-missing-authorization-via-get_players</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-plugin/listingpro-plugin-294-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3103-authenticated-contributor-stored-cross-site-scripting-via-archive-title-widget</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-pro/tab-ultimate-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-789-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze-checkout/breeze-checkout-140-missing-authorization</loc>
<lastmod>2025-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-drag-drop-form-builder-253-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-20T15:16:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-custom-login/yith-custom-login-173-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T18:13:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookify/bookify-109-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-builder-forms-addon-for-wordpress-52-stored-cross-site-scripting-via-profile-fields</loc>
<lastmod>2022-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duogeek-blocks/duogeek-blocks-011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opensea/opensea-102-cross-site-scripting</loc>
<lastmod>2022-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-1432-authenticated-contributor-stored-cross-site-scripting-via-shortcode-link-parameter</loc>
<lastmod>2026-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-393-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure-via-tutor_order_details</loc>
<lastmod>2026-01-07T18:46:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons-pro/xpro-elementor-addons-pro-149-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-sell-digital-files-subscriptions-ecommerce-store-payments-made-easy-329-sensitive-information-exposure</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formgent/formgent-next-gen-ai-form-builder-for-wordpress-with-multi-step-quizzes-payments-more-104-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-addons-for-elementor-842-authenticated-contributor-stored-cross-site-scripting-via-svg-image-widget</loc>
<lastmod>2026-04-07T19:36:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pictobrowser-gallery/pictobrowser-gallery-031-cross-site-request-forgery</loc>
<lastmod>2014-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32836-unauthenticated-privilege-escalation-via-edit-user-form</loc>
<lastmod>2026-05-14T19:18:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-3412-cross-site-scripting</loc>
<lastmod>2018-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows/funnel-builder-by-cartflows-1612-authenticated-stored-cross-site-scripting-via-fb-pixel-id-and-google-analytics-id</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-38102-unauthenticated-sql-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-awesome-login/wp-awesome-login-040-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-25T16:23:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hacklog-remote-image-autosave/hacklog-remote-image-autosave-210-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.2/wordpress-core-221-arbitrary-file-upload</loc>
<lastmod>2007-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-notices-manager/admin-notices-manager-140-missing-authorization-to-authenticated-subscriber-user-email-retrieval</loc>
<lastmod>2024-06-03T16:41:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jackmail-newsletters/emails-newsletters-with-jackmail-1222-authenticated-subscriber-csv-injecton</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-forms/cubewp-forms-115-missing-authorization</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-566-authenticated-administrator-local-file-inclusion-via-block_name-parameter</loc>
<lastmod>2026-04-13T14:13:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syncee-global-dropshipping/syncee-global-dropshipping-109-missing-authorization</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/webinarpress-13327-open-redirect</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/billplz-for-contact-form-7/billplz-addon-for-contact-form-7-120-reflected-cross-site-scripting</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-bar-notification/top-bar-notification-112-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:32:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-user-map/open-user-map-everybody-can-add-locations-1326-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-for-woocommerce-by-wbw-312-missing-authorization-to-unauthenticated-filter-data-deletion-via-truncate-table</loc>
<lastmod>2026-03-23T16:11:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-buttons-pack/social-buttons-pack-by-bestwebsoft-111-reflected-cross-site-scripting</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-961-authenticated-contributor-dom-based-stored-cross-site-scripting-via-tooltip</loc>
<lastmod>2024-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himer/wpqa-builder-forms-addon-for-wordpress-592-himer-193-and-discy-553-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2022-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-multihotel/js-multi-hotel-221-full-path-disclosure</loc>
<lastmod>2014-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager-colors/job-colors-for-wp-job-manager-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3124-missing-authorization-via-save_ditty_permissions_check</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elementor-addons/easy-elementor-addons-229-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:34:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-upload-images/auto-upload-images-332-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyevent/easyevent-100-authenticated-admin-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/contact-form-lead-form-elementor-builder-201-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-319-sql-injection-via-lang-parameter</loc>
<lastmod>2015-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-436-sensitive-information-exposure-via-imported-subscribers-csv-file</loc>
<lastmod>2024-08-28T23:41:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/similarity/similarity-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cgm-event-calendar/cgm-event-calendar-085-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bodi0s-easy-cache/bodi0s-easy-cache-08-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-membership/wcfm-membership-2100-unauthenticated-privilege-escalation</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-amazon/wp-lister-lite-for-amazon-242-reflected-cross-site-scripting</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-329-open-redirect</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeslot/booking-plugin-for-wordpress-appointments-time-slot-147-unauthenticated-arbitrary-email-sending</loc>
<lastmod>2025-11-18T17:24:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/empty-tags-remover/empty-tags-remover-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-136-unauthenticated-arbitrary-backup-download-to-sensitive-information-exposure</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-152-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-9733-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-773-authenticated-contributor-stored-cross-site-scripting-via-link-additional-parameters</loc>
<lastmod>2025-04-04T11:06:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/buzzstone/buzz-stone-magazine-viral-blog-wordpress-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar/calendar-1314-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/game-catalog/games-catalog-120-cross-site-request-forgery-to-arbitrary-gamepost-deletion</loc>
<lastmod>2026-05-19T12:06:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/headline-analyzer/headline-analyzer-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fevents-book/wp-fevents-book-046-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-imdb/shortcode-imdb-608-cross-site-request-forgery</loc>
<lastmod>2023-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/gutenberg-essential-blocks-page-builder-for-gutenberg-blocks-patterns-613-authenticated-author-server-side-request-forgery</loc>
<lastmod>2026-06-04T10:40:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ooorl/ooorl-100-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multi-store-locator/wp-multi-store-locator-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T21:37:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multisite-content-copier/multisite-content-copierupdater-200-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-portfolio/vw-portfolio-133-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-511-cross-site-scripting</loc>
<lastmod>2014-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1258-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auyautochat-for-wp/autochat-automatic-conversation-119-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-11-24T19:14:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jupiter/jupiterx-theme-206-and-jupiter-theme-6101-authenticated-path-traversal-and-local-file-inclusion</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payhere-payment-gateway/payhere-payment-gateway-2211-information-disclosure-via-log-files</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snowmountain/snow-mountain-143-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-subscriptions/woocommerce-subscription-460-cross-site-request-forgery</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-security-enhancer/wp-hide-security-enhancer-1792-reflected-cross-site-scripting</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg-lite-interactive-vector-maps/mapsvg-lite-869-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-wordpress-event-ticketing-3524-insecure-direct-object-reference-to-information-exposure</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-4135-authenticated-editor-privilege-escalation</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-193-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easyarchives/wp-easyarchives-312-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consulting-elementor-widgets/consulting-elementor-widgets-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermone-online-sermons-management/sermone-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happiness-reports-for-help-scout/satisfaction-reports-from-help-scout-203-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kintpv-connect/kintpv-wooconnect-8129-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fatal-error-notify/fatal-error-notify-152-cross-site-request-forgery-to-test-error-email-sending</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/loan-repayment-calculator-and-application-form-294-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-planification/wp-planification-231-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-menu/responsive-menu-403-cross-site-request-forgery-to-setting-modification</loc>
<lastmod>2021-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-post-thumbnail/magic-post-thumbnail-4110-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-buddypress-community-user-profile-social-network-membership-plugin-for-wordpress-125-authenticated-contributor-sql-injection</loc>
<lastmod>2024-06-19T12:20:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-import-menus/export-import-menus-191-missing-authorization-to-unauthenticated-menu-export</loc>
<lastmod>2025-01-06T19:18:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta/user-meta-user-profile-builder-and-user-management-plugin-111-arbitrary-file-upload</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nias-course/nias-course-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_add_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-flash-galleries/global-flash-gallery-0151-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-cross-site-request-forgery-via-categorifyajaxdeletecategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-128-missing-authorization-checks</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/wordpress-social-login-and-register-discord-google-twitter-linkedin-764-authentication-bypass</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-693-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusedwooPRO/infusedwoo-pro-512-unauthenticated-missing-authorization-to-privilege-escalation-via-iwar_save_recipe</loc>
<lastmod>2026-05-13T18:11:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/country-state-city-auto-dropdown/country-state-city-dropdown-cf7-271-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmention/webmention-562-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2026-04-01T19:17:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/f8-lite/f8-lite-421-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/triompher/triompher-golf-course-sports-club-wordpress-theme-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-to-display-post-and-user-data/display-custom-fields-in-the-frontend-post-and-user-profile-fields-121-insecure-direct-object-reference-to-authenticated-contributor-post-meta-disclosure</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/task-scheduler/task-scheduler-163-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms-uploads/ninja-forms-file-uploads-3022-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2019-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-widgets/essential-widgets-30-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2026-02-04T18:41:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail/wp-mail-11-reflected-cross-site-scripting</loc>
<lastmod>2016-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defender-security/defender-security-402-hide-login-page-feature-protection-bypass</loc>
<lastmod>2023-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-photo-gallery/photo-gallery-slideshow-masonry-tiled-gallery-1015-authenticated-subscriber-limited-server-side-request-forgery</loc>
<lastmod>2025-01-03T09:55:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-plugin-for-simple-google-adsense-insertion/wp-simple-adsense-insertion-20-cross-site-request-forgery</loc>
<lastmod>2022-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-petito/petito-164-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coditor/coditor-11-remote-code-execution</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/easybook/cththemes-citybook-234-townhub-106-easybook-122-themes-authenticated-post-deleition-via-idor</loc>
<lastmod>2019-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commenting-feature/multicollab-content-team-collaboration-and-editorial-workflow-52-missing-authorization-to-authenticated-subscriber-collaboration-comment</loc>
<lastmod>2026-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-anonymous-access/restrict-anonymous-access-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodely/shortcodely-101-authenticated-contributor-stored-cross-site-scripting-via-widget_area-shortcode-attribute</loc>
<lastmod>2026-05-11T19:04:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-operator/lsx-tour-operator-149-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-20T13:43:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/staggs/staggs-2110-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-1621-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1074-booking-price-manipulation-via-bookingpress_confirm_booking</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label-cms/white-label-ms-228-reflected-cross-site-scripting</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-wordpress-mu-281-username-enumeration</loc>
<lastmod>2009-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-324-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-4160-authenticated-author-stored-cross-site-scripting-via-block_id-shortcode-attribute</loc>
<lastmod>2026-06-30T14:48:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediaburst-email-to-sms/clockwork-sms-notfications-304-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-horizontal-reel-scroll-slideshow/image-horizontal-reel-scroll-slideshow-132-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaycurrency/yaycurrency-33-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-228-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pondol-bbs/pondol-bbs-1184-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-10-19T10:11:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-apps-login/google-apps-login-344-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversiosio-7213-missing-authorization</loc>
<lastmod>2025-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/altra-side-menu/altra-side-menu-20-cross-site-request-forgery-to-arbitrary-menu-deletion</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jc-importer/import-wp-export-and-import-csv-and-xml-files-to-wordpress-2130-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-9105008-reflected-cross-site-scripting</loc>
<lastmod>2026-01-06T16:37:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-700-authenticated-shop-manager-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2023-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rvg-optimize-database/optimize-database-after-deleting-revisions-50110-missing-authorization-via-odb_csv_download</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-globaltranz-edition/ltl-freight-quotes-globaltranz-edition-2312-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comparison-slider/comparison-slider-105-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-29T19:51:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads-htaccess-editor/easy-digital-downloads-htaccess-editor-101-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard-for-wp/exactmetrics-912-authenticated-editor-arbitrary-plugin-installationactivation-via-exactmetrics_connect_process</loc>
<lastmod>2026-04-22T19:44:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/box-now-delivery/box-now-delivery-302-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-276-authenticated-arbitrary-file-upload</loc>
<lastmod>2020-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payment-gateway-for-saferpay/woocommerce-payment-gateway-for-saferpay-049-unauthenticated-path-traversal</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmarketplace/wp-marketplace-complete-shopping-cart-ecommerce-solution-240-arbitrary-file-download</loc>
<lastmod>2015-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-android-and-ios-mobile-application-1113-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/gallery-image-and-video-gallery-with-thumbnails-201-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/green-wp-telegram-bot-by-teplitsa/teplobot-telegram-bot-for-wp-13-telegram-bot-token-disclosure</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnisend-connect/omnisend-for-woocommerce-1180-unauthenticated-omnisend-account-takeover-via-predictable-connect-token</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-admin-simplifier/user-admin-simplifier-300-cross-site-request-forgery</loc>
<lastmod>2026-06-18T13:52:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-responsive-wordpress-plugin-25-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-pdf/wp-advanced-pdf-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-6810-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-members/team-members-510-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-page-builder-3211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-426-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-testimonials-and-reviews-widget/social-proof-testimonials-and-reviews-by-repuso-521-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2163-authenticated-contributor-stored-cross-site-scripting-via-modern-heading-and-icon-picker-widgets</loc>
<lastmod>2024-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-or-post-clone/page-and-post-clone-60-insecure-direct-object-reference-to-authenticated-author-sensitive-information-exposure</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-admin-stored-cross-site-scripting-via-rawdata-parameter</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-woocommerce-product-reviews-with-multi-criteria-reminder-emails-google-reviews-schema-more-2212-unauthenticated-limited-remote-code-execution</loc>
<lastmod>2026-03-22T16:26:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-list-manager/video-list-manager-17-authenticated-contributor-sql-injection</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mlr-audio/ml-responsive-audio-player-with-playlist-shortcode-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conveythis-translate/language-translate-widget-for-wordpress-conveythis-223-unauthenticated-stored-cross-site-scripting-via-api_key</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eshop/eshop-6311-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosquare/wc-shop-sync-square-payment-gateway-and-product-synchronization-for-woocommerce-473-unauthenticated-information-exposure</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2140-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-whatsapp-chat/elfsight-whatsapp-chat-cc-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-1843-multiple-cross-site-scripting</loc>
<lastmod>2015-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zigaform-calculator-cost-estimation-form-builder-lite/zigaform-price-calculator-cost-estimation-form-builder-lite-747-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:43:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fx-toc/fx-toc-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-353-missing-authorization-to-unauthenticated-arbitrary-plugin-installation</loc>
<lastmod>2025-06-17T19:19:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-and-replace/search-replace-322-unauthenticated-php-object-injection</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-140-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-best-wordpress-survey-plugin-311-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-122-arbitrary-file-upload</loc>
<lastmod>2014-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-1138-authenticated-hydra-host-stored-cross-site-scripting</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-ready/contact-form-2012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-catalog-feed/product-catalog-feed-by-pixelyoursite-211-cross-site-request-forgery</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ashe-extra/ashe-extra-1291-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smm-api/smm-api-6030-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint/3dprint-3568-cross-site-request-forgery-to-arbitrary-file-download</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-manager-for-woocommerce/license-manager-for-woocommerce-2210-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affieasy/affieasy-116-cross-site-request-forgery-to-various-actions</loc>
<lastmod>2024-05-29T15:52:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breakdance/breakdance-171-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-accelerated-mobile-pages-107731-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emplibot/emplibot-ai-content-writer-with-keyword-research-infographics-and-linking-seo-optimized-fully-automated-109-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-12-12T15:26:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenslider/wordpress-slider-block-gutenslider-515-cross-site-scripting</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/any-hostname/any-hostname-106-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-retina-2x/wp-retina-2x-520-cross-site-scripting</loc>
<lastmod>2017-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_clear_cache_of_allsites_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1523-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spark-gf-failed-submissions/spark-gf-failed-submissions-135-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-445-sensitive-information-exposure</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-266-unauthenticated-sql-injection</loc>
<lastmod>2022-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-159-missing-authorization-to-icon-font-deletion</loc>
<lastmod>2025-01-30T00:56:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-export-import-403-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/counterpoint/counterpoint-181-reflected-cross-site-scripting</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woostify/woostify-191-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-8531-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-lockdown/login-lockdown-206-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-clients/sprout-clients-322-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register-premium/pie-register-premium-3832-authenticated-subscriber-limited-file-deletion</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-appointment/instant-appointment-12-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-03-20T21:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-express-wp-form-builder-917-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-578-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-1506-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-posts/category-posts-widget-4916-pro-4913-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcoder/shortcoder-create-shortcodes-for-anything-651-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-page/payment-page-payment-form-for-stripe-146-authenticated-author-stored-cross-site-scripting-via-pricing_plan_select_text_font_family-parameter</loc>
<lastmod>2026-02-13T18:30:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-base-booking-of-appointments-services-and-events/wp-base-booking-of-appointments-services-and-events-492-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure-via-app_export_db</loc>
<lastmod>2024-12-20T20:57:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-pull-quote/simple-pull-quote-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-smooth-gallery/nextgen-smooth-gallery-12-cross-site-scripting</loc>
<lastmod>2013-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-452-cross-site-scripting-via-mediaelementjs</loc>
<lastmod>2016-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-plugin-1659-stored-cross-site-scripting</loc>
<lastmod>2021-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/additional-product-fields-for-woocommerce/extra-product-options-builder-for-woocommerce-12133-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-10-23T22:12:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-bible-verse-via-shortcode/simple-bible-verse-via-shortcode-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-06T20:25:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-156-missing-authorization-to-unauthenticated-arbitrary-event-approval-via-eventlist-parameter</loc>
<lastmod>2026-01-16T15:39:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress/sportspress-sports-club-league-manager-2717-missing-authorization-to-unauthenticated-event-permalink-update</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-on-site-seo-72-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-maintenance-extension/mainwp-maintenance-extension-411-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-143-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1234-cross-site-request-forgery-via-cpdexbccf_feedback</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.8/wordpress-core-382-sql-injection</loc>
<lastmod>2014-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/parkivia/parkivia-119-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/cimatti-contact-forms-1411-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallwisher-shortcode/padlet-shortcode-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-20T19:22:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chilexpress-oficial/chilexpress-woo-oficial-129-reflected-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-collapse-o-matic/collapse-o-matic-182-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-share-buttons-adder/simple-share-buttons-adder-600-reflected-cross-site-scripting</loc>
<lastmod>2015-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33200-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-1255-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-log/wp-mail-log-112-authenticated-contributor-sql-injection-via-id</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystyle-custom-product-designer/mystyle-custom-product-designer-3211-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptables/wordpress-tables-139-reflected-cross-site-scripting-via-error_msg</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-373-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-sermons/advanced-sermons-36-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-5430-missing-authorization</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-import/rssimport-461-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-and-logout-redirect/login-and-logout-redirect-202-open-redirect</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-putler-connector/putler-connector-for-woocommerce-2120-missing-authorization-via-putler_connector_sync_complete</loc>
<lastmod>2023-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3556-cross-site-request-forgery</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tiger-claw/tiger-claw-1114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tb-testimonials/tbtestimonials-173-reflected-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uix-page-builder/uix-page-builder-174-reflected-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/variations-radio-buttons-for-woocommerce/radio-buttons-and-swatches-for-woocommerce-1120-reflected-cross-site-scripting</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activecampaign-for-woocommerce/activecampaign-for-woocommerce-196-missing-authorization-to-error-log-deletion</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-187-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-creator/ai-content-creator-126-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-315-php-object-injection</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aihub/aihub-137-unauthenticated-arbitrary-file-upload-in-generate_image</loc>
<lastmod>2025-04-18T14:37:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-text-multilanguage/quran-multilanguage-text-audio-2321-reflected-cross-site-scripting-via-sourate-and-lang-parameters</loc>
<lastmod>2024-12-09T21:09:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-world-map/interactive-world-map-320-reflected-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-memberships-groups-and-communities-579-insecure-direct-object-reference</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter2go/newsletter2go-4014-missing-authorization-to-authenticated-subscriber-style-reset</loc>
<lastmod>2025-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-130-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/wordpress-meta-data-and-taxonomies-filter-mdtf-133-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-stock-alert/woocommerce-product-stock-alert-201-missing-authorization-via-api</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hl-twitter/hl-twitter-2014118-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesmanago/salesmanago-381-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-instant-performance-speed-optimization-63003-reflected-cross-site-scripting-via-custom_server-parameter</loc>
<lastmod>2025-01-03T18:49:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tooth-fairy/tooth-fairy-dentist-dental-clinic-wordpress-theme-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weather-atlas/weather-atlas-widget-303-unauthenticated-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complete-gallery-manager/complete-gallery-manager-333-arbitrary-file-upload</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flybox/wp-flybox-646-cross-site-request-forgery</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-440-authenticated-contributor-stored-cross-site-scripting-via-class_wrapper_form-shortcode-attribute</loc>
<lastmod>2026-06-30T19:00:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baiduseo/seobing-214-missing-authorization</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/super-socializer-71344-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soleil/soleil-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-files-upload-woocommerce/checkout-files-upload-for-woocommerce-221-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T20:47:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-320-missing-authorization</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-390-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-report-post/wp-report-post-212-cross-site-request-forgery</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-425-missing-authorization</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-643-missing-authorization-via-aaladdlink</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/types/types-3417-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-399-cross-site-request-forgery</loc>
<lastmod>2022-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-288-reflected-cross-site-scripting</loc>
<lastmod>2014-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevant/relevant-related-featured-latest-and-popular-posts-by-bestwebsoft-107-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2015-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quicq/convert-webp-avif-quicq-best-image-optimizer-and-compression-plugin-improve-your-google-pagespeed-200-missing-authorization-to-authenticated-subscriber-afosto-disconnect</loc>
<lastmod>2025-11-12T20:23:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bakkbone-florist-companion/floristpress-730-missing-authorization-to-sensitive-data-exposure</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-3133-authenticated-contributor-stored-cross-site-scripting-via-rubix-widget</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-bundle-218-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/famethemes-demo-importer/fametheme-demo-importer-115-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authors-list/authors-list-202-reflected-cross-site-scripting-via-al_id</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-265-authenticated-contributor-sensitive-information-exposure-via-template_id</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-icons/simple-icons-284-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/article2pdf/article2pdf-027-denial-of-service</loc>
<lastmod>2019-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-countdown-timer/wpc-countdown-timer-for-woocommerce-314-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-301-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/photo-gallery-sliders-proofing-and-themes-nextgen-gallery-35912-authenticated-contributor-local-file-inclusion-via-template</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rdp-linkedin-login/rdp-linkedin-login-170-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/123-chat-videochat/123chat-130-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pullquote/pullquote-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-08T21:54:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cliengo/cliengo-chatbot-302-missing-authorization-to-authorized-subscriber-chatbot-settings-update</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-chaty-311-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.5/wordpress-core-251-authentication-bypass</loc>
<lastmod>2008-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doliconnect/doliconnect-932-reflected-cross-site-scripting</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stratum/stratum-elementor-widgets-144-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ftp-access/ftp-access-10-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-1010-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olympus-google-fonts/fonts-377-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-goods/simple-goods-013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwyns-imagemap-selector/gwyns-imagemap-selector-033-reflected-cross-site-scripting</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-wordpress-website-builder-1244-authenticated-contributor-stored-cross-site-scripting-via-align-attribute</loc>
<lastmod>2024-10-01T21:17:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2108-missing-authorization-to-unauthenticated-information-disclosure</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magazine-edge/magazine-edge-113-authenticated-subscriber-arbitrary-plugin-activation</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-1043-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-868-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-adsense-reloaded/quads-ads-manager-for-google-adsense-303-unauthenticated-information-exposure</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenmart/greenmart-organic-food-woocommerce-wordpress-theme-243-reflected-cross-site-scripting</loc>
<lastmod>2020-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-easy-seo/boldgrid-easy-seo-simple-and-effective-seo-1613-authenticatedcontributor-stored-cross-site-scripting-via-meta-description</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-5411-unauthenticated-stored-cross-site-scripting-via-user-agent-header</loc>
<lastmod>2026-05-27T18:28:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5119-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-26T23:27:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prettyphoto/wordpress-prettyphoto-11-dom-cross-site-scripting</loc>
<lastmod>2015-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fonts-manager-custom-fonts/fonts-manager-custom-fonts-12-unauthenticated-sql-injection-via-fmcfidselectedfnt-parameter</loc>
<lastmod>2026-03-20T15:14:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pixels-by-jevnet/easy-pixels-by-jevnet-213-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-08T19:40:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-139-unauthenticated-path-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rollback/wp-rollback-123-cross-site-scripting</loc>
<lastmod>2015-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-wordpress-help-desk-116-missing-authorization</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-html-mail/wp-html-mail-309-missing-authorization-on-rest-route</loc>
<lastmod>2022-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convert-post-types/convert-post-types-14-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-gallery/portfolio-gallery-157-reflected-cross-site-scripting</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandcarrental/grand-car-rental-369-cross-site-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yeemail/email-templates-customizer-for-wordpress-drag-and-drop-email-templates-builder-yeemail-214-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-fields-account-registration-for-woocommerce/custom-fields-account-registration-for-woocommerce-11-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-builder/app-builder-create-native-android-ios-apps-on-the-flight-5510-unauthenticated-privilege-escalation-via-role-parameter</loc>
<lastmod>2026-03-20T15:06:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/FlagEm/flagem-unknown-versions-cross-site-scripting</loc>
<lastmod>2013-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rockhoist-badges/rockhoist-badges-122-authenticated-stored-cross-site-scripting</loc>
<lastmod>2017-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-migration-tool/tutor-lms-migration-tool-220-missing-authorization-in-tutor_import_from_xml</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-561-sensitive-information-exposure-via-diff-response</loc>
<lastmod>2016-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms-hook-fields/buddyforms-hook-fields-138-cross-site-scripting</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aora/aora-139-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-seo-optimized/pop-up-01-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hdw-player-video-player-video-gallery/hdw-player-plugin-video-player-video-gallery-242-authenticated-admin-sql-injection</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tidekey/tidekey-11-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wr-price-list-for-woocommerce/wr-price-list-manager-for-woocommerce-108-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphina-elementor-charts-and-graphs/graphina-elementor-charts-and-graphs-318-authenticated-contributor-stored-cross-site-scripting-via-chart-widgets</loc>
<lastmod>2025-11-04T21:12:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-youtube-gallery/automatic-youtube-gallery-233-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-lite-176-cross-site-request-forgery-via-admin_galleries</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a3-portfolio/a3-lazy-load-260-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autocompleter/autocompleter-1352-cross-site-request-forgery</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastform/contact-forms-drag-drop-contact-form-builder-105-authenticated-admin-arbitrary-system-file-read</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-tape/social-tape-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-241216-reflected-cross-site-scripting</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-291-missing-authorization-to-unauthenticated-plugin-setup-wizard-access</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formafzar/formafzar-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadfox/leadfox-for-wordpress-219-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gravity-forms-spreadsheets/connector-for-gravity-forms-and-google-sheets-124-open-redirect</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pay-with-tweet/pay-with-tweet-11-authenticated-sql-injection</loc>
<lastmod>2012-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmarkapp-email-integrator/postmarkapp-email-integrator-24-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-countdown-block/countdown-block-111-missing-authorization</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-information-disclosure</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-229-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-zendesk/wp-gravity-forms-zendesk-112-open-redirect</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.4/wordpress-core-643-authenticatedadministrator-php-file-upload</loc>
<lastmod>2018-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-1051-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-simple-ecommerce-for-selling-digital-files-2102-cross-site-request-forgery</loc>
<lastmod>2021-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/corner-ad/corner-ad-1056-cross-site-request-forgery</loc>
<lastmod>2022-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-pages-list/show-pages-list-120-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reloaded-rezdy/rezdy-reloaded-101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-paypal/easy-paypal-buy-now-button-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-sell-digital-products-securely-591-cross-site-request-forgery</loc>
<lastmod>2024-09-24T12:16:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3215-cross-site-scripting</loc>
<lastmod>2021-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-store-toolkit/store-toolkit-for-woocommerce-231-reflected-cross-site-scripting</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-1338-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-white-label-wordpress-custom-login-page-customizer-3418-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-10T14:57:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4275-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arscode-ninja-popups/ninja-popups-478-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gridiron/gridiron-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-affiliate-plugin-for-woocommerce-781-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arkhe-blocks/arkhe-blocks-2230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-wordpress-booking-plugin-2719-missing-authorization</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/access-code-feeder/access-code-feeder-103-missing-authorization</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-214-authenticatededitor-arbitrary-file-upload-via-add_image_from_url</loc>
<lastmod>2024-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360-product-rotation/360-product-rotation-158-reflected-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popup-optin/wp-responsive-popup-optin-14-cross-site-request-forgery-to-stored-cross-site-scripting-via-wpo_image_url-parameter</loc>
<lastmod>2026-04-21T19:08:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-chat-wp/instant-chat-floating-button-for-wordpress-websites-105-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-224-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/wordpress-classifieds-plugin-ad-directory-listings-by-awp-classifieds-30-sql-injection</loc>
<lastmod>2014-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oyster/oyster-photography-wordpress-443-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/history-log-by-click5/history-log-by-click5-1013-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripetto/wordpress-form-builder-plugin-for-contact-forms-surveys-and-quizzes-tripetto-808-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-02-04T16:23:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-template-activation</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-professional-products-tables-for-woocommerce-store-1061-missing-authorization</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-invisible-recaptcha/cf7-invisible-recaptcha-132-cross-site-scripting</loc>
<lastmod>2018-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-289-missing-authorization-to-authenticated-subscriber-arbitrary-user-profile-picture-update</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-mega-menu/mega-menu-307-reflected-cross-site-scripting</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a3-responsive-slider/a3-responsive-slider-210-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordapp/wordapp-170-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-player/wp-silverlight-media-player-08-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infographic-and-list-builder-ilist/ai-infographic-maker-490-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-01-30T22:49:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/denticare/denticare-143-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotim-comments/spotim-comments-404-cross-site-scripting</loc>
<lastmod>2017-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-84-authenticated-contributor-limited-local-file-inclusion-via-widgets</loc>
<lastmod>2024-07-03T14:51:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-hygiene/media-hygiene-400-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-button/call-now-button-146-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-305-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-pricing-tables-lite-by-optimalplugins/pricing-tables-for-wp-110-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2026-05-11T19:05:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-265-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-js/wp-js-206-reflected-cross-site-scripting</loc>
<lastmod>2022-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-571-password-protection-mode-security-feature-bypass</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/html5-video-player-2524-unauthenticated-sql-injection-via-id</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lobo/lobo-286-missing-authorization</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-image-alt-text-generator-for-wp/ai-image-alt-text-generator-for-wp-111-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-723-authenticated-shopmanager-stored-cross-site-scripting-via-wcj_product_meta-shortcode</loc>
<lastmod>2024-11-25T20:30:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-codes/add-custom-codes-480-cross-site-request-forgery</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post-gallery/post-gallery-2312-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/domain-sharding/domain-sharding-121-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1130-reflected-cross-site-scripting</loc>
<lastmod>2014-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.3/wordpress-core-332-sensitive-information-disclosure</loc>
<lastmod>2012-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-1171-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ona/ona-126-authenticated-administrator-blind-server-side-request-forgery-via-download_link-parameter</loc>
<lastmod>2026-05-01T16:42:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-553-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/busiprof/busiprof-248-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-164-cross-site-scripting</loc>
<lastmod>2015-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked-pro/cooked-pro-180-cross-site-request-forgery</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-product-labels-for-woocommerce/advanced-product-labels-for-woocommerce-1236-reflected-cross-site-scripting</loc>
<lastmod>2022-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3_tooltips/css3-tooltips-for-wordpress-18-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-4871-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timber-library/timber-1231-use-of-a-vulnerable-dependency</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-dynamic-blocks-form-builder-3601-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/luxedrive/luxedrive-limousine-and-car-rental-wordpress-theme-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoship-cloud/autoship-cloud-for-woocommerce-subscription-products-280-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1084-authorization-bypass-to-arbitrary-file-uploaddelete</loc>
<lastmod>2015-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-push-notification/all-push-notification-for-wp-153-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6160-cross-site-request-forgery-via-delete</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-based-greeting/time-based-greeting-222-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-magazine-modules-lite/wp-magazine-modules-lite-112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-shortcodes/themify-shortcodes-208-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxi-blocks/maxiblocks-210-missing-authorization-to-authenticated-contributor-arbitrary-options-update</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedalbum-pro/embedsocial-social-media-feeds-reviews-and-galleries-1127-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-image-alt-text-with-yoast/bialty-bulk-image-alt-text-alt-tag-alt-attribute-with-yoast-seo-woocommerce-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-08T17:58:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-cdn-remote-images/import-cdn-remote-images-212-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-two-factor-authentication-for-wordpress-250-cross-site-request-forgery</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-600-booster-plus-600-and-booster-elite-600-for-woocommerce-cross-site-request-forgery</loc>
<lastmod>2023-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/article2pdf/article2pdf-024-027-information-disclosure</loc>
<lastmod>2019-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-login/hide-login-351-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-390-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thinkun-remind/thinkun-remind-113-directory-traversal</loc>
<lastmod>2012-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-369-missing-authorization-to-authenticated-contributor-arbitrary-gallery-management</loc>
<lastmod>2026-01-19T10:31:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10276-authenticated-contributor-stored-cross-site-scripting-via-colibri_video_player-shortcode</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-share-buttons-analytics-by-getsocial/social-share-buttons-analytics-plugin-getsocialio-45-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-woocommerce-google-product-feed-plugin-basic/elex-woocommerce-google-shopping-google-product-feed-143-authenticated-admin-sql-inejction</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-454-457-authenticated-author-arbitrary-file-upload-via-import-zip</loc>
<lastmod>2025-12-05T21:16:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-2170-missing-authorization-to-authenticatedsubscriber-plugin-activation</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-newspaper-magazine-news-buddypress-amp-544-reflected-cross-site-scripting</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgets-for-tiktok-video-feed/widgets-for-tiktok-feed-173-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-25T13:31:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sharebar/sharebar-141-cross-site-request-forgery-to-settings-update-cross-site-scripting</loc>
<lastmod>2022-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-wordpress-website-builder-122-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-frases/vr-frases-301-reflected-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wolverine-framework/wolverine-framework-19-reflected-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-1102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sydney-toolbox/sydney-toolbox-126-authenticated-contributor-stored-cross-site-scripting-via-_id</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-google-cloud-print-gcp-woocommerce/bizprint-4339-missing-authorization-via-showtemplatepreview</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets/code-snippets-2133-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2020-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magn-html5-drag-and-drop-media-uploader/magn-wp-drag-and-drop-media-uploader-120-arbitrary-file-upload</loc>
<lastmod>2013-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-153-authenticated-contributor-php-object-injection</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sully/sully-430-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-874-unauthenticated-sql-injection</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-pickup-location-date-time-free-version/order-delivery-pickup-location-date-time-free-version-110-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager-ultimate/woocommerce-frontend-manager-ultimate-677-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emails-verification-for-woocommerce/customer-email-verification-for-woocommerce-295-authentication-bypass-via-shortcode</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-4010-authenticated-shop-manager-sql-injection-via-sort_direction-parameter</loc>
<lastmod>2026-06-17T16:45:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6208-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-local-pickup-for-woocommerce/advanced-local-pickup-for-woocommerce-152-cross-site-request-forgery</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-popup/wp-super-popup-112-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/continuous-image-carousel-with-lightbox/continuous-image-carousel-with-lightbox-1015-reflected-cross-site-scripting-via-search_term-order_by-and-order_pos</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/travel-1110-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-t-countdown-widget/jquery-t-countdown-widget-2323-authenticated-contributor-stored-cross-site-scripting-via-shortocde</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-optimizer-wd/image-optimizer-by-10web-1025-directory-traversal-to-information-exposure</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xerte-online/xerte-online-035-arbitrary-file-upload</loc>
<lastmod>2013-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-management-system/library-management-system-320-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-11T15:36:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-5910-missing-authentication-to-unauthenticated-mailing-queue-trigger</loc>
<lastmod>2025-11-18T16:15:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-zoho/integration-for-contact-form-7-and-zoho-crm-bigin-123-authenticated-admin-sql-injection</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-491-reflected-cross-site-scripting</loc>
<lastmod>2017-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pressapps-knowledge-base/pressapps-knowledge-base-contextual-sidebar-addon-421-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-gallery/file-gallery-1854-reflected-cross-site-scripting-via-post_id</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-281-unauthenticated-sql-injection</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blue-wrench-videos-widget/blue-wrench-video-widget-200-cross-site-request-forgery-and-to-cross-site-scripting</loc>
<lastmod>2013-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/endless-scroll/endless-scroll-100-improper-neutralization-of-input-during-web-page-generation-cross-site-scripting</loc>
<lastmod>2026-05-26T17:21:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/build/build-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms-uploads/ninja-forms-file-upload-3326-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-04-06T15:57:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-create-countdown-coupon-video-contact-form-popups-550-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-mail-queue/gd-mail-queue-393-unauthenticated-stored-cross-site-scripting-via-email</loc>
<lastmod>2023-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/membership-plugin-restrict-content-3215-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-pagepost-redirect-plugin/quick-pagepost-redirect-plugin-505-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-183-cross-site-scripting</loc>
<lastmod>2015-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/interface/interface-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/up-down-image-slideshow-gallery/up-down-image-slideshow-gallery-120-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-259-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-14-authenticated-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-league/the-league-441-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation</loc>
<lastmod>2022-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/query-monitor/query-monitor-3203-reflected-cross-site-scripting-via-request-uri</loc>
<lastmod>2026-03-30T23:21:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mylinks/wp-mylinks-106-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ah-shortcodes/ah-shortcodes-102-authenticated-contributor-stored-cross-site-scripting-via-column-shortcode-attribute</loc>
<lastmod>2026-01-06T20:47:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vehica-core/vehica-core-1097-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluentforms-4324-authenticatedcontributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guest-author/guest-author-23-authenticated-stored-cross-site-scripting</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-actions-and-filters/add-shortcodes-actions-and-filters-210-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/christine-miller/miller-133-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-software-for-wordpress/livechat-4515-cross-site-request-forgery</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-modal/easy-modal-210-authenticated-admin-sql-injection</loc>
<lastmod>2017-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-play-button-for-wordpress/sptify-play-button-for-wordpress-210-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-1625-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prosolution-wp-client/prosolution-wp-client-200-unauthenticated-arbitrary-file-upload-via-files</loc>
<lastmod>2026-05-19T12:03:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-members-for-elementor/team-members-for-elementor-page-builder-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-243-cross-site-scripting</loc>
<lastmod>2015-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-84-stored-cross-site-scripting</loc>
<lastmod>2014-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/ip2location-country-blocker-2264-ban-bypass</loc>
<lastmod>2022-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-398-multiple-cross-site-request-forgery-vulnerabilities</loc>
<lastmod>2021-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-rss/flickrrss-531-cross-site-scripting-via-flickrrss_id</loc>
<lastmod>2018-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-thumbnails/related-posts-thumbnails-plugin-for-wordpress-432-cross-site-request-forgery</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel-slider-for-elementor/post-carousel-slider-for-elementor-160-authenticated-subscriber-missing-authorization-via-process_wbelps_promo_form-function</loc>
<lastmod>2025-06-25T13:45:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventify/eventify-21-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rehub-framework/rehub-framework-1995-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-random-button/wp-random-button-10-authenticated-contributor-stored-cross-site-scripting-via-cat-shortcode-attribute</loc>
<lastmod>2026-03-20T15:06:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-craftxtore/craftxtore-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-gallery/wp-youtube-gallery-19-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-01-06T15:04:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/education-zone/education-zone-134-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.8/wordpress-core-582-ca-bundlecrt-contains-expired-certificate-dst-root-ca-x3</loc>
<lastmod>2021-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-3151-unauthenticated-sql-injection</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rs-survey/rs-survey-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-webinar-meeting-plugin-for-zoom-google-meet-microsoft-teams-156-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-10-24T13:42:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3552-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-73-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt-easy-builder-advanced-addons-for-elementor/rt-easy-builder-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-11T13:48:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-106-unauthenticated-arbitrary-file-upload-via-image_upload_handle-function</loc>
<lastmod>2025-07-23T16:22:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-random-post/ajax-random-post-200-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vimeo-simplegallery/vimeo-simplegallery-02-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-modification</loc>
<lastmod>2025-12-11T14:25:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/title-field-validation/title-field-validation-11-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-329-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-shortcodes/galleries-by-angie-makes-167-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendarista-basic-edition/calendarista-basic-edition-302-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-169-authenticated-administrator-path-traversal-to-arbitrary-file-read-via-download_path-parameter</loc>
<lastmod>2026-02-17T19:12:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-636-information-exposure</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-2127-authenticated-cross-site-scripting</loc>
<lastmod>2022-05-06T13:37:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clone-menu/wp-clone-menu-101-missing-authorization-to-menu-clone</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gnucommerce/gnucommerce-142-stored-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cosign-sso/cosign-single-signon-031-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-04T16:39:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-anything-on-click/popup-anything-a-marketing-popup-and-lead-generation-conversions-216-reflected-cross-site-scripting</loc>
<lastmod>2022-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5-anker-connect/5-anker-connect-126-reflected-cross-site-scripting</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arkhe-blocks/arkhe-blocks-2271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tk-google-fonts/tk-google-fonts-gdpr-compliant-2211-missing-authorization-to-font-deletion</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sku-for-woocommerce/sku-generator-for-woocommerce-162-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-bootstrap-blocks/all-bootstrap-blocks-1315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/malinky-ajax-pagination/ajax-pagination-and-infinite-scroll-201-cross-site-request-forgery</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-waiting-list/yith-woocommerce-waiting-list-260-cross-site-request-forgery-via-save_mail_status</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hummingbird-performance/hummingbird-373-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-101413-missing-authorization-to-unauthenticated-booking-details-exposure</loc>
<lastmod>2026-01-30T16:06:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-redirectionpagecontent-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogty/blogty-1011-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tencentcloud-cos/tencentcloud-cos-107-cross-site-request-forgery</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-44-cross-site-request-forgery-via-ladiflow_save_hook</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_move_object</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-ogp-meta-tags/lh-ogp-meta-173-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wschat-live-chat/wschat-wordpress-live-chat-316-missing-authorization-to-authenticated-subscriber-settings-reset</loc>
<lastmod>2025-11-18T17:25:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-code-for-woocommerce/product-code-for-woocommerce-144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-406-missing-authorization-via-get</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-header-images/custom-header-images-121-cross-site-request-forgery</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flipmart/flipmart-28-missing-authorization</loc>
<lastmod>2026-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-209-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azonbox/azonbox-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linksy-search-and-replace/linksy-search-and-replace-104-missing-authorization-to-authenticated-subscriber-arbitrary-database-update-via-linksy_search_and_replace_item_details</loc>
<lastmod>2026-03-20T14:38:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-estimation-form/wp-cost-estimation-payment-forms-builder-10175-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-manager/broken-link-manager-045-cross-site-scripting</loc>
<lastmod>2015-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-dofollow/smart-dofollow-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastfm-rotation/lastfm-rotation-10-directory-traversal</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arkhe/arkhe-3110-cross-site-request-forgery-to-local-file-inclusion</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar/modern-events-calendar-7110-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-button/call-now-button-111-reflected-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipe-card-blocks-by-wpzoom/recipe-card-blocks-for-gutenberg-elementor-343-insecure-direct-object-reference-to-authenticated-contributor-post-disclosure</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-drag-drop-wordpress-form-builder-252-cross-site-request-forgery-to-survey-creation</loc>
<lastmod>2026-01-23T20:33:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-341-authenticated-sql-injection</loc>
<lastmod>2022-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-wp/slideshow-wp-11-authenticated-contributor-stored-cross-site-scripting-via-sswp-slide-shortcode-sswpid-attribute</loc>
<lastmod>2026-02-10T20:08:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-4323-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-predictive-search/predictive-search-for-woocommerce-105-cross-site-scripting</loc>
<lastmod>2012-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-1677-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sourceafrica/sourceafrica-013-cross-site-scripting</loc>
<lastmod>2015-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-login-and-registration-blocks/frontend-login-and-registration-blocks-111-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-event-timeline/event-timeline-116-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-397-missing-authorization-to-authenticated-subscriber-unauthorized-private-course-enrollment</loc>
<lastmod>2026-04-10T11:46:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-sell-digital-products-securely-593-authenticated-contributor-stored-cross-site-scripting-via-wpdmpp_pay_link-shortcode</loc>
<lastmod>2024-11-20T13:54:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-likes/wp-likes-311-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-or-embed-articulate-content-into-wordpress/insert-or-embed-articulate-content-into-wordpress-43000000025-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-nivo-slider/simple-nivo-slider-056-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:22:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-linkedin-auto-publish/wp-linkedin-auto-publish-811-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-by-supsystic/popup-by-supsystic-1104-reflected-cross-site-scripting</loc>
<lastmod>2021-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-register-profile-with-shortcode/wp-register-profile-with-shortcode-357-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/afiliados-de-amazon-lite/amazon-affiliate-lite-plugin-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-19T15:05:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/membership-plugin-restrict-content-3216-missing-authentication-to-insecure-direct-object-reference-and-sensitive-information-exposure</loc>
<lastmod>2026-01-15T20:39:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unite-gallery-lite/unite-gallery-lite-1759-authenticatedadministrator-local-file-inclusion-via-view-parameter</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-2099-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wiseagentleadform/wise-agent-capture-forms-20-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-based-login/ip-based-login-243-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-252-authenticated-editor-stored-cross-site-scripting-via-job-description-field</loc>
<lastmod>2025-12-11T15:05:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-thumbnailsBanner/lambertgroup-allinone-banner-with-thumbnails-38-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cysteme-finder/cysteme-finder-13-arbitrary-file-uploadread</loc>
<lastmod>2016-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4263-insecure-direct-object-reference</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-1132-authenticated-custom-role-sql-injection</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-caption/featured-image-caption-0810-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-app-online/build-app-online-1023-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-tables-table-charts-2165-authenticatedadministrator-php-object-injection</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcargo/wpcargo-track-trace-801-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager-pro/events-manager-535-events-manager-pro-229-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auth0/login-by-auth0-460-reflected-cross-site-scripting-via-wle</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freesoul-deactivate-plugins/freesoul-deactivate-plugins-1940-information-disclosure</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nrgbusiness/the-business-161-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-comments/quote-comments-300-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envialosimple-email-marketing-y-newsletters-gratis/envalosimple-22-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-elearning-and-online-course-builder-for-wordpress-1133-authenticated-student-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-10-28T16:31:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-construction-mode/wp-construction-mode-191-reflected-cross-site-scripting</loc>
<lastmod>2014-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wpresidence/wpresidence-532-missing-authorization</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgform/google-forms-092-unauthenticated-server-side-request-forgery</loc>
<lastmod>2018-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-3572-missing-authorization</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realtyna-provisioning/realtyna-provisioning-122-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiparcels-shipping-for-woocommerce/multiparcels-shipping-for-woocommerce-1169-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-461-woocommerce-blocks-370-settings-bypass-leading-to-account-creation</loc>
<lastmod>2020-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vk/wp-vk-133-cross-site-request-forgery-via-ajax-actions</loc>
<lastmod>2023-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloprint/plug-your-woocommerce-into-the-largest-catalog-of-customized-print-products-from-helloprint-204-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recentcomments/wp-recentcomments-206-cross-site-scripting</loc>
<lastmod>2011-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-sub-menus/custom-menu-133-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T20:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetize-pages-light/widgetize-pages-light-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acymailing/acymailing-972-authenticated-subscriber-arbitrary-file-upload-via-acym_extractarchive-function</loc>
<lastmod>2024-08-21T13:54:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-app-banner/smart-app-banner-113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-11019-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-3290-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-09T16:22:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigbluebutton/bigbluebutton-300-beta4-reflected-cross-site-scripting</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WP_Estimation_Form/wp-cost-estimation-1030-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-colorbox/simple-colorbox-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171056-missing-authorization</loc>
<lastmod>2026-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dssearchagent-wordpress-edition/dssearchagent-wordpress-edition-10-beta10-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-rights-access-manager/user-rights-access-manager-103-missing-authorization</loc>
<lastmod>2021-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-to-top-button/float-to-top-button-236-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/electrician/electrician-electrical-service-wordpress-56-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amministrazione-aperta/amministrazione-aperta-373-admin-local-file-inclusion</loc>
<lastmod>2022-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-shortcodes/accordion-shortcodes-242-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-restaurant-menu/restaurant-menu-by-motopress-247-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-wordpress-wave-audio-player-with-playlist-691-missing-authorization-to-authenticated-subscriber-limited-options-update-and-settings-manipulation</loc>
<lastmod>2025-04-04T16:43:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-wordpress-data-table-dynamic-tables-table-charts-plugin-34212-unauthenticated-stored-cross-site-scripting-via-csv-import</loc>
<lastmod>2024-05-22T14:10:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-reservation-system/my-reservation-system-23-reflected-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/online-scheduling-and-appointment-booking-system-bookly-274-unauthenticated-information-exposure</loc>
<lastmod>2026-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-wp-utilities-0117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-payments-for-woocommerce/mollie-payments-for-woocommerce-770-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4294-missing-authorization-to-unauthenticated-arbitrary-callback-execution-to-information-exposure</loc>
<lastmod>2025-11-20T16:53:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-sync/wp-duplicate-wordpress-migration-plugin-116-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classified-ads-145-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popup-builder/wp-popup-builder-popup-forms-and-marketing-lead-generation-135-unauthenticated-arbitrary-shortcode-execution-via-wp_ajax_nopriv_shortcode_api_add</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-87-authenticated-editor-privilege-escalation</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-143-unauthenticated-sql-injection-via-select_2_ajax-function</loc>
<lastmod>2025-11-20T20:36:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blue-triad-ezanalytics/blue-triad-ezanalytics-10-reflected-cross-site-scripting-via-bt_webid</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popover-windows/popover-windows-12-missing-authorization-to-authenticated-subscriber-popover-configuration-update-via-ajax-actions</loc>
<lastmod>2025-12-12T16:09:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-date-and-time-shortcode/wp-date-and-time-shortcode-267-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player/spidervplayer-1518-multiple-blind-authenticated-sql-injections</loc>
<lastmod>2016-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fb-reviews-widget/trustreviews-23-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-bootstrap-elements-for-elementor/ultimate-bootstrap-elements-for-elementor-140-authenticated-contributor-stored-cross-site-scripting-via-image-widget</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-pdf-flipbook-viewer-flipbook-image-gallery-1156-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-4614-missing-authorization-via-export_settings</loc>
<lastmod>2023-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-migration-tool/tutor-lms-migration-tool-220-missing-authorization-in-tutor_lp_export_xml</loc>
<lastmod>2024-07-26T13:10:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/organization-chart/organization-chart-144-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-3130-missing-authorization</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ect-social-share/ect-social-share-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-for-beaver-builder/timeline-module-for-beaver-builder-113-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/event-manager-events-calendar-events-tickets-for-woocommerce-eventin-3350-missing-authorization-to-unauthenticated-events-export</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-5181-insecure-direct-object-reference-to-sensitive-information-exposure</loc>
<lastmod>2025-01-29T18:25:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guardgiant/guardgiant-brute-force-protection-226-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T15:09:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-1814-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-169234-cross-site-request-forgery</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/philantro/philantro-donations-and-donor-management-52-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/automotive/automotive-car-dealership-business-wordpress-theme-134-authenticated-contributor-stored-cross-site-scripting-via-call-to-action-fields</loc>
<lastmod>2026-02-26T18:08:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.7/wordpress-mu-27-cross-site-scripting</loc>
<lastmod>2009-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auctions/wordpress-auction-plugin-37-authenticated-editor-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-rss-excerpt/scroll-rss-excerpt-50-reflected-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/promotion-slider/promotion-slider-334-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-488-cross-site-request-forgery</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/algori-pdf-viewer/pdfjs-20943-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T14:03:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertplug/convertplug-3525-missing-authorization-to-authenticated-subscriber-limited-arbitrary-options-update</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-slider/image-slider-by-ays-responsive-slider-and-carousel-271-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spid-italia/wp-spid-italia-29-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T19:04:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-340-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resize-image-after-upload/resize-image-after-upload-185-cross-site-request-forgery</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-consent-manager/gdpr-extensions-com-consent-manager-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-09T13:28:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-carousel/magic-responsive-slider-and-carousel-wordpress-16-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/co-marquage-service-public/co-marquage-service-publicfr-0572-reflected-cross-site-scripting-via-search_term</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-3911-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-slider/super-responsive-slider-14-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-local-rank/true-ranker-222-directory-traversalarbitrary-file-read</loc>
<lastmod>2021-12-13T12:43:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-view/link-view-080-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-my-account-for-woocommerce/sysbasics-customize-my-account-for-woocommerce-2729-reflected-cross-site-scripting-via-tab-parameter</loc>
<lastmod>2024-11-09T00:08:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist-booking/directorist-booking-241-unauthenticated-sql-injection</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-categories-assign/bulk-categories-assign-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-3058-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-missing-authorization-in-ajaxcalculateprice-function</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cardcom-payment-gateway/cardcom-payment-gateway-3504-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-2110-missing-authorization-to-authenticated-subscriber-to-enabledisable-addons</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesalex/wholesalex-132-unauthenticated-privilege-escalation</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recent-posts-slider/recent-posts-slider-11-cross-site-request-forgery</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backupbliss-backup-migration-with-free-cloud-storage-211-unauthenticated-information-exposure</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-button/social-share-button-21-stored-cross-site-scripting</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-html-here/insert-html-here-10-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-contact-form-7/pdf-for-contact-form-7-drag-and-drop-template-builder-633-missing-authorization-to-authenticated-subscriber-arbitrary-post-duplication</loc>
<lastmod>2025-12-11T21:11:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translatepress-multilingual/translatepress-208-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-image-slider-video-slider-31060-authenticated-editor-remote-code-execution</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-buddy-extension/mainwp-buddy-extension-401-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5230-missing-authorization</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1291-hubspot-developer-api-key-sensitive-information-exposure</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conference-scheduler/conference-scheduler-251-authenticated-contributor-stored-cross-site-scripting-via-classname-parameter</loc>
<lastmod>2025-06-23T18:33:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-snippets/post-snippets-402-authenticated-administrator-stored-cross-site-scripting-via-snippet_content</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/st-category-wp/st-categories-widget-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:17:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/project-manager-301-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-accelerated-mobile-pages-119-cross-site-request-forgery-to-comment-submission</loc>
<lastmod>2026-01-06T16:00:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-permalinks/custom-permalinks-11-cross-site-scripting</loc>
<lastmod>2018-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scottcart/scottcart-11-unauthenticated-remote-code-execution</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hyperlink-group-block/hyperlink-group-block-1175-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slim-seo/slim-seo-454-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/wzone-14031-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-166-reflected-cross-site-scripting-via-calid-parameter</loc>
<lastmod>2021-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dyapress/dyapress-erpcrm-18020-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-lesson-booking-system/online-lesson-booking-086-cross-site-scripting</loc>
<lastmod>2019-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trust-form/trust-form-200-cross-site-scripting</loc>
<lastmod>2018-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reset/wp-reset-202-missing-authorization-to-license-key-modification</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-389-cross-site-request-forgery</loc>
<lastmod>2015-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-worldwide-express-edition/ltl-freight-quotes-worldwide-express-edition-5020-unauthenticated-sql-injection</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-977-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guardgiant/wordpress-brute-force-protection-stop-brute-force-attacks-225-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-browser-update/wp-browserupdate-45-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2815-reflected-cross-site-scripting-via-url-parameters-in-iframe-mode</loc>
<lastmod>2026-06-05T14:15:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-category-management/wp-media-category-management-20-233-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-02-18T19:23:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/findgo/findgo-1331-cross-site-scripting</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpel-reserveren/simpel-reserveren-3-352-reflected-cross-site-scripting</loc>
<lastmod>2016-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-to-start/404-to-start-161-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-210-unauthenticated-local-file-inclusion</loc>
<lastmod>2017-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sparky/sparky-10-cross-site-scripting</loc>
<lastmod>2012-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-37-arbitrary-file-read</loc>
<lastmod>2015-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-203-code-injection</loc>
<lastmod>2014-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tracking-code-manager/tracking-code-manager-210-missing-authorization-via-change_order</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fwdevp/easy-video-player-wordpress-woocommerce-100-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cleanfix/wp-cleanfix-301-cross-site-request-forgery</loc>
<lastmod>2012-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendar-wd/event-calendar-1144-cross-site-scripting</loc>
<lastmod>2021-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-widget/social-media-widget-408-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-website-builder-pro-3210-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3399-unauthenticated-information-exposure</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/little-birdies/little-birdies-multipurpose-children-psd-template-1316-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reusable-text-blocks/reusable-text-blocks-153-authenticated-author-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-comment-notifications/custom-comment-notifications-108-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/romethemeform/romethemeform-for-elementor-112-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-responsive-multi-purpose-theme-421-information-exposure</loc>
<lastmod>2018-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendapp/calendapp-11-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-registration-forms/easy-registration-forms-211-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-11-18T16:42:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-twitch-integration/streamweasels-twitch-integration-178-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kata-plus/kata-plus-147-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminimize/adminimize-1721-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-153-arbitrary-file-upload</loc>
<lastmod>2022-04-18T10:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-wp-audio-player/compact-wp-audio-player-196-setting-change-via-cross-site-request-forgery</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-1646-authenticated-contributor-stored-cross-site-scripting-via-page-title-widget</loc>
<lastmod>2024-12-22T16:21:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a3-lazy-load/a3-lazy-load-275-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T15:42:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-rss/embed-rss-31-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-363-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-497-authenticated-contributor-sensitive-information-exposure-via-internaloptions-localized-script-data</loc>
<lastmod>2026-05-19T14:51:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-701-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-3341-authenticated-administrator-privilege-escalation</loc>
<lastmod>2024-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1252-cross-site-scripting</loc>
<lastmod>2022-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft3/premium-wordpress-form-builder-3231-authenticated-stored-cross-site-scripting</loc>
<lastmod>2017-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-shortcodes/social-media-shortcodes-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-16T13:39:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsite-shortcode/wpsite-shortcode-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:32:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-ai-powered-wordpress-business-directory-plugin-with-classified-ads-listings-8012-unauthenticated-user-information-exposure</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows/woocommerce-checkout-funnel-builder-by-cartflows-create-high-converting-stores-for-woocommerce-1515-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wemail/wemail-11413-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-430-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-price-list/stylish-price-list-7017-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oganro-travel-portal-search-widget-for-hotelbeds-apitude-api/oganro-travel-portal-search-widget-for-hotelbeds-apitude-api-10-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.1/wordpress-core-621-cross-site-request-forgery</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-addons-for-elementor-834-authenticated-contributor-stored-cross-site-scripting-via-open-street-map-widget</loc>
<lastmod>2025-11-17T20:54:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/irm-newsroom/irm-newsroom-1219-authenticated-contributor-stored-cross-site-scripting-via-irmflat-shortcode</loc>
<lastmod>2025-06-12T13:12:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-385-authenticated-contributor-stored-cross-site-scripting-via-widgets</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/standard-box-sizes/standard-box-sizes-for-woocommerce-1613-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-social-ring/social-ring-facebook-like-google-1-retweet-linkedin-and-pin-it-119-cross-site-scripting</loc>
<lastmod>2014-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-437-cross-site-request-forgery-bypass</loc>
<lastmod>2020-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-114-1145-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-21T15:48:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-image/daily-image-10-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/softtemplates-for-elementor/softtemplates-for-elementor-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-freeio/wp-freeio-1221-unauthenticated-privilege-escalation</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-social-icons/sticky-social-icons-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-csv-files/import-csv-files-10-reflected-cross-site-scripting</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verge3d/verge3d-490-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yt-player/video-player-for-youtube-13-cross-site-scripting</loc>
<lastmod>2021-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimal-coming-soon-maintenance-mode/minimal-coming-soon-maintenance-mode-216-missing-authorization-to-export-settingstheme-change</loc>
<lastmod>2020-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aioseo-multibyte-descriptions/aioseo-multibyte-descriptions-006-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/market-360-viewer/market-360-viewer-101-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58012-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-23T16:22:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weather-in-any-city-widget/weather-widget-pro-1140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-galleries/wp-simple-galleries-134-authenticated-contributor-php-object-injection</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-12661-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T12:08:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-charts/simple-charts-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:45:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-hierarchy-parent-to-post/add-hierarchy-parent-to-post-312-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exmage-wp-image-links/exmage-wordpress-image-links-106-admin-blind-ssrf</loc>
<lastmod>2022-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-cloak-encrypt/cloak-encrypt-380-cross-site-scripting</loc>
<lastmod>2014-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backuply/backuply-backup-restore-migrate-and-clone-148-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-180-sensitive-information-exposure</loc>
<lastmod>2024-10-22T19:29:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-anywhere/google-maps-anywhere-1263-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/silverorchid/silverorchid-150-cross-site-scripting</loc>
<lastmod>2013-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility/accessibility-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tricks/jettricks-1541-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exxp-wp/exxp-269-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculatorpro-calculators/calculatorpro-calculators-117-reflected-cross-site-scripting-via-cp_preview_calc</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-1393-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-515-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-media-deletion-via-profile-pic-url-parameter</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-cookie-banner/real-cookie-banner-gdpr-eprivacy-cookie-consent-515-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-279-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-quantity-for-woocommerce/min-max-step-quantity-limits-manager-for-woocommerce-522-reflected-cross-site-scripting</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-5173-reflected-cross-site-scripting</loc>
<lastmod>2022-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2407-unauthenticated-arbitrary-password-reset-to-privilege-escalationaccount-takeover</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-voucher/gift-cards-gift-vouchers-and-packages-woocommerce-supported-444-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-30T18:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-attachments-for-woocommerce/order-attachments-for-woocommerce-20-241-missing-authorization-to-authenticated-subscriber-limited-arbitrary-file-upload</loc>
<lastmod>2024-10-11T17:52:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddytask/buddytask-130-missing-authorization-to-authenticated-subscriber-cross-group-task-board-access-and-manipulation</loc>
<lastmod>2025-12-11T14:24:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-youtube-post-creator/bulk-youtube-post-creator-10-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-gallery-for-matterport-showcase/wp-matterport-shortcode-219-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1272-cross-site-scripting</loc>
<lastmod>2021-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pay-with-contact-form-7/pay-with-contact-form-7-104-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-1025-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-custom-registration-form-login-form-and-user-profile-404-reflected-cross-site-scripting</loc>
<lastmod>2025-02-27T16:48:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-721-missing-authorization</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-suscripcion/emailing-subscription-141-unauthenticated-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-embedder/pdf-embedder-493-authenticated-contributor-information-exposure-via-block-editor-page</loc>
<lastmod>2026-05-27T18:49:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosquare/apiexperts-square-for-woocommerce-441-missing-authorization</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porto-functionality/porto-theme-functionality-2111-missing-authorization</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-analytics/wp-search-analytics-149-missing-authorization</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-authenticated-admin-stored-cross-site-scripting-via-notification-settings</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress-reset-user/gamipress-reset-user-100-cross-site-request-forgery-to-gamipress-user-data-removal</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4232-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-elementor-addons-with-white-label-free-widgets-hover-effects-conditions-animations-2082-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-any-document/embed-any-document-277-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-builder-610-cross-site-request-forgery</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-embed-code/code-embed-25-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-11-08T16:18:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-582-bypass-group-members-limit</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-tracking-and-log/user-activity-tracking-and-log-413-ip-spoofing</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-payments-woocommerce/globalpayments-woocommerce-1132-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likebtn-like-button/like-button-rating-likebtn-2632-server-side-request-forgery</loc>
<lastmod>2021-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/archivist-custom-archive-templates/archivist-custom-archive-templates-175-reflected-cross-site-scripting</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-seo-content-cloner/content-cloner-101-missing-authorization</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-5222-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fd-elementor-imagebox/elementor-imagebox-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linet-erp-woocommerce-integration/linet-erp-woocommerce-integration-3512-authenticated-admin-arbitrary-file-read-deletion</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-export-with-custom-rest-api/rest-api-custom-api-generator-for-cross-platform-and-import-export-in-wp-100-203-missing-authorization-to-unauthenticated-privilege-escalation-via-process_handler-function</loc>
<lastmod>2025-06-12T13:10:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alipay/wordpressalipaytenpaypaypal-372-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-contact-form-7-blacklist/bsk-contact-form-7-blacklist-101-reflected-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4284-missing-authorization-to-authenticated-subscriber-arbitrary-event-modification-via-event_id-parameter</loc>
<lastmod>2026-02-17T19:22:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-web-player/podlove-web-player-573-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/immocaster/immocaster-wordpress-136-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-youtube-gallery/easy-youtube-gallery-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elessi-theme/elessi-639-reflected-cross-site-scripting</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1337-authenticated-sql-injection</loc>
<lastmod>2017-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-category-excluder/ultimate-category-excluder-11-cross-site-request-forgery</loc>
<lastmod>2020-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-11413-missing-authorization-to-authenticated-subscriber-information-disclosure</loc>
<lastmod>2022-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-76-authenticated-candidate-stored-cross-site-scripting-via-cs_job_title</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopbuilder/shopbuilder-elementor-woocommerce-builder-addons-324-unauthenticated-information-exposure</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup.php/skippy-wp-db-backup-legacy-plugin-17-authenticated-admin-directory-traversal</loc>
<lastmod>2006-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-335-cross-site-request-forgery-via-bulk-action-form</loc>
<lastmod>2026-05-28T18:57:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcomplete/wpcomplete-294-reflected-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-export-and-more-for-woocommerce/order-export-for-woocommerce-323-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-531-cross-site-request-forgery-to-opt-out</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-275-stored-cross-site-scripting</loc>
<lastmod>2020-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwb-point-of-sale-pos-for-woocommerce/mwb-point-of-sale-pos-for-woocommerce-100-missing-authorization</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-1037-cross-site-request-forgery</loc>
<lastmod>2022-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-product-gallery-slider/smart-product-gallery-slider-104-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-courses/paid-memberships-pro-courses-for-membership-add-on-123-cross-site-request-forgery-to-course-modifications</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-social-login-pro/nextend-social-login-pro-3114-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-302-authenticated-subscriber-arbitrary-file-deletion-via-databodyfileurl-parameter</loc>
<lastmod>2026-04-10T18:51:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-394-missing-authorization-to-authenticated-subscriber-limited-attachment-deletion</loc>
<lastmod>2026-01-20T01:46:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bring-fraktguiden-for-woocommerce/bring-fraktguiden-for-woocommerce-1114-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-delivery-date-for-woocommerce-lite/product-delivery-date-for-woocommerce-lite-280-reflected-cross-site-scripting</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/ip2location-country-blocker-2333-unauthenticated-sensitive-information-exposure-via-debug-log-file</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-tinymce/ultimate-tinymce-36-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/bulk-noindex-nofollow-toolkit-142-reflected-cross-site-scripting-via-s</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-2514-authenticated-cross-site-scripting</loc>
<lastmod>2019-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/your-lightbox/your-lightbox-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-ukrposhta/woo-ukrposhta-11711-reflected-cross-site-scripting-via-order-post-and-idd-parameters</loc>
<lastmod>2025-01-06T16:21:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-referral-program/coupon-referral-program-183-unauthenticated-php-object-injection</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-343-authenticated-orders-manager-php-object-injection</loc>
<lastmod>2025-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-contact-form-quiz-survey-newsletter-payment-form-builder-for-wordpress-311-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spell-check/wp-spell-check-912-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glomex-oembed/glomex-oembed-091-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:49:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-2134-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncomplicated-seo/uncomplicated-seo-12-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-checker/equalize-digital-accessibility-checker-1421-missing-authorization-to-authenticated-author-arbitrary-accessibility-issue-modification-via-largebatch-parameter</loc>
<lastmod>2026-06-17T16:07:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsubscribers/dsubscribers-121-authenticated-admin-sql-injection</loc>
<lastmod>2017-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solace-extra/solace-extra-131-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-71-unauthenticated-privilege-escalation-via-email-updateaccount-takeover</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/timetics-appointment-booking-scheduling-1053-missing-authorization</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events/wp-events-calendar-plugin-10-sql-injection</loc>
<lastmod>2018-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-downloads/z-downloads-1115-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-3980-authenticated-contributor-stored-dom-based-cross-site-scripting-via-aria-label-parameter</loc>
<lastmod>2025-06-13T21:11:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-toolset/database-toolset-184-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-04-23T19:48:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kalium/kalium-329-missing-authorization-to-unauthenticated-mail-relay-via-kalium_vc_contact_form_request</loc>
<lastmod>2026-01-15T01:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-css3/image-hover-effects-css3-45-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powr-pack/powr-pack-210-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/konami-easter-egg/konami-easter-egg-v04-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/directory-listings-wordpress-plugin-ulisting-220-missing-authorization-to-authenticated-subscriber-arbitrary-post-meta-update-and-php-object-injection</loc>
<lastmod>2025-03-14T14:22:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-ajax-login/ultimate-ajax-login-121-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcargo/wpcargo-track-trace-802-unauthenticated-sql-injection</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoship-cloud/autoship-cloud-for-woocommerce-subscription-products-2801-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-280-283-authenticated-subscriber-insufficient-authorization-to-privilege-escalation-via-mcp</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-protected-pages/better-protected-pages-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/points-and-rewards-for-woocommerce/points-and-rewards-for-woocommerce-150-missing-authorization</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-app-bar/app-bar-15-reflected-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms/cformsii-104-cross-site-scripting</loc>
<lastmod>2014-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2296-missing-authorization-to-authenticatedcontributor-post-duplication</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/entry-views/entry-views-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-01-08T21:18:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-231-cross-site-request-forgery-to-plugin-activation</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-paypal-payments/quick-paypal-payments-5746-cross-site-request-forgery</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subscription-forms/wp-subscription-forms-124-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecab-taxi-booking-manager/taxi-booking-manager-for-woocommerce-wordpress-plugin-ecab-118-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/igniteup/igniteup-coming-soon-and-maintenance-mode-34-stored-cross-site-scripting</loc>
<lastmod>2019-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-post-creative/featured-post-creative-155-missing-authorization</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-138-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2157-authenticated-contributor-stored-cross-site-scripting-via-custom-js</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-wordpress-gutenberg-blocks-197-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reuters-direct/reuters-direct-300-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2025-11-26T14:20:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-application-firewall/web-application-firewall-212-ip-address-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2024-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-adsense-lite/easy-plugin-for-adsense-610-cross-site-request-forgery</loc>
<lastmod>2013-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flipbox-builder/flipbox-builder-15-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-07-26T13:04:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-showcase/youtube-video-gallery-by-youtube-showcase-video-gallery-plugin-for-wordpress-336-missing-authorization-to-arbitrary-postpage-creation</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guest-author-name/simply-guest-author-name-434-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-gutenberg-blocks-page-builder-for-gutenberg-editor-348-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-07-20T18:48:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-rotator/testimonial-rotator-303-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-org-chart/google-org-chart-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookie-law-info/wp-cookie-law-info-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstw-league-manager/mstw-league-manager-210-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-11512-unauthenticated-sql-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox/starbox-348-authenticated-subscriber-stored-cross-site-scripting-via-profile-display-name-and-social-settings</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-624-missing-authorization</loc>
<lastmod>2025-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/html5-video-player-2518-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-107-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WP_AttractiveDonationsSystem/attractive-donations-system-easy-stripe-paypal-donations-125-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-restrict-member-access-to-content-courses-communities-free-or-paid-subscriptions-252-idor-to-sensitive-information-disclosure</loc>
<lastmod>2021-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-16915-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-builder/app-builder-create-native-android-ios-apps-on-the-flight-537-privilege-escalation-and-account-takeover-via-weak-otp</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-under-construction/really-simple-under-construction-page-146-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-by-realfavicongenerator/favicon-by-realfavicongenerator-1322-reflected-cross-site-scripting</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-235-missing-authorization-via-doc_one_page-and-edit_doc_one_page</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copy-media-url/wp-copy-media-url-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress/bbpress-259-cross-site-scripting</loc>
<lastmod>2016-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-donations/donations-via-paypal-198-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1242-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preloader-sws/preloader-by-wordpress-monsters-123-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adthrive-ads/raptive-ads-380-reflected-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tfo-graphviz/tfo-graphviz-19-reflected-cross-site-scripting</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-3016-arbitrary-file-upload</loc>
<lastmod>2015-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-and-replace-all/find-and-replace-all-13-cross-site-request-forgery-to-arbitrary-content-replacement</loc>
<lastmod>2022-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-473-bypass-url-validation</loc>
<lastmod>2017-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1127-unauthenticated-post-disclosure-in-class-cubewp-search-ajax-hooksphp</loc>
<lastmod>2026-01-24T13:59:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allaccessible/accessibility-by-allaccessible-134-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-blocks/b-blocks-206-missing-authorization-to-unauthenticated-privilege-escalation-via-rgfr_registration-function</loc>
<lastmod>2025-08-11T16:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realia/realia-140-arbitrary-post-deletion</loc>
<lastmod>2020-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/donation-forms-by-charitable-donations-plugin-fundraising-platform-for-wordpress-18114-insecure-direct-object-reference-to-account-takeover-and-privilege-escalation</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/arforms-form-builder-156-unauthenticated-cross-site-scripting</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16620-cross-site-request-forgery-to-plugin-data-reset</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-order-details/woocommerce-order-details-31-missing-authorization</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10334-authenticated-contributor-stored-cross-site-scripting-via-colibri_newsletter-shortcode</loc>
<lastmod>2025-10-10T14:09:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bought-together/wpc-frequently-bought-together-for-woocommerce-719-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-and-projects/portfolio-and-projects-155-authenticated-contributor-information-exposure</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-3111-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-woocommerce-google-product-feed-plugin-basic/elex-woocommerce-google-shopping-google-product-feed-123-reflected-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crafthemes-demo-import/crafthemes-demo-import-33-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T16:10:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3641-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinly/optinly-1018-missing-authorization</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/gutenberg-essential-blocks-page-builder-for-gutenberg-blocks-patterns-614-authenticated-contributor-stored-cross-site-scripting-via-configurableprefix-block-attribute</loc>
<lastmod>2026-06-24T14:50:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-donations/donations-made-easy-smart-donations-4012-missing-authorization</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-303-access-control-bypass</loc>
<lastmod>2010-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feeds-for-youtube/smash-balloon-plugins-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2021-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1315-unauthenticated-blind-sql-injection-via-current_page_type</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-responsive-news-tickers-sliders-and-lists-3138-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-404-redirect-to-homepage/all-404-redirect-to-homepage-broken-images-redirection-20-cross-site-scripting</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-119-open-redirect</loc>
<lastmod>2023-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/property-hive-mortgage-calculator/property-hive-mortgage-calculator-106-authenticated-contributor-stored-cross-site-scripting-via-price-parameter</loc>
<lastmod>2024-12-09T19:52:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-641-directory-traversal-to-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-ecommerce-shopping-cart-6113-cross-site-request-forgery</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lj-comments-import-reloaded/lj-comments-import-reloaded-0971-reflected-cross-site-scripting-via-php_self-parameter</loc>
<lastmod>2026-05-19T12:08:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-store-to-db-lite/form-store-to-db-110-stored-cross-site-scripting</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-featured-posts/featured-posts-by-bestwebsoft-101-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-oauth-20-server/wp-oauth-server-304-authentication-bypass</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ics-calendar/ics-calendar-101201-authenticatedcontributor-directory-traversal-via-_url_get_contents</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.6/wordpress-core-461-authenticated-directory-traversal-to-arbitrary-file-access</loc>
<lastmod>2016-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-url/include-url-035-authenticated-contributor-arbitrary-file-download</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realia/realia-091-reflected-cross-site-scripting</loc>
<lastmod>2016-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prevent-file-access/prevent-files-folders-access-260-authenticated-subscriber-path-traversal</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ask-me-anything-anonymously/ask-me-anything-anonymously-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:44:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopping-pages/wp-shopping-pages-114-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-to-database-extension/contact-form-db-2819-cross-site-scripting</loc>
<lastmod>2014-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mass-email-to-users/mass-email-to-users-114-unauthenticated-reflected-cross-site-scripting-via-entrant</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eyewear-prescription-form/eyewear-prescription-form-601-missing-authorization-to-unauthenticated-arbitrary-woocommerce-product-creation</loc>
<lastmod>2025-12-12T16:04:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-rank-reporter/seo-rank-reporter-222-reflected-cross-site-scripting</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-291-sql-injection</loc>
<lastmod>2014-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5611-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T20:56:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-6152-missing-authorization-to-unauthenticated-password-protected-information-disclosure</loc>
<lastmod>2025-09-15T16:24:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-cfdb7/contact-form-7-database-addon-cfdb7-plugin-1259-cross-site-request-forgery</loc>
<lastmod>2021-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-313-multiple-vulnerabilities</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-headers-and-footers/wpcode-2013-unauthenticated-reflected-cross-site-scripting-via-tag-filter-links</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yellow-pencil-visual-theme-customizer/yellowpencil-visual-css-style-editor-764-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complete-open-graph/complete-open-graph-345-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-experiments-free/title-experiments-free-900-sql-injection</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aromatica/aromatica-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-2936-2942-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2016-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-image-resizing/cloudflare-image-resizing-156-missing-authentication-to-unauthenticated-remote-code-execution-via-rest_pre_dispatch-hook</loc>
<lastmod>2025-08-18T19:08:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-11421-directory-traversal</loc>
<lastmod>2019-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-portfolio-post/themify-portfolio-post-124-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-album-gallery/album-gallery-wordpress-gallery-149-cross-site-request-forgery-via-album-gallery-column-settingsphp</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alttext-ai/download-alt-text-ai-1993-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/renee-work-in-progress/3d-work-in-progress-103-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy-pro/academy-lms-pro-337-unauthenticated-privilege-escalation-via-social-login-addon</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/am-lottieplayer/am-lottieplayer-353-authenticated-author-stored-cross-site-scripting-via-uploaded-lottie-file</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltm-popup-form/lotekmedia-popup-form-106-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-03-06T18:48:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-wordpress-affiliate-plugin-343-reflected-cross-site-scripting-via-keyword</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-add-ons/yith-woocommerce-product-add-ons-4141-reflected-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coder-elementor/coder-for-elementor-1013-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lovetravel/love-travel-10-19-reflected-cross-site-scripting-and-cross-frame-scripting</loc>
<lastmod>2020-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-carousel/wp-image-carousel-wordpress-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rife-elementor-extensions/rife-elementor-extensions-templates-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-jobsearch-chat/addon-jobsearch-chat-30-unauthenticated-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-contact-form-7-and-aweber/contact-form-7-aweber-extension-0142-missing-authorization-to-authenticated-subscriber-log-reset</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockspare/blockspare-gutenberg-blocks-patterns-for-blogs-magazines-business-sites-32131-authenticated-contributor-stored-cross-site-scripting-via-image-carousel-and-image-slider-widgets</loc>
<lastmod>2025-07-31T21:41:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-monster/event-monster-143-information-exposure-via-visitors-list-export</loc>
<lastmod>2025-01-13T11:10:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/wordpress-tag-and-category-manager-ai-autotagger-3130-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-by-funnelkit-390-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/corpkit/corpkit-20-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtphr-widgets/metaphor-widgets-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-video-presentation/videowhisper-video-presentation-325-reflected-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-code-and-barcode-scanner-reader/qr-code-and-barcode-scanner-reader-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery-portfolio/wordpress-photo-gallery-110-reflected-cross-site-scripting</loc>
<lastmod>2025-06-08T15:47:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optimize-by-xtraffic/wp-optimize-by-xtraffic-516-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-642-html-injection</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-477-authenticated-administrator-stored-cross-site-scripting-in-language-settings</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adfoxly/adfoxly-ad-manager-adsense-ads-adstxt-185-missing-authorization-to-unauthenticated-ad-status-update</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/members/members-3210-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-171-authenticated-admin-remote-code-execution</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-396-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1387-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-414-authenticated-administrator-path-traversal-to-arbitrary-file-read-via-import-user-file-parameter</loc>
<lastmod>2026-06-05T14:19:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1353-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seolinkrotator/seo-link-rotator-10-cross-site-scripting</loc>
<lastmod>2014-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pricing-table/wp-pricing-table-11-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chakra-test/chakra-test-101-missing-authorization</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-multisite-search/global-multisite-search-101-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/picture-gallery/picture-gallery-frontend-image-uploads-ajax-photo-list-1519-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-customer-relationship-management-by-vcita/crm-and-lead-management-by-vcita-270-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-notifier/broken-link-notifier-130-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-07-10T19:50:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-3286-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-3694-reflected-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-addons-172-authenticated-author-stored-cross-site-scripting-via-custom_attributes-parameter-of-multiple-widgets</loc>
<lastmod>2026-06-23T14:01:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starfish-reviews/starfish-review-generation-marketing-3119-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-brw/brw-186-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getgenie/getgenie-432-insecure-direct-object-reference-to-authenticated-author-stored-cross-site-scripting-via-rest-api</loc>
<lastmod>2026-03-12T19:30:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ucontext-for-amazon/ucontext-for-amazon-391-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-and-answers/faq-and-answers-create-frequently-asked-questions-area-on-wp-sites-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-308-reflected-cross-site-scripting-via-selected_option</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-slider/pickplugins-product-slider-for-woocommerce-11321-reflected-cross-site-scripting</loc>
<lastmod>2021-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kd-coming-soon/kd-coming-soon-17-unauthenticated-php-object-injection-via-cetitle</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2606-reflected-cross-site-scripting</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/octrace-support/wordpress-helpdesk-support-ticket-system-plugin-octrace-support-127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/question-answer/question-answer-1270-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookie/wp-cookie-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wordpress-importer-104-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-thumbnail-slider/thumbnail-carousel-slider-101-stored-cross-site-scripting-and-cross-site-request-forgery</loc>
<lastmod>2020-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/roam/roam-211-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customily-v2/customily-product-personalizer-1233-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-938-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-complete/svg-complete-102-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T19:26:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/woocommerce-amazon-affiliates-wordpress-plugin-14031-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemes-sync/ithemes-sync-2113-cross-site-request-forgery-and-missing-authorization-via-hide_authenticate_notice</loc>
<lastmod>2023-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-contact-form-plugin-survey-quiz-payment-calculator-form-custom-form-builder-614-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-profile-picture/user-profile-picture-260-authenticated-insecure-direct-object-reference</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-blocks/smart-blocks-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vg-woocarousel/vg-woocarousel-13-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenbee/gutenbee-gutenberg-blocks-2180-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:28:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-boekhoudennl-connector/e-boekhoudennl-193-reflected-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbot-pro/wpbot-pro-wordpress-chatbot-1354-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-246-authenticated-contributor-stored-cross-site-scripting-via-size</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravitysmtp/gravity-smtp-214-missing-authorization-to-authenticated-subscriber-plugin-uninstall</loc>
<lastmod>2026-04-09T21:01:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41016-authenticatedcontributor-stored-cross-site-scripting-via-wrapper-link-widget</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-extended-friendship-request/buddypress-extended-friendship-request-102-cross-site-scripting</loc>
<lastmod>2013-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backup-plus/wp-backup-unknown-versions-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1210-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mts-url-shortener/url-shortener-by-myshop-1017-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite-pro/pixelyoursite-pro-12402-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-13T08:43:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-google-recaptcha/advanced-google-recaptcha-125-brute-force-protection-ip-unblock</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eelv-redirection/simple-redirection-15-cross-site-request-forgery-to-arbitrary-site-redirect</loc>
<lastmod>2024-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32831-authenticated-editor-php-object-injection-via-post_content-of-admin-form-posts</loc>
<lastmod>2026-03-25T14:11:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-bannerRotator/allinone-banner-rotator-38-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kenta-companion/kenta-companion-133-cross-site-request-forgery</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-308-directory-traversal-to-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-category/subscribe-to-category-274-unauthenticated-sql-injection</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/user-private-files-210-insecure-direct-object-reference-to-authenticated-subscriber-private-file-access</loc>
<lastmod>2024-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-geonames/wp-geonames-18-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-mobile-friendly-drag-drop-contact-form-builder-11530-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-11-10T00:07:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gecko/gecko-198-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-login-new-user-after-registration/auto-login-new-user-after-registration-196-authenticated-administrator-stored-cross-site-scripting-via-alnuar_auto_login_new_user_after_registration_redirect</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-my-login/theme-my-login-717-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-malware-firewall/security-malware-scan-by-cleantalk-250-missing-authorization</loc>
<lastmod>2020-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-45-cross-site-request-forgery-via-wp_ajax_wp_compression_test</loc>
<lastmod>2016-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-booking/jetbooking-4041-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tint/tint-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-x/crm-perks-117-reflected-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-product-enquiry/ni-woocommerce-product-enquiry-418-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-7104-cross-site-scripting</loc>
<lastmod>2017-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/variable-inspector/variable-inspector-262-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-for-japan/japanized-for-woocommerce-264-missing-authorization</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-5214-authenticated-subscriber-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/valen/valen-sport-fashion-woocommerce-wordpress-theme-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-20-arbitrary-file-upload</loc>
<lastmod>2015-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/be-popia-compliant/be-popia-compliant-115-sensitive-information-exposure</loc>
<lastmod>2022-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-shared-user-instance-weakness</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sugar-calendar-lite/sugar-calendar-lite-391-missing-authorization</loc>
<lastmod>2026-01-05T08:00:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-effect-header/banner-effect-header-128-cross-site-scripting</loc>
<lastmod>2015-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-smart-messages/wpc-smart-messages-for-woocommerce-421-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2024-10-28T20:37:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goftino/goftino-16-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmp-coming-soon-maintenance/cmp-coming-soon-maintenance-4110-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analyticator/google-analyticator-6493-cross-site-request-forgery</loc>
<lastmod>2015-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kleo/kleo-544-missing-authorization</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-tooltips/wordpress-tooltips-949-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virusdie/virusdie-116-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred-for-elementor/mycred-elementor-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blox-page-builder/blox-page-builder-1065-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-559-reflected-cross-site-scripting</loc>
<lastmod>2022-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-1115-sensitive-information-exposure-via-log-file</loc>
<lastmod>2025-12-29T05:47:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-membership/membership-164-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-easy/easy-google-maps-1931-reflected-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hara/hara-1217-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imwptip/imwptip-11-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-27T21:49:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-two-factor-authentication-for-wordpress-220-reflected-cross-site-scripting</loc>
<lastmod>2022-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-header-footer-builder-free-elementor-widgets-elementor-templates-library-1134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-my-login/theme-my-login-639-local-file-inclusion</loc>
<lastmod>2014-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3119-authenticated-contributor-stored-cross-site-scripting-via-campaign-message</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-image/menu-image-icons-made-easy-310-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/assistant/assistant-151-authenticated-editor-php-object-injection</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formality/formality-157-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon-list-block/icon-list-block-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks-for-gutenberg/multiple-plugins-multiple-versions-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-upload</loc>
<lastmod>2025-11-03T15:52:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-smtp/smtp-by-bestwebsoft-109-multiple-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-ads-txt/adstxt-app-adstxt-manager-for-wordpress-1171-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/about-author/about-author-139-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliced-invoices/sliced-invoices-384-authenticated-sql-injection</loc>
<lastmod>2019-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-13216-authenticated-admin-sql-injection</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/archives-calendar-widget/archives-calendar-widget-1015-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foliopress-wysiwyg/foliopress-wysiwyg-2618-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-blocks/gutenberg-blocks-unlimited-blocks-for-gutenberg-128-reflected-cross-site-scripting</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-by-supsystic/popup-by-supsystic-11019-cross-site-request-forgery</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcomplete/wpcomplete-2953-missing-authorization</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1396-unauthenticated-limited-arbitrary-file-read-via-mfile-field</loc>
<lastmod>2026-04-17T04:37:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-zoom/image-zoom-188-missing-authorization</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2106-cross-site-request-forgery</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-564-reflected-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nino-social-connect/nino-social-connect-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ichart/ichart-easy-charts-and-graphs-210-authenticated-contributor-stored-cross-site-scripting-via-width-parameter</loc>
<lastmod>2024-12-09T22:19:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-login/heateor-social-login-wordpress-1132-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bloglentor-for-elementor/bloglentor-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-appbox/wp-appbox-453-reflected-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-audio-gallery/wp-audio-gallery-20-authenticated-subscriber-arbitrary-file-deletion-via-audio_upload-parameter</loc>
<lastmod>2025-11-20T19:19:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-warfare/social-sharing-plugin-social-warfare-4461-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avcp/anac-xml-bandi-di-gara-75-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-297-reflected-cross-site-scripting</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/curatorio/curatorio-195-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/super-socializer-71354-missing-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invite-anyone/invite-anyone-1316-cross-site-request-forgery</loc>
<lastmod>2017-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-860-reflected-cross-site-scripting</loc>
<lastmod>2016-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-172-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-only-users-3232-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-04-01T20:37:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-paypal-payments/woocommerce-paypal-payments-204-cross-site-request-forgery</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-featured-entries/wp-featured-entries-10-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-4111-missing-authorization-to-unauthenticated-arbitrary-subscription-deletion</loc>
<lastmod>2026-03-10T13:11:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-tag-links/auto-tag-links-1013-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-reviews/ultimate-reviews-3214-reflected-cross-site-scripting</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photocrati-theme/photocrati-theme-40-sql-injection</loc>
<lastmod>2011-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickymenu/mystickymenu-264-missing-authorization-to-authenticated-subscriber-arbitrary-form-lead-deletion</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/justified-image-grid/justified-image-grid-461-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers-premium/icegram-express-pro-5913-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-31-arbitrary-file-download</loc>
<lastmod>2012-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envialosimple-email-marketing-y-newsletters-gratis/envialosimple-email-marketing-y-newsletters-198-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-saml-20-single-sign-on/saml-single-sign-on-saml-sso-login-4883-cross-site-scripting</loc>
<lastmod>2020-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-108-unauthenticated-stored-cross-site-scripting-via-profile_title</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-ajax_script_save</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-editor-by-pixo/image-editor-by-pixo-236-authenticated-contributor-stored-cross-site-scripting-via-download-parameter</loc>
<lastmod>2025-06-25T13:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-mailit/weshare-buttons-1300-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-2911-authenticated-subscriber-sql-injection-via-shortcodes</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-341-improper-access-control-leading-to-table-permission-takeover</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-gate/age-gate-2163-stored-cross-site-scripting</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-182-cross-site-scripting</loc>
<lastmod>2016-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-email-log-delivery-failure-notifications-and-best-mail-smtp-for-wordpress-293-authenticated-administrator-sql-injection</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-elementor-addons/wpb-elementor-addons-109-authenticated-contributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2024-05-21T20:15:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-favorites/my-favorites-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaad-sarig-payment-gateway-for-wc/yaad-sarig-payment-gateway-for-wc-224-missing-authorization-to-authenticated-subscriber-log-readdeletion</loc>
<lastmod>2024-11-19T21:04:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-authenticated-contributor-stored-cross-site-scripting-via-group_tag</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-6301-unauthenticated-privilege-escalation</loc>
<lastmod>2024-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-coming-soon/easy-coming-soon-161-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recoverexit-for-woocommerce/recover-exit-for-woocommerce-103-unauthenticated-local-file-inclusion-via-tpf-parameter</loc>
<lastmod>2026-06-08T15:06:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-review-slider-pro/wp-review-slider-pro-1268-authenticated-subscriber-sql-injection-via-stypes-parameter</loc>
<lastmod>2026-06-15T17:04:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yamaps/yamaps-0625-authenticaterd-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moderno/moderno-143-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-for-woocommerce-by-wbw-313-unauthenticated-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-7315-authenticated-author-stored-cross-site-scripting-via-nickname</loc>
<lastmod>2025-06-10T14:40:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-accessibility/accessibility-suite-by-online-ada-412-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-494-authenticated-admin-sql-injection</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social/wp-social-190-authenticated-subscriber-information-disclosure</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebay-feeds-for-wordpress/wp-ebay-product-feeds-348-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ga-for-wp/ga4wp-google-analytics-for-wordpress-2100-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightbox-popup/image-and-video-lightbox-image-popup-215-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rio-photo-gallery/rio-photo-gallery-01-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-player-addons-for-elementor/media-player-addons-for-elementor-105-authenticated-contributor-stored-cross-site-scripting-via-multiple-widget-fields</loc>
<lastmod>2025-09-16T17:45:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-styler/cf7-wow-styler-168-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-uploader/font-uploader-13-arbitrary-file-upload</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-admin-javascript/add-admin-javascript-20-unauthenticated-full-path-dislcosure</loc>
<lastmod>2024-07-26T13:03:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elastic-email-sender/elastic-email-sender-126-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-builder/dashboard-builder-157-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2026-01-13T17:22:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shelf-planner/shelf-planner-281-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-11-10T15:15:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uberSlider_classic/uberslider-classic-25-reflected-cross-site-scripting</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-author/media-author-104-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/wp-all-import-367-admin-arbitrary-file-upload</loc>
<lastmod>2022-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/gallery-by-foogallery-319-missing-authorization-to-authenticated-subscriber-arbitrary-gallery-metadata-exposure</loc>
<lastmod>2026-02-10T12:28:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubepm/cubepm-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkify-text/linkify-text-191-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T20:36:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pesapal-for-woocommerce/pesapal-gateway-for-woocommerce-210-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-2914-reflected-cross-site-scripting</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arkhe-blocks/arkhe-blocks-2221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-optimize-images-convert-webp-avif-643-authenticated-author-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-images-search-and-insert/acf-images-search-and-insert-114-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-event-history/timeline-event-history-31-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-07-17T14:02:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-164-authenticated-contributor-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-star-review/rate-star-review-vote-164-missing-authorization-to-authenticated-subscriber-arbitrary-post-modification-via-rating_id-parameter</loc>
<lastmod>2026-05-11T19:07:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fooevents/fooevents-for-woocommerce-11920-improper-authorization-to-contributor-arbitrary-file-upload</loc>
<lastmod>2024-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamepress/gamepress-the-game-database-plugin-110-reflected-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2111-unauthenticated-privilege-escalation-via-user-roles</loc>
<lastmod>2020-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/use-your-drive/use-your-drive-1183-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-typekit/advanced-typekit-101-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/splashscreen/splashscreen-020-cross-site-request-forgery</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-app-structured-data-for-schemaorg/schema-app-structured-data-220-missing-authorization</loc>
<lastmod>2024-05-23T18:14:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedwordpress/feedwordpress-20150514-reflected-cross-site-scripting</loc>
<lastmod>2015-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fpw-category-thumbnails/fpw-category-thumbnails-195-missing-authorization</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meteor-slides/meteor-slides-156-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dark-mode/wp-dark-mode-306-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-299-missing-authorization</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boostify-header-footer-builder/boostify-header-footer-builder-for-elementor-135-missing-authorization-to-pagepost-creation</loc>
<lastmod>2024-06-05T12:57:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yarpp-5304-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-members-only/buddypress-members-only-353-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/textboxes/textboxes-0131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-woocommerce/mailchimp-for-woocommerce-271-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2022-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-841-authenticated-contributor-stored-cross-site-scripting-via-multiple-page-builder-elements</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-additional-logins/wordpress-additional-logins-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsearchwp/chatbot-with-chatgpt-244-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminer/adminer-145-security-bypass-to-database-login</loc>
<lastmod>2017-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-697-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/string-locator/string-locator-250-cross-site-request-forgery-to-phar-deserialization</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-form-email-subscribers-newsletters-81-multiple-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/easycart-5813-authenticated-contributor-sql-injection</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-453-revision-history-disclosure</loc>
<lastmod>2016-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yet-another-related-posts-plugin-yarpp-5309-authenticatedadministrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-for-wordpress/google-maps-for-wordpress-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-image-selector/random-image-selector-24-reflected-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-rating-system/gd-rating-system-21-reflected-cross-site-scripting</loc>
<lastmod>2017-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4266-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-05-21T16:40:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forumwp/forumwp-forum-discussion-board-212-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T19:50:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3259-refleced-cross-site-scripting</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-easy-quiz-and-survey-maker-901-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-sql-injection</loc>
<lastmod>2021-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-63015-unauthenticated-server-side-request-forgery-via-init-function</loc>
<lastmod>2025-03-24T21:29:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-form-builder-65-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mathjax-latex/mathjax-latex-12-cross-site-request-forgery</loc>
<lastmod>2013-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-1060-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2026-02-24T21:09:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-dashboard/ultimate-dashboard-3711-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-4123-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eelv-newsletter/eelv-newsletter-461-cross-site-scripting</loc>
<lastmod>2017-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-triggers-lite/wp-triggers-lite-253-authenticated-admin-sql-injection</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/halfdata-paypal-green-downloads/green-downloads-208-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cxc-sawa/management-screen-droptiles-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/corpiva/corpiva-1096-cross-site-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-tab-manager/yith-woocommerce-tab-manager-1350-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-cart-button/custom-add-to-cart-button-label-and-link-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-8613-missing-authorization</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio8-html5-radio_ads/shout-353-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16916-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-12-18T18:13:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-2115-authenticated-admin-cross-site-scripting</loc>
<lastmod>2015-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scrollsequence/scrollsequence-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-273-unauthenticated-privilege-escalation-via-one-time-password</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-ads-1521-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shk-corporate/shk-corporate-2411-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-unauthenticated-sql-injection-via-cg_fields</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-easy-google-analytics/ht-easy-ga4-google-analytics-wordpress-plugin-115-missing-authorization-to-unauthenticated-ga4-email-update</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-saml-20-single-sign-on/saml-single-sign-on-saml-sso-login-4875-cross-site-request-forgery</loc>
<lastmod>2019-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-logging/wp-mail-logging-1150-unauthenticated-php-object-injection-via-email-log-message-field</loc>
<lastmod>2026-02-27T17:58:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-2811-arbitrary-file-upload</loc>
<lastmod>2015-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-list-manager/video-list-manager-17-unauthenticated-sql-injection</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-o-matic/print-o-matic-2110-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-21T19:14:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-invoice/wp-invoice-web-invoice-and-billing-410-unauthorized-settings-change</loc>
<lastmod>2016-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-contact-form-pro/easy-contact-form-pro-1119-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onelogin-saml-sso/onelogin-saml-sso-220-authentication-bypass</loc>
<lastmod>2016-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alfred-click-collect/alfred24-click-collect-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2111-missing-authorization-via-creating_pricing_table_page</loc>
<lastmod>2024-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aajoda-testimonials/aajoda-testimonials-221-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-643-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clio-grow-form/clio-grow-102-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T13:31:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshmail-integration/freshmail-for-wordpress-232-cross-site-request-forgery</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-deals-for-woocommerce/pricing-deals-for-woocommerce-2032-missing-authorization-via-vtprd_ajax_clone_rule</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-projects/project-showcase-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/register-plus/register-plus-3511-stored-cross-site-scripting</loc>
<lastmod>2010-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-3100-unauthenticated-stored-cross-site-scripting-via-logging</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/star-cloudprnt-for-woocommerce/star-cloudprnt-for-woocommerce-203-reflected-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2126-authenticated-contributor-path-traversal</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0924-sensitive-information-exposure</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-185-unauthenticated-webhook-key-exposure</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-to-301/404-to-301-redirect-log-and-notify-404-errors-311-reflected-cross-site-scripting</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appizy-app-embed/app-embed-232-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-1276-path-traversal-to-authenticated-contributor-arbitrary-file-read-via-template_via_url-function</loc>
<lastmod>2025-02-05T20:32:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-repository/wp-front-end-repository-manager-11-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2015-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cards/wp-cards-151-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-wishlist/flexible-wishlist-for-woocommerce-1225-unauthenticated-stored-cross-site-scripting-via-wishlist_name-parameter</loc>
<lastmod>2025-01-28T18:40:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagelinks-interactive-image-builder-lite/imagelinks-interactive-image-builder-152-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-delivery-date-for-woocommerce-lite/product-delivery-date-for-woocommerce-lite-273-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T13:40:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-courses/wp-courses-lms-323-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-741-reflected-cross-site-scripting</loc>
<lastmod>2021-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift4u-gift-cards-all-in-one-for-woo/gift4u-gift-cards-all-in-one-for-woo-1010-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-google-font-selector-field/acf-google-font-selector-301-reflected-cross-site-scripting</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimole-wp/optimole-423-reflected-cross-site-scripting-via-page-profiler-url</loc>
<lastmod>2026-04-10T11:39:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-cursors/wp-custom-cursors-30-cross-site-request-forgery-to-cursor-manipulation</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spacer/spacer-307-missing-authorization-to-authenticated-subscriber-limited-information-disclosure</loc>
<lastmod>2025-01-06T15:23:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-toolkit/bbpress-toolkit-1012-cross-site-scripting</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravatarlocalcache/gravatarlocalcache-112-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker-pro/leaflet-maps-marker-pro-158-sql-injection</loc>
<lastmod>2014-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-blocks/wp-travel-gutenberg-blocks-394-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-page-and-post/duplicate-page-and-post-211-malicious-backdoor</loc>
<lastmod>2017-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-elementor-addons/wpb-elementor-addons-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-2718-authenticated-contributor-stored-cross-site-scripting-via-twitter-tweet-widget</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-2712-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rd-wapp/rd-contacto-14-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-07-03T12:22:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1241-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-06-11T12:16:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminquickbar/adminquickbar-191-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus/wpglobus-multilingual-everything-196-cross-site-request-forgery</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft-landing-pages/keap-landing-pages-142-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-bar/cookie-bar-188-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-735-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-21713-authenticated-contributor-stored-cross-site-scripting-via-modern-heading-widget</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/activity-log-554-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userplus/userplus-20-authenticated-editor-registration-form-update-to-privilege-escalation</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-post-view/post-view-count-20-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-4910-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thirstyaffiliates/thirstyaffiliates-affiliate-link-manager-392-stored-cross-site-scripting</loc>
<lastmod>2020-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vithy/vithy-unknown-versions-full-path-disclosure</loc>
<lastmod>2012-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-oscommerce-sync/woocommerce-oscommerce-sync-2020-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mx-time-zone-clocks/mx-time-zone-clocks-34-contributor-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-202-improper-input-validation-to-arbitrary-email-sending-to-admin</loc>
<lastmod>2023-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onoffice-for-wp-websites/onoffice-for-wp-websites-65-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-222-reflected-cross-site-scripting</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prevent-content-copy-image-save/content-copy-protection-prevent-image-save-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shop-original/wp-shop-34318-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-images/offload-ai-optimize-with-cloudflare-images-195-missing-authorization</loc>
<lastmod>2025-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2311-incorrect-authorization-checks-allowing-post-modification</loc>
<lastmod>2020-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtual-robotstxt-littlebizzy/virtual-robotstxt-110-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leenkme/leenkme-2160-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-image-sitemap/google-xml-sitemap-for-images-213-cross-site-request-forgery-via-image_sitemap_generate</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php/woody-ad-snippets-228-authenticated-cross-site-scripting</loc>
<lastmod>2019-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uji-countdown/uji-countdown-233-reflected-cross-site-scripting</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-accelerator/meta-accelerator-104-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elasticpress/elasticpress-510-cross-site-request-forgery</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-linkcard/pz-linkcard-252-sever-side-request-forgery</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-password-protect-pages-and-content-4210-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canvasio3d-light/download-canvasio3d-light-250-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-filemanager/wp-filemanager-12-arbitrary-file-upload</loc>
<lastmod>2008-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-event-lite/fat-event-lite-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rehub-framework/rehub-framework-19997-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-1211-cross-site-scripting</loc>
<lastmod>2011-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-urls/simple-urls-117-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-testimonials-slider/elfsight-testimonials-slider-101-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1821-reflected-cross-site-scripting-via-image_url</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-2155-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-544-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-253-sensitive-information-disclosure</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cerebrum/cerebrum-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/basil/basil-1312-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-request-manager/music-request-manager-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrative-shortcodes/administrative-shortcodes-034-authenticated-contributor-local-file-inclusion-via-slug-shortcode-attribute</loc>
<lastmod>2026-01-23T19:21:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notifikacie-sk/notifikciesk-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/user-extra-fields-168-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-click-to-tweet/inline-click-to-tweet-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar-plugin/calendar_plugin-10-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-font-awesome-integration/perfect-font-awesome-integration-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-620-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2017-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-2943-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-42-stored-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-manager/checkout-fields-manager-for-woocommerce-556-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-245-authenticated-contributor-directory-traversal</loc>
<lastmod>2024-05-23T16:06:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-html-author-bio-by-ahmad-awais/wp-html-author-bio-120-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olive-one-click-demo-import/olive-one-click-demo-import-111-missing-authorization</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-for-geodirectory/events-calendar-for-geodirectory-2328-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-06-08T19:02:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-sync/wp-duplicate-118-authenticated-subscriber-arbitrary-file-upload-via-process_add_site-ajax-action</loc>
<lastmod>2026-02-05T19:59:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer/loginizer-175-cross-site-request-forgery</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-retail-menus/simple-retail-menus-401-sql-injection</loc>
<lastmod>2015-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-pagepost-redirect-plugin/quick-pagepost-redirect-plugin-519-redirect-security-bypass</loc>
<lastmod>2020-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker-pro/leaflet-maps-marker-pro-158-cross-site-scripting</loc>
<lastmod>2014-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-gallery-odihost/easy-gallery-14-reflected-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fileorganizer/fileorganizer-103-authenticated-admin-arbitrary-file-access</loc>
<lastmod>2023-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-disclosure/wp-affiliate-disclosure-126-cross-site-request-forgery-via-check_capability</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-ordering-reservations/restaurant-menu-food-ordering-system-table-reservation-242-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms-pro/everest-forms-pro-197-unauthenticated-php-object-injection-via-phar-deserialization-in-form-signature</loc>
<lastmod>2025-11-04T14:21:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/ai-power-complete-ai-pack-1896-missing-authorization-to-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatsome/flatsome-multi-purpose-responsive-woocommerce-theme-3187-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2024-06-21T13:15:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-1513-sql-injection</loc>
<lastmod>2005-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3633-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-postratings/wp-postratings-1911-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-wp-security-backup-speed-growth-1331-authenticated-contributor-stored-cross-site-scripting-via-wpvideo-shortcode</loc>
<lastmod>2024-05-13T20:29:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-591-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-shield/link-shield-054-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-sendinblue-3182-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dukamarket/dukamarket-130-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shipping-rate-by-cities/shipping-rate-by-cities-200-unauthenticated-sql-injection-via-city-parameter</loc>
<lastmod>2026-01-13T17:31:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1117-cross-site-request-forgery</loc>
<lastmod>2021-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-anything-on-click/wp-onlinesupport-essential-plugin-popup-anything-221-cross-site-request-forgery</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greek-multi-tool/greek-multi-tool-fix-peralinks-accents-auto-create-menus-and-more-231-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-elementor/portfolio-for-elementor-image-gallery-powerfolio-320-authenticated-contributor-stored-cross-site-scripting-via-custom-js</loc>
<lastmod>2025-07-03T12:06:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-110-missing-authorization</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery-via-attach_rule</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shariff-sharing/shariff-sharing-108-stored-cross-site-scripting</loc>
<lastmod>2014-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-image-popup-shortcode/simple-image-popup-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-05T13:02:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/two-factor-2fa-via-email/two-factor-2fa-authentication-via-email-198-two-factor-authentication-bypass-via-token</loc>
<lastmod>2026-02-18T15:31:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-language/language-121-missing-authorization</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-google-analytics-extension/mainwp-google-analytics-extension-404-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-auto-links/auto-amazon-links-531-authenticated-contributor-stored-cross-site-scripting-via-style</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3xsocializer/3xsocializer-09822-authenticated-sql-injection</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/contact-form-entries-132-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptographp/cryptographp-12-cross-site-scripting</loc>
<lastmod>2007-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/markup-markdown/markup-markdown-3209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-302-spam-protection-bypass</loc>
<lastmod>2010-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-wp-debug-from-admin-dashboard/debug-bar-185-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-bookmark-menu/wp-social-bookmark-menu-12-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pollcaster-shortcode/pollcaster-shortcode-plugin-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-20T19:21:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-56-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myhome-core/myhome-core-410-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-xml-reader/advanced-xml-reader-034-external-entity-injection</loc>
<lastmod>2013-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp/rsvp-and-event-management-plugin-2714-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-283-missing-authorization</loc>
<lastmod>2009-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-id/eid-easy-46-reflected-cross-site-scripting</loc>
<lastmod>2021-09-17T18:48:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailster/mailster-406-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingcom-product-helper/bookingcom-product-helper-101-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-info-card/wp-plugin-info-card-620-cross-site-request-forgery-to-arbitrary-custom-plugin-entry-creation</loc>
<lastmod>2026-02-17T17:12:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1141-wolf-1081-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/google-calendar-events-325-cross-site-request-forgery-via-bulk_actions</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-1999-time-based-blind-sql-injection</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ronneby-core/ronneby-theme-core-1568-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/n5-uploadform/n5-upload-form-10-arbitrary-file-upload</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-373-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limb-gallery/wordpress-gallery-plugin-limb-image-gallery-157-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/BraftonWordpressPlugin/brafton-348-reflected-cross-site-scripting</loc>
<lastmod>2016-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sydney-toolbox/sydney-toolbox-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moose-elementor-kit/moose-elementor-kit-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4268-basic-information-disclosure-via-json-api</loc>
<lastmod>2024-06-04T14:20:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-designer/timeline-designer-14-authenticated-admin-sql-injection</loc>
<lastmod>2025-01-06T15:09:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-old-slugspermalinks/slugs-manager-267-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form/easy-form-278-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-using-contact-form-7/user-registration-using-contact-form-7-24-cross-site-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-openstreetmap-60-cross-site-request-forgery</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-page/print-page-block-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-3292-unauthenticated-privilege-escalation-via-form-configuration-injection</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/try-on-for-woocommerce/specfit-virtual-try-on-woocommerce-10021-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-views-query-and-display-post-page/content-views-41-authenticated-contributor-stored-cross-site-scripting-via-grid-and-list-widgets</loc>
<lastmod>2025-09-05T14:43:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sidebar-manager-light/sidebar-manager-light-118-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-auto-upload-images/smart-auto-upload-images-import-external-images-122-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/wpbot-849-unauthenticated-stored-cross-site-scripting-via-conversation-parameter</loc>
<lastmod>2026-06-30T15:06:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aeroland/aeroland-166-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relogo/relogo-042-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T19:22:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fami-woocommerce-compare/fami-woocommerce-compare-105-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-usernames-emails-characters/restrict-usernames-emails-characters-313-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-favorite-cars/my-favorite-car-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-external-links/external-links-255-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/increase-sociability/increase-sociability-130-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feather-login-page/feather-login-page-107-111-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-upload-restriction/wp-upload-restriction-224-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-310-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-forms-for-wp/drag-drop-builder-human-face-detector-pre-built-templates-spam-protection-user-email-notifications-more-1419-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-one-drive/share-one-drive-1152-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-local-pickup-for-woocommerce/advanced-local-pickup-for-woocommerce-155-authenticated-administrator-sql-injection</loc>
<lastmod>2023-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-824-cross-site-request-forgery-to-event-log-deletion</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/feather12/feather12-unkown-versions-multiple-vulnerabilities</loc>
<lastmod>2013-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-76-authenticated-custom-authorization-bypass</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-generated/lead-generated-123-unauthenticated-php-object-injection</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-rss-widget/better-rss-widget-281-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-548-cross-site-request-forgery-via-process_deactivate_product</loc>
<lastmod>2023-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management-system/the-school-management-education-learning-management-41-authenticated-administrator-sql-injection</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-rss-import-news-feeds-feed-to-post-and-autoblogging-42312-missing-authorization</loc>
<lastmod>2024-10-22T18:44:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-refund-and-exchange-lite/return-refund-and-exchange-for-woocommerce-455-insecure-direct-object-reference-to-authenticated-subscriber-refund-request-cancellation</loc>
<lastmod>2025-11-20T18:57:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bknewsticker/bknewsticker-105-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3242-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-website-content-in-wordpress-page-or-post/website-content-in-page-or-post-20240327-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pinterest-pinboard-widget/pinterest-pinboard-widget-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-variables/snippet-shortcodes-414-cross-site-request-forgery</loc>
<lastmod>2024-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16122-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/euclid/euclid-all-versions-cross-site-request-forgery</loc>
<lastmod>2013-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-security-audit-log-311-sensitive-information-disclosure</loc>
<lastmod>2018-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crawlomatic-multipage-scraper-post-generator/crawlomatic-multipage-scraper-post-generator-2681-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-16T16:29:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/express-shop/express-shop-402-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/golf-tracker/golf-tracker-07-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-370-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-manager/wp-table-manager-413-missing-authorization-to-authenticated-subscriber-directory-traversal-to-folderfile-name-disclosure</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sharable-password-protected-posts/sharable-password-protected-posts-110-unauthenticated-password-protected-post-exposure</loc>
<lastmod>2025-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/narnoo-shortcodes/narnoo-operator-200-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-or-embed-articulate-content-into-wordpress/insert-or-embed-articulate-content-into-wordpress-43000000021-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/wp-booking-calendar-106-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-admin-stored-cross-site-scripting-via-layouts-parameter</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/db-backup/db-backup-60-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/query-posts/query-posts-032-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/twenty-twelve-edd/easy-digital-downloads-edd-twenty-twelve-111-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-boards/fluentboards-project-management-task-management-goal-tracking-kanban-board-and-team-collaboration-1912-authenticated-board-member-insecure-direct-object-reference</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divi-builder/elegant-themes-various-versions-stored-cross-site-scripting</loc>
<lastmod>2018-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-wordpress-media-library-folders-file-manager-563-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-143-unauthenticated-php-object-injection-to-arbitrary-file-deletion</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-shrinker/image-shrinker-110-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/webba-booking-4533-cross-site-request-forgery</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravitysmtp/gravity-smtp-214-unauthenticated-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2026-03-30T12:09:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-post-duplicator/wp-quick-post-duplicator-20-missing-authorization</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-draft-list/draft-list-26-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-rating-and-review/post-rating-and-review-134-authenticated-contributor-stored-cross-site-scripting-via-class-parameter</loc>
<lastmod>2025-06-25T14:06:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-blocks/vk-blocks-15705-authenticatedcontributor-settings-update</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-font-loader/icons-font-loader-112-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-541-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-by-supsystic/popup-by-supsystic-11018-prototype-pollution</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-carousel-slider-and-grid-ultimate/woocommerce-product-carousel-slider-grid-ultimate-186-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/automatic-3920-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-manager/wp-recipe-manager-100-authenticated-contributor-stored-cross-site-scripting-via-skill-level-input-field</loc>
<lastmod>2026-01-06T20:28:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourmaster/tour-master-tour-booking-travel-hotel-534-unauthenticated-stored-cross-site-scripting-via-room-booking</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integromat-connector/make-formerly-integromat-connector-151-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360deg-javascript-viewer/360-javascript-viewer-1729-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-513-missing-authorization</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laposta-signup-embed/laposta-signup-embed-110-missing-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-325-unauthenticated-local-php-file-inclusion-via-load_template</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-info-detector/comment-info-detector-105-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-10-02T22:15:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wpjobster/wpjobster-635-unauthenticated-sql-injection</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-books-gallery/wp-books-gallery-480-missing-authorization-to-unauthenticated-settings-update-via-permalink_structure-parameter</loc>
<lastmod>2026-04-23T16:45:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-2227-unauthenticated-sql-injection-via-post_id-parameter</loc>
<lastmod>2026-06-24T18:36:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smartfix/smartfix-124-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpavatar/wpavatar-193-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-a-meeting-scheduler-by-vcita/contact-form-builder-by-vcita-491-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/absolute-reviews/absolute-reviews-113-authenticated-contributor-stored-dom-based-cross-site-scripting-via-criteria-name</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bootstrap-modals/bootstrap-modals-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wabi-sabi/wabi-sabi-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bimber/bimber-viral-magazine-wordpress-theme-925-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnishop/omnishop-109-missing-registration-restriction-to-unauthenticated-account-creation-via-usersregister-rest-endpoint</loc>
<lastmod>2025-07-22T14:02:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-115-missing-authorization</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-image-map-builder/interactive-svg-image-map-builder-10-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kicker/kicker-220-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpie-faq/helpie-faq-145-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12403-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-3100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-599-authenticated-contributor-stored-cross-site-scripting-via-event-calendar</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soliloquy-lite/slider-by-soliloquy-276-missing-authorization-to-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook/real3d-flipbook-100-directory-traversal</loc>
<lastmod>2016-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-2641-cross-site-request-forgery</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/kingcomposer-28-reflected-cross-site-scripting</loc>
<lastmod>2019-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-394-contributor-stored-cross-site-scripting-via-file-thumbnail</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-search-enhanced/media-search-enhanced-091-authenticated-author-sql-injection</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-3017-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-store-locatorgoogle-mapsopenstreetmapmapboxlistingdirectory-filters-491-unauthenticated-sql-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/indeed-membership-pro-127-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biagiotti-membership/biagiotti-membership-102-authentication-bypass-via-biagiotti_membership_check_facebook_user</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-2215-missing-authorization-to-unauthenticated-stored-cross-site-scripting-and-plugin-settings-updates</loc>
<lastmod>2024-07-08T19:38:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-holiday-calendar/the-holiday-calendar-11821-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghl-wizard/lc-wizard-211-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coru-lfmember/coru-lfmember-102-cross-site-request-forgery</loc>
<lastmod>2022-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-image-alt-text-generator-for-wp/ai-image-alt-text-generator-for-wp-115-missing-authorization</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-event-history/timeline-event-history-32-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-168232-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3289-improper-authorization-via-protectmedialibrary</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-form-builder-lite/ultimate-form-builder-lite-136-sql-injection-to-php-object-injection</loc>
<lastmod>2017-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-204-insecure-direct-object-reference</loc>
<lastmod>2018-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noo-timetable/noo-timetable-213-cross-site-request-forgery</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woo-tour/wootour-363-reflected-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10260-missing-authorization</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-management/user-management-11-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ctt-expresso-para-woocommerce/ctt-expresso-para-woocommerce-3212-information-exposure-via-unprotected-directory</loc>
<lastmod>2024-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/od-photogallery-plugin/odphotogallery-053-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide-anything/slide-anything-247-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega_main_menu/mega-main-menu-222-information-disclosure</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peekaboo/peekaboo-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-251005-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-993-authenticated-admin-sql-injection-via-delete-parameter</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/typebot/typebot-360-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-check-tester/contact-form-check-tester-102-authenticated-subscriber-cross-site-scripting</loc>
<lastmod>2021-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doofinder-for-woocommerce/doofinder-for-woocommerce-218-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-303-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viet-contact/viet-contact-132-authenticated-administrator-stored-cross-site-scripting-via-ll1-ll2-ll3-and-ll4-parameters</loc>
<lastmod>2026-01-19T17:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flixita/flixita-1082-reflected-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-12-05T14:50:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-image-show/fancy-image-show-91-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-11T19:03:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-meta/post-meta-109-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dima-take-action/dima-take-action-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-exportimport-courses-402-reflected-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envialosimple-email-marketing-y-newsletters-gratis/envalosimple-21-unauthenticated-php-object-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ses/wp-offload-ses-lite-144-stored-cross-site-scripting</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mylco/mylco-081-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-05T16:46:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heart-this/heartthis-010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-dash/custom-dash-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T13:00:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postgallery/postgallery-1125-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-12-04T07:28:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-image-popup/simple-image-popup-240-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-231-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beautiful-and-responsive-cookie-consent/beautiful-cookie-consent-banner-461-reflected-cross-site-scripting</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edwiser-bridge/edwiser-bridge-wordpress-moodle-lms-integration-308-reflected-cross-site-scripting</loc>
<lastmod>2024-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/country-blocker-for-adsense/country-blocker-for-adsense-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-02-18T15:38:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1823-authenticated-contributor-stored-cross-site-scripting-via-zipped-svg</loc>
<lastmod>2024-06-06T21:15:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/healthhub/healthhub-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-578-cross-site-request-forgery</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php/woody-code-snippets-insert-header-footer-code-adsense-ads-250-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-06-14T20:26:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-3362-cross-site-scripting-via-p-parameter</loc>
<lastmod>2013-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptf-image-gallery/wptf-image-gallery-103-arbitrary-file-download</loc>
<lastmod>2015-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2836-authenticated-contributor-stored-dom-based-cross-site-scripting-via-button-group-module</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.4/wordpress-core-442-server-side-request-forgery</loc>
<lastmod>2016-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ptengine-real-time-web-analytics-and-heatmap/ptengine-heatmap-analytics-102-reflected-cross-site-scripting</loc>
<lastmod>2015-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-contest/wordpress-photo-gallery-image-gallery-106-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky/sticky-256-authenticated-contributor-stored-cross-site-scripting-via-readmoretext-shortcode-attribute</loc>
<lastmod>2026-05-19T12:04:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-ai-powered-woocommerce-multivendor-marketplace-solution-504-authenticated-subscriber-insecure-direct-object-reference-to-information-disclosure-via-id-parameter</loc>
<lastmod>2026-06-26T17:54:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpe-indoshipping/wpe-indoshipping-250-arbitrary-file-upload</loc>
<lastmod>2015-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41153-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-get_template_content</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegig/the-gig-1180-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woocommerce-payments-642-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-email-marketing-newsletters-automation-for-wordpress-woocommerce-5725-unauthenticated-sql-injection-via-unsubscribe</loc>
<lastmod>2024-07-01T18:34:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-631-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-420-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-csv-to-database/wp-csv-to-database-26-cross-site-request-forgery</loc>
<lastmod>2022-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshop/wpshop-2-e-commerce-200-260-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-user-key-generation</loc>
<lastmod>2025-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fare-calculator/fare-calculator-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apartment-management/wpams-440-17-08-2023-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-3013-missing-authorization-to-unauthenticated-post-order-manipulation</loc>
<lastmod>2025-02-11T15:21:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-388-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3238-authenticated-contributor-stored-cross-site-scripting-via-countdown</loc>
<lastmod>2024-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-slider/all-in-one-slider-11-reflected-cross-site-scripting</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-1042-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-gallery-plugin/wordpress-gallery-plugin-14-unauthenticated-remote-file-inclusion</loc>
<lastmod>2013-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kleo/kleo-544-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dispensary/wp-dispensary-450-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:42:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-youtube-videos/related-youtube-videos-198-cross-site-request-forgery</loc>
<lastmod>2019-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disabler/disabler-303-cross-site-request-forgery</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projectopia-core/projectopia-5117-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wezido-elementor-addon-based-on-easy-digital-downloads/wezido-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-push-notifications/ultimate-push-notifications-118-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/irobotstxt-seo/irobotstxt-seo-112-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/api-bearer-auth/api-bearer-auth-20190907-cross-site-scripting</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caxton/caxton-create-pro-page-layouts-in-gutenberg-1301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-sales-report-email/ni-woocommerce-sales-report-email-314-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-breadcrumb/very-simple-breadcrumb-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-reviews/social-ninja-3201-missing-authorization</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/woocommerce-product-vendors-2178-authenticated-shop-manager-sql-injection</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-maintenance-mode/smart-maintenance-mode-153-cross-site-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-10421-missing-authorization</loc>
<lastmod>2020-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-child-pages/cc-child-pages-200-authenticated-contributor-stored-cross-site-scripting-via-child_pages-shortcode</loc>
<lastmod>2025-12-15T02:16:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3302-authenticated-administrator-arbitrary-file-read-via-image-import</loc>
<lastmod>2025-08-11T17:08:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geoflickr/geoflickr-13-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-2316-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2016-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-144-directory-listing</loc>
<lastmod>2015-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printus-cloud-printing-for-woocommerce/printus-126-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tml-2fa/theme-my-login-2fa-12-2fa-bypass-via-brute-force</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-companion-302-authenticated-author-stored-cross-site-scripting-via-post-taxonomy</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ics-button/ics-button-06-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-posts-to-pages/add-posts-to-pages-141-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-woocommerce-currency-switcher-1414-cross-site-request-forgery-via-delete_profiles_data</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-827-cross-site-request-forgery</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intouch/intouch-20-cross-site-scripting</loc>
<lastmod>2014-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label-cms/white-label-cms-273-missing-authorization-to-plugin-settings-reset</loc>
<lastmod>2024-05-09T16:34:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-178258-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinly/optinly-1018-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveforms/wordpress-contact-form-drag-and-drop-form-builder-plugin-live-forms-320-sql-injection</loc>
<lastmod>2015-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcasting/podcasting-plugin-by-tsg-305-remote-file-inclusion</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/two-factor-login-telegram/wp-2fa-with-telegram-30-authenticated-subscriber-authentication-bypass</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-292-unauthenticated-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-262-directory-traversal-to-authenticated-administrator-limited-arbitrary-file-read-via-download_file-function</loc>
<lastmod>2025-03-21T23:19:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3433-administrator-open-redirect</loc>
<lastmod>2021-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-on-demand-search-and-replace/cm-on-demand-search-and-replace-154-missing-authorization</loc>
<lastmod>2025-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ean-for-woocommerce/ean-for-woocommerce-489-authenticated-shop-manager-arbitrary-options-update</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-photo-gallery/simple-photo-gallery-181-authenticated-admin-sql-injection</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-two-factor-authentication-for-wordpress-210-insecure-direct-object-reference</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2034-stored-cross-site-scripting</loc>
<lastmod>2021-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-audit/my-site-audit-125-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-wordpress-posts-bulk-editor-and-manager-professional-1081-missing-authorization</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-editor/admin-menu-editor-1141-cross-site-request-forgery</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1224-cross-site-scripting</loc>
<lastmod>2016-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-artillery/email-artillery-mass-email-41-reflected-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/digital-download/digital-download-114-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-select-box-editor-button/contact-form-7-select-box-editor-button-06-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/assist24it/assist24-help-desk-201504012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1270-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1821-reflected-cross-site-scripting-via-current_url</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-multi-view-calendar/cp-multi-view-event-calendar-1413-insufficient-authorization</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-tree-page-view/cms-tree-page-view-14-missing-authorization-checks</loc>
<lastmod>2017-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stepbyteservice-openstreetmap/openstreetmap-for-gutenberg-and-wpbakery-page-builder-formerly-visual-composer-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-255-authenticated-sql-injection</loc>
<lastmod>2021-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/create-custom-dashboard-widget/custom-dashboard-widget-100-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16753-authenticated-admin-stored-cross-site-scripting-via-appointment-settings</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-classified-ads-business-directory-plugin-31151-authenticated-subscriber-limited-arbitrary-option-update</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-form-7-spam-blocker/spam-protect-for-contact-form-7-1210-authenticated-editor-remote-code-execution</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-social-login/wordpress-social-login-215-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-bank/gallery-bank-wordpress-photo-gallery-30101-sql-injection</loc>
<lastmod>2015-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-plugin-admin/enhanced-admin-plugin-116-reflected-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-ajax-search/yith-woocommerce-ajax-search-270-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-colorful-tag-cloud/wp-colorful-tag-cloud-201-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadbi/leadbi-plugin-for-wordpress-17-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/molongui-authorship/molongui-477-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tmkm-amazon/wp-tmkm-amazon-153-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-customer-support-ticket-system-330-insecure-direct-object-reference</loc>
<lastmod>2025-03-06T20:26:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokintroscroller/rokintroscroller-18-cross-site-scripting</loc>
<lastmod>2013-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress-pro/loginpress-pro-30-missing-authorization-to-license-status-update</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extended-search-plugin/enhanced-search-box-061-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watchtowerhq/watchtowerhq-3160-authenticated-administrator-arbitrary-file-read-via-wht_download_big_object_origin-parameter</loc>
<lastmod>2025-12-11T14:28:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autocomplete-location-field-contact-form-7/autocomplete-location-field-contact-form-7-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-snapshot-for-woocommerce/stock-history-reports-manager-for-woocommerce-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T20:52:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amp-enhancer/amp-enhancer-1049-authenticated-administrator-stored-cross-site-scripting-via-amp-custom-css-setting</loc>
<lastmod>2026-02-13T16:20:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inlocation/inlocation-18-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-message/wp-private-message-106-insecure-direct-object-reference</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-bank/contact-bank-contact-form-builder-for-wordpress-2019-cross-site-scripting</loc>
<lastmod>2014-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1392-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-26T16:21:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speedsize-ai-image-optimizer/speedsize-image-video-ai-optimizer-151-cross-site-request-forgery-to-clear-cache</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/string-locator/string-locator-266-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-204-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/polka-dots/polka-dots-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-addredirect-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-734-reflected-cross-site-scripting-via-php_self</loc>
<lastmod>2023-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maximum-products-per-user-for-woocommerce/maximum-products-per-user-for-woocommerce-428-reflected-cross-site-scripting</loc>
<lastmod>2024-10-09T13:47:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-custom-admin-bar/easy-custom-admin-bar-10-reflected-cross-site-scripting-via-msg-parameter</loc>
<lastmod>2025-03-21T17:54:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5947-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/wpschoolpress-223-missing-authorization</loc>
<lastmod>2023-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-2111-unauthenticated-sql-injection</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpblogsync/wpblogsyn-10-cross-site-request-forgery-to-arbitrary-remote-sync-configuration-update</loc>
<lastmod>2026-01-13T17:16:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-430-cross-site-request-forgery-via-force_logging_off</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-211-authenticated-admin-sql-injection</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-memberships-for-paypal/subscriptions-memberships-for-paypal-117-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-web-player/podlove-web-player-571-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/popularis-verse/popularis-verse-101-cross-site-request-forgery</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator-pro/duplicator-pro-4511-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-woo-builder/jetwoobuilder-21201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-video-gallery/all-video-gallery-plugin-for-wordpress-12-authenticated-sql-injection</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-star-rating/gd-star-rating-1922-cross-site-request-forgery</loc>
<lastmod>2014-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-moneytizer/the-moneytizer-963-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vslider/vslider-multi-image-slider-412-cross-site-request-forgery</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-directory/staff-directory-employee-directory-for-wordpress-450-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1038-reflected-cross-site-scripting-via-fieldid</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-locations-for-woocommerce/stock-locations-for-woocommerce-286-missing-authorization</loc>
<lastmod>2025-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-5127-authenticated-subscriber-information-exposure</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-wizard-cloak/wizard-cloak-101-reflected-cross-site-scripting</loc>
<lastmod>2025-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5101-authenticated-contributor-dom-based-stored-cross-site-scripting-via-custom-gallery-widget</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-contact-form-widget/contact-form-widget-146-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-1549-sql-injection</loc>
<lastmod>2014-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fws-ajax-contact-form/ajax-contact-form-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-elementor-addons-3100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-image-generator/pdf-image-generator-156-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T19:45:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-scanner/cookie-scanner-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extender-all-in-one-for-elementor/extender-all-in-one-for-elementor-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zegen-core/zegen-core-201-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-11-21T07:31:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-home-screen-wp/add-to-home-screen-wp-plugin-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3625-reflected-cross-site-scripting-via-data</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial/testimonial-slider-2015-missing-authorization</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integracao-rd-station/rd-station-513-cross-site-request-forgery-to-plugin-log-deletion</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-2619-reflected-cross-site-scripting</loc>
<lastmod>2016-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.4/wordpress-core-342-missing-authorization-checks-on-create_post</loc>
<lastmod>2012-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-280-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-document-embedder/google-doc-embedder-2517-sql-injection</loc>
<lastmod>2015-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-429-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook-lite/real-3d-flipbook-4114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docodoco-store-locator/docodoco-store-locator-101-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2025-10-14T20:03:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-jtl-connector/jtl-connector-for-woocommerce-241-missing-authorization-to-authenticated-subscriber-settings-modification-via-multiple-functions</loc>
<lastmod>2026-06-01T19:43:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/event-manager-events-calendar-tickets-registrations-eventin-4026-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-05-07T16:25:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/babelz/babelz-google-translate-widget-115-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-theme-206-and-jupiterx-core-206-authenticated-arbitrary-plugin-deactivation-and-settings-modification</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plexx-elementor-extension/plexx-elementor-extension-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-2221-missing-authorization</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-category-tree/product-category-tree-25-cross-site-request-forgery</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eagle-booking/eagle-booking-1343-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-21-insecure-direct-object-reference-to-unauthorized-post-access</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-resizer-on-the-fly/image-resizer-on-the-fly-11-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-06-13T19:37:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-category-update</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-photo-gallery/photo-gallery-142-authenticatedcontributor-php-object-injection-via-shortcode</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-card-by-esterox-100/business-card-100-cross-site-request-forgery-to-arbitrary-card-deletion</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagerestrict/page-restrict-221-stored-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-booking/easy-restaurant-table-booking-100-cross-site-request-forgery</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-2332-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-feedly/add-to-feedly-1211-authenticatedadministrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/findall-listing/findall-listing-105-unauthenticated-privilege-escalation</loc>
<lastmod>2025-11-26T16:08:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-for-elementor/restrict-for-elementor-107-protection-mechanism-bypass</loc>
<lastmod>2024-06-05T13:10:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latest-custom-post-type-updates/latest-custom-post-type-updates-130-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailgun-subscriptions/mailgun-subscriptions-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-11T18:35:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-531-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ploxel/ticketmeo-sell-tickets-event-ticketing-236-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3150-missing-authorization</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/crafts-and-arts/crafts-arts-25-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcargo/wpcargo-689-unauthenticated-remote-code-execution</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-slider-revolution/easy-slider-revolution-100-authenticated-author-stored-cross-site-scripting-via-esrcpt_slider_allow_iframes_filter</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-335-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-comparison-image-before-and-after/slider-comparison-image-before-and-after-083-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-09T20:41:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-business-directory-and-classified-ad-listing-367-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-2115-cross-site-request-forgery</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-easy-ads-widget/meks-easy-ads-widget-208-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meinturnierplande-widget-viewer/meinturnierplande-widget-viewer-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-font-fix/google-font-fix-231-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prodigy-commerce/prodigy-commerce-308-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundcloud-is-gold/soundcloud-is-gold-251-missing-authorization-to-soundcloud-user-add</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-plugin-pro-cc/salon-booking-pro-10102-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-tabs/responsive-tabs-405-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-04-11T10:38:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-google-map/embed-google-map-32-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-plugin-20220115-sensitive-information-disclosure</loc>
<lastmod>2022-04-15T10:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-471-weak-multi-site-activation-key-for-user-and-site-signup</loc>
<lastmod>2017-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flatpm-wp/flatpm-ad-manager-adsense-and-custom-code-322-authenticated-contributor-stored-cross-site-scripting-via-custom-post-meta</loc>
<lastmod>2026-01-20T01:56:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posti-shipping/posti-shipping-3103-cross-site-request-forgery</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rezgo/rezgo-online-booking-417-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uberSlider_perpetuummobile/uberslider-perpetuummobile-23-reflected-cross-site-scripting</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-action-button/floating-action-button-121-cross-site-request-forgery-to-settings-modification</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-extra-charges-to-payment-gateways/extra-charges-to-payment-gateway-for-woocommerce-2021-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mislider/multi-item-responsive-slider-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-10-23T20:09:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-ukagaka/mp-ukagaka-152-reflected-cross-site-scripting</loc>
<lastmod>2026-02-06T20:23:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-import-export-woocommerce/comments-import-export-249-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biltorvet-dealer-tools/biltorvet-dealer-tools-1022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userlike/userlike-22-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress/sportspress-271-cross-site-scripting</loc>
<lastmod>2020-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-41522-cross-site-request-forgery</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-522-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netgsm/netgsm-2932-missing-authorization</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fm-notification-bar/fm-notification-bar-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crossslide-jquery-plugin-for-wordpress/crossslide-jquery-plugin-205-multiple-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-162-sql-injection</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-219-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-custom-fields/just-custom-fields-332-missing-authorization-via-ajax-actions</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1392-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-access-manager/user-access-manager-12-cross-site-request-forgery</loc>
<lastmod>2011-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elegance/elegance-24-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-444-open-redirect</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realty-workstation/realty-workstation-1045-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-313-authenticated-contributor-stored-cross-site-scripting-via-title_html_tag</loc>
<lastmod>2021-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvulnerability/wpvulnerability-421-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pre-orders/woocommerce-pre-orders-202-cross-site-request-forgery-to-order-cancellation</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-popular-posts-plugin-for-wordpress-323-missing-authorization-on-tptn_ajax_clearcache</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-post-grid/wp-ultimate-post-grid-391-authenticated-contributor-stored-cross-site-scripting-via-wpupg-text-shortcode</loc>
<lastmod>2024-05-22T17:51:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-crm-forms/zoho-crm-lead-magnet-1797-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-targeting/gmap-targeting-117-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-login-bws/social-login-by-bestwebsoft-01-multiple-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-drive-upload-and-download-link/google-drive-upload-and-download-link-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T14:19:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-phrases-about-most-people-shortcodes/quran-phrases-about-most-people-shortcodes-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-poster-group/vk-poster-group-203-reflected-cross-site-scripting-via-vkp_repost</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hm-multiple-roles/hm-multiple-roles-12-privilege-escalation-via-arbitrary-role-change</loc>
<lastmod>2021-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-order-by-product-sku-for-woocommerce/search-order-by-product-sku-for-woocommerce-02-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/norebro-extra/norebro-extra-168-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uploader/uploader-104-arbitrary-file-upload</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-sharing-toolkit/social-sharing-toolkit-212-cross-site-scripting</loc>
<lastmod>2013-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-date-ranges/posts-date-ranges-22-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6620-missing-authorization</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-129-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-by-supsystic/slider-by-supsystic-1810-authenticated-admin-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribe/email-subscription-popup-1219-reflected-cross-site-scripting</loc>
<lastmod>2023-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quasar-form/quasar-form-61-authenticated-subscriber-sql-injection-via-id</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced-shortcode/file-manager-advanced-shortcode-multiple-versions-authenticated-administrator-local-javascript-file-inclusion-via-shortcode</loc>
<lastmod>2025-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-paypal-pro/paypal-pro-add-on-for-ithemes-exchange-110-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-calendar-bookings-tickets-and-more-6641-missing-authorization</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joliprint/pdf-print-button-joliprint-130-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pressprimer-quiz/pressprimer-quiz-230-insecure-direct-object-reference-to-authenticated-custom-arbitrary-modification-via-quiz_id-item_id-and-rule_id-parameters</loc>
<lastmod>2026-06-17T16:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-content/nelio-content-320-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-v3-shortcode/google-maps-v3-shortcode-121-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-form-maker-popup-maker-woocommerce-blocks-post-blocks-post-carousel-combo-blocks-2285-authenticated-contributor-stored-cross-site-scripting-via-redirecturl-parameter-of-date-countdown-widget</loc>
<lastmod>2024-07-31T21:17:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-wordpress-search-plugin-559-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-212-authenticated-contributor-stored-cross-site-scripting-via-widget-tags</loc>
<lastmod>2024-06-05T15:28:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buzz-comments/buzz-comments-094-authenticated-administrator-stored-cross-site-scripting-via-custom-buzz-avatar-setting</loc>
<lastmod>2026-04-21T19:03:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-redirection/wp-redirection-103-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-05-11T19:05:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-elementor-post-grid-addon-for-elementor-page-builder/void-elementor-post-grid-addon-for-elementor-page-builder-23-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-login-wp/social-login-wp-5000-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yogo-booking/yogo-booking-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:16:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-user-registration-user-profile-12228-reflected-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ele-conditions/elementor-element-condition-106-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate/real-estate-by-templatic-unknown-version-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2014-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1821-reflected-cross-site-scripting-via-image_id</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-catcher/wp-mail-catcher-212-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neon-product-designer-for-woocommerce/neon-product-designer-211-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dyn-business-panel/dyn-business-panel-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/wp-ultimate-review-225-missing-authorization</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-1815-missing-authorization</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plestar-directory-listing/plestar-directory-listing-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-user-meta/add-user-meta-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T20:14:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-346-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-queue/email-queue-by-bestwebsoft-112-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7-1377-sensitive-information-exposure</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zendrop-dropshipping-and-fulfillment/zendrop-global-dropshipping-100-sql-injection-in-setmetadata</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realhomes/realhomes-436-unauthenticated-privilege-escalation</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-profitshare/wp-profitshare-149-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ziggeo/ziggeo-311-missing-authorization-to-authenticated-subscriber-arbitrary-modification-via-ziggeo_ajax-ajax-action</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/viral-news/multiple-themes-various-versions-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-url-shortener/wp-url-shortener-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:45:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-customizable-contact-forms-survey-quiz-conversational-form-builder-6121-insecure-direct-object-reference-in-stripe-sca-confirmation-to-unauthenticated-payment-status-modification</loc>
<lastmod>2026-04-16T00:53:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/run-gran/run-gran-20-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-168-cross-site-scripting</loc>
<lastmod>2018-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/wp-ultimate-review-230-cross-site-request-forgery-via-wur_settings_view</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-author/wp-post-author-323-privilege-escalation</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auth0/login-by-auth0-3113-insecure-direct-object-reference</loc>
<lastmod>2020-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-event/ht-event-wordpress-event-manager-plugin-for-elementor-147-authenticated-contributor-sensitive-information-exposure-via-ht-event-sponsor</loc>
<lastmod>2025-01-30T16:49:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-mpg-340-authenticated-editor-remote-code-execution</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-attempts/limit-attempts-by-bestwebsoft-wordpress-anti-bot-and-security-plugin-for-login-and-forms-111-sql-injection</loc>
<lastmod>2015-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-cleaner-lite/shortcode-cleaner-lite-109-missing-authorization-to-authenticated-subscriber-arbitrary-options-export</loc>
<lastmod>2025-03-07T14:16:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-1185-authenticated-administrator-sql-injection</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-master/qr-master-105-reflected-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smushit/smush-lazy-load-images-optimize-compress-images-300-authenticated-phar-deserialization</loc>
<lastmod>2018-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup-newsletter/simple-popup-newsletter-147-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-839-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-add-user/custom-add-user-202-reflected-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-cfdb7/contact-form-7-database-addon-1263-csv-injection</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-automatic-wp-core-tweaks/core-tweaks-wp-setup-41-cross-site-request-forgery</loc>
<lastmod>2021-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-2136-authenticated-admin-sql-injection-via-infill_text</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-official-157-cross-site-request-forgery</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-add/landing-page-builder-1518-reflected-cross-site-scripting-via-pagetype</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-5971-csv-injection</loc>
<lastmod>2020-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-woocommerce-category-slider/wpb-category-slider-for-woocommerce-171-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-contact-icons-messages-telegram-email-sms-call-button-chaty-283-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-07T22:27:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-font-awesome/better-font-awesome-201-missing-authorization-to-plugin-options-update</loc>
<lastmod>2022-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-3317-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-323-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-73-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-334-reflected-cross-site-scripting-via-ct_additional_features</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lottier-elementor/lottier-for-elementor-109-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-unauthenticated-sql-injection</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hk-filter-and-search/html-filter-and-csv-file-search-27-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onelife/onelife-39-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wprecovery/wprecovery-20-unauthenticated-sql-injection-to-arbitrary-file-deletion</loc>
<lastmod>2025-10-02T22:35:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bakkbone-florist-companion/floristpress-730-missing-authorization-to-arbitrary-content-deletion</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-compliance-by-supsystic/gdpr-cookie-consent-by-supsystic-212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/what-would-seth-godin-do/what-would-seth-godin-do-211-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-polls/modern-polls-1010-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ng-weather/wp-ng-weather-109-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:18:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome-more-icons/font-awesome-more-icons-35-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-433-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2026-01-08T17:52:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-165-cross-site-scripting-via-langid-parameter</loc>
<lastmod>2020-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-228-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-3719-authenticatedshop-manager-php-object-injection-via-create_dummy_vendor</loc>
<lastmod>2023-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-204-full-path-disclosure</loc>
<lastmod>2006-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-5714-authenticated-administrator-cross-site-scripting-via-csv-import</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-1158-improper-authorization-to-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-contact-form-7/pdf-for-contact-form-7-650-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trx_addons/themerex-addons-2330-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnipress/omnipress-165-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T16:31:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buttonizer-multifunctional-button/buttonizer-smart-floating-action-button-254-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-311-sensitive-information-disclosure</loc>
<lastmod>2014-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-constant-contact/wp-gravity-forms-constant-contact-plugin-110-open-redirect</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-special-textboxes/special-text-boxes-624-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-09-24T12:19:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-media-library/enhanced-media-library-289-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-721-missing-authorization-to-group-creation</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-346-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codebard-help-desk/codebard-help-desk-112-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3-rotating-words/animated-rotating-words-54-cross-site-request-forgery-via-save_admin_options</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendarista-basic-edition/calendarista-basic-edition-305-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genki-pre-publish-reminder/genki-pre-publish-reminder-141-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wip-custom-login/wip-custom-login-129-cross-site-request-forgery-via-save_option</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-367-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unica/unica-event-planning-wedding-wordpress-theme-141-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-20773-cross-site-request-forgery</loc>
<lastmod>2015-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-1622-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/off-canvas-sidebars/off-canvas-sidebars-menus-slidebars-0585-cross-site-request-forgery</loc>
<lastmod>2025-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-971-authenticated-admin-arbitrary-options-update</loc>
<lastmod>2022-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup-images/simple-popup-images-10-cross-site-scripting</loc>
<lastmod>2014-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-instagram-portfolio/gs-insever-portfolio-144-cross-site-request-forgery</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-11220-cross-site-request-forgery</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robin-image-optimizer/robin-image-optimizer-169-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-import-export-for-woocommerce/order-export-order-import-for-woocommerce-243-authenticated-shop-manager-arbitrary-file-upload-via-upload_import_file</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0968-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-library/addon-library-1376-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qa-heatmap-analytics/qa-analytics-4111-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-membership/micropayments-2929-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-portfolio/portfolio-wordpress-portfolio-plugin-288-cross-site-request-forgery-in-rtport_spare_me</loc>
<lastmod>2022-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-category-posts-list/wp-category-post-list-widget-203-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portrait-archiv-shop/portrait-archivcom-photostore-32-reflected-cross-site-scripting</loc>
<lastmod>2019-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-1120-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unique-ux/unique-ux-092-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/injection-guard/injection-guard-129-unauthenticated-stored-cross-site-scripting-via-query-parameter-name</loc>
<lastmod>2026-03-20T10:55:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leads-5050-visitor-insights/leads5050-visitor-insights-105-authorization-bypass</loc>
<lastmod>2021-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-awesome/history-timeline-106-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/export-wordpress-data-with-advanced-filters-12-sql-injection</loc>
<lastmod>2016-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-football/wp-football-11-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordlift/wordlift-3545-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-master/testimonial-master-021-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-06T20:37:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-11045-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-easy-form-builder/form-builder-cp-1231-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sastra-essential-addons-for-elementor/sastra-essential-addons-for-elementor-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-access-governance-for-wordpress-710-missing-authorization</loc>
<lastmod>2026-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eu-cookie-law/eu-cookie-law-316-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-login/heateor-social-login-wordpress-1131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-442-reflected-cross-site-scripting-via-code</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpful/helpful-4458-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalprocessing-card-payments/nomupay-payment-processing-gateway-716-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tantyyellow/tantyyellow-1005-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ag-custom-admin/absolutely-glamorous-custom-admin-68-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigbuy-wc-dropshipping-connector/bigbuy-dropshipping-connector-for-woocommerce-200-unauthenticated-full-path-disclosute</loc>
<lastmod>2025-02-17T15:49:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1134-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-client-interface-391-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ckeditor-for-wordpress/ckeditor-for-wordpress-453-reflected-cross-site-scripting</loc>
<lastmod>2015-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masker-elementor/masker-for-elementor-114-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-433-authenticated-contributor-stored-cross-site-scripting-via-skin-shortcode-attribute</loc>
<lastmod>2026-04-07T15:19:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/quick-interest-slider-316-reflected-cross-site-scripting</loc>
<lastmod>2026-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/holding_pattern/holding-pattern-06-arbitrary-file-upload</loc>
<lastmod>2015-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commons-booking/cb-legacy-09418-cross-site-request-forgery-to-codetimeframebooking-deletion</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/examapp/ibps-online-exam-10-cross-site-scripting</loc>
<lastmod>2017-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-slider/carousel-slider-2210-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-453-cross-site-scripting-via-customizer</loc>
<lastmod>2016-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dyslexiefont/dyslexiefont-free-002-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokstories/rokstories-125-denial-of-service</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/molongui-authorship/molongui-4619-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-1851-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-101411-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2026-01-15T16:11:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-tool-tip/wp-smart-tooltip-100-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myorderdesk/myorderdesk-326-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ticker/simple-ticker-305-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-reviews/rich-reviews-by-starfish-195-sql-injection</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-and-templates-352-authenticated-contributor-stored-cross-site-scripting-via-custom-widget</loc>
<lastmod>2025-07-24T09:38:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player/video-player-1522-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-364-missing-file-type-validation</loc>
<lastmod>2019-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polls-widget/poll-survey-questionnaire-and-voting-system-152-unauthenticated-blind-sql-injection</loc>
<lastmod>2021-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-294-reflected-cross-site-scripting</loc>
<lastmod>2023-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-17017-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7633-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stax-addons-for-elementor/elementor-addons-widgets-and-enhancements-stax-1441-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-shipping-multiple-addresses/woocommerce-ship-to-multiple-addresses-383-insecure-direct-object-reference</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classifieds-listing-140-stored-cross-site-scripting</loc>
<lastmod>2019-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sexy-contact-form/creative-contact-form-100-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-razorpay/razorpay-for-woocommerce-478-missing-authentication-to-unauthenticated-order-modification</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-list/page-list-58-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/windows-live-writer/windows-live-writer-01-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flaming-forms/flaming-forms-101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/address-email-and-phone-validation/pca-predict-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatway-live-chat/chatway-live-chat-ai-chatbot-customer-support-faq-helpdesk-customer-service-chat-buttons-148-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-plus-name-link-popup-badge/google-link-name-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:21:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpquiz/wpquiz-042-authenticated-contributor-sql-injection</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-urls/simple-urls-114-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryokey/cryokey-24-reflected-cross-site-scripting-via-ckemail-parameter</loc>
<lastmod>2025-03-21T18:19:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/organization-chart/organization-chart-141-cross-site-request-forgery</loc>
<lastmod>2022-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-5411-missing-authorization-via-bdt_duplicate_as_draft</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-import-export-for-woocommerce/order-export-order-import-for-woocommerce-267-missing-authorization</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-lite-176-cross-site-request-forgery-via-admin_slides</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/green-planet/green-planet-environmental-non-profit-wordpress-theme-1114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-masta/mail-masta-10-sql-injection-via-id-parameter</loc>
<lastmod>2017-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-718-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-flagger/post-flagger-11-authenticated-contributor-stored-cross-site-scripting-via-slug-shortcode-attribute</loc>
<lastmod>2026-03-20T15:18:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-custom-fields/smart-custom-fields-500-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-by-wp-academy/clone-246-unauthenticated-php-object-injection-via-recursive_unserialized_replace</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-820-ip-spoofing</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixnet/pixnet-plugin-2910-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:15:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gestion-pymes/gestion-pymes-156-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/petclub/pets-club-23-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content/text-prompter-unlimited-chatgpt-text-prompts-for-openai-tasks-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-shortcode/cf-internal-link-shortcode-110-unauthenticated-sql-injection</loc>
<lastmod>2025-01-10T13:52:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-400-4152-authorization-bypass</loc>
<lastmod>2021-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking-pro/bookingpress-appointment-booking-pro-571-unauthenticated-sql-injection-via-store_service_date-parameter</loc>
<lastmod>2026-06-30T17:17:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-403-authenticated-admin-sql-injections</loc>
<lastmod>2021-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-5421-cross-site-request-forgery-to-user-registration-approval</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-warranty/woocommerce-warranty-requests-216-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-save-abandoned-carts/cartbounty-save-and-recover-abandoned-carts-for-woocommerce-82-cross-site-request-forgery</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guest-author-name/simply-guest-author-name-436-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-for-mailchimp/block-for-mailchimp-add-email-subscription-forms-and-collect-leads-1115-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdfjs-shortcode/pdfjs-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-dynamics/dynamics-365-integration-1312-missing-authorization-via-wp_ajax_wpcrm_log-wp_ajax_wpcrm_log_verbosity</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-files/user-files-242-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkbox/checkbox-2810-missing-authorization-to-unauthenticated-log-clearing</loc>
<lastmod>2025-11-20T18:51:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-475-unauthenticated-privilege-escalation</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-mercadopago/mercado-pago-payments-for-woocommerce-730-761-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2024-07-19T15:14:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms-frontend-listing/everest-forms-frontend-listing-105-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiny-carousel-horizontal-slider-plus/tiny-carousel-horizontal-slider-plus-32-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-607-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-3d-flipbook-social-feeds-google-docs-vimeo-wistia-youtube-videos-audios-google-maps-in-gutenberg-block-elementor-413-authenticated-contributor-stored-cross-site-scripting-via-provider_name</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jrss-widget/jrss-widget-12-server-side-request-forgery</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-181-cross-site-request-forgery-via-reset_settings</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse/getresponse-forms-260-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-product-feed/elex-product-feed-for-woocommerce-312-authenticated-administrator-sql-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/processing-projects/processing-projects-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-80-elementor-widgets-4-000-elementor-templates-woocommerce-mega-menu-popup-builder-51162-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collapsing-archives/collapsing-archives-307-authenticated-contributor-sql-injection</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-rocket/social-rocket-social-sharing-plugin-134-missing-authorization-to-settings-update</loc>
<lastmod>2025-01-06T16:28:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-344-unauthenticated-stored-cross-site-scripting-via-http-referer</loc>
<lastmod>2025-10-24T16:54:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-videos/external-videos-201-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-hide-admin-bar/auto-hide-admin-bar-161-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloasso/helloasso-1110-missing-authorization-to-authenticated-contributor-limited-options-update</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-converter-for-media/webp-converter-for-media-402-unauthenticated-open-redirect</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-blocks/newspack-blocks-308-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-manager-by-jobscore/job-manager-by-jobscore-22-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-live-chat-for-wordpress-buddypress-peepso-ultimate-member-buddyboss-269-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-style-pack/bbp-style-pack-567-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-registration/simple-user-registration-67-missing-authorization-to-account-takeover</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/etchy/etchy-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-captcha/recaptcha-by-bestwebsoft-128-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-2124-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-18T16:35:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multishipping/chronopost-mondial-relay-pour-woocommerce-wcmultishipping-237-incorrect-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-122-cross-site-scripting</loc>
<lastmod>2012-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/section-widget/section-widget-331-reflected-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tamara-checkout/tamara-checkout-199-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-comments/contus-video-comments-10-remote-file-upload</loc>
<lastmod>2016-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clever-fox/clever-fox-2520-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wha-crossword/wha-crossword-1110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-notification-bar/wpfront-notification-bar-332-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-341-blind-sql-injection-via-length-parameter</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-headmaster/wp-headmaster-03-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blighty-explorer/blightly-explorer-230-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-photos-media-sell-with-paypal-stripe-28121-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-directory/simple-link-directory-771-unauthenticated-sql-injection</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xml-for-google-merchant-center/xml-for-google-merchant-center-301-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/member-hero/member-hero-109-remote-code-execution</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donation/donation-10-authenticated-admin-sql-injection</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-contact-vr/button-contact-vr-4791-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docus/docus-106-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-05T18:37:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addfreestats/afs-analytics-415-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-430-cross-site-request-forgery-via-toggle_logging_callback</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-reviews/wp-social-ninja-embed-social-feeds-customer-reviews-chat-widgets-google-reviews-youtube-feed-photo-feeds-and-more-3203-unauthenticated-stored-cross-site-scripting-via-external-content-import</loc>
<lastmod>2025-12-01T17:36:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultraaddons-elementor-lite/ultraaddons-elementor-lite-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171056-authenticated-contributor-stored-cross-site-scripting-via-instagram-feed-widget</loc>
<lastmod>2026-04-16T13:10:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/restaurant-cafeteria/restaurant-cafeteria-046-missing-authorization-to-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-231-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-to-mailchimp/import-users-to-mailchimp-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hybrid-gallery/gallery-hybrid-advanced-visual-gallery-1402-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-widget/content-blocks-custom-post-widget-330-authenticated-contributor-stored-cross-site-scripting-via-content_block-shortcode</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1727-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wemail/wemail-207-missing-authorization-to-unauthenticated-form-deletion</loc>
<lastmod>2026-02-20T20:58:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-javascript-cloaker/email-javascript-cloak-103-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-23T16:36:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eri-file-library/eri-file-library-110-missing-authorization-to-unauthenticated-protected-file-download</loc>
<lastmod>2025-10-30T20:31:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-282-reflected-cross-site-scripting</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-319-authentication-bypass</loc>
<lastmod>2021-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-401-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-by-supsystic/pricing-table-by-supsystic-181-cross-site-request-forgery-to-cross-site-scripting-and-setting-changes</loc>
<lastmod>2020-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-tags/wp-seo-tags-227-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3203-authenticated-contributor-stored-cross-site-scripting-via-custom-js</loc>
<lastmod>2025-12-22T22:08:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kanban/kanban-boards-for-wordpress-2520-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booqable-rental-reservations/booqable-rental-plugin-2415-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-631-missing-authorization</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertplug/convertplus-3526-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/io-engagement-analytics/plugin-for-google-analytics-by-io-technologies-11-cross-site-request-forgery-via-ga_id-parameter</loc>
<lastmod>2026-06-29T16:17:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-archive-mapping/custom-query-blocks-520-missing-authorization-via-rest-routes</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-292-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/real-estate-directory/real-estate-directory-104-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-activation</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unify/unify-347-authenticated-contributor-stored-cross-site-scripting-via-unify_checkout-shortcode</loc>
<lastmod>2025-10-02T22:11:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-wp-mail/ultimate-wp-mail-134-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-posts/category-posts-widget-4917-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-google-adwords-conversion-tracking-tag/pixel-manager-for-woocommerce-pro-1490-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-06-18T13:52:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicewp/affiliate-program-suite-slicewp-affiliates-126-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moments/moments-22-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atec-debug/atec-debug-1222-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-406-authenticated-sql-injection-via-order-orderby-parameters</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-subscription/tagdiv-opt-in-builder-144-authenticated-admin-sql-injection</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magze/magze-109-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bookwidgets/wp-bookwidgets-09-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T20:01:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-136-unauthenticated-remote-plugin-deletion</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-22201-cross-site-request-forgery</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-525-cross-site-scripting</loc>
<lastmod>2014-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-custom-testimonial/testimonial-wordpress-plugin-147-reflected-cross-site-scripting</loc>
<lastmod>2022-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yanewsflash/yanewsflash-103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-07-22T14:03:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-directory/simple-link-directory-883-cross-site-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-3128-reflected-cross-site-scripting</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-314-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-07-28T20:40:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-amazon-shop/dropshipping-affiliation-with-amazon-212-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/event-manager-events-calendar-tickets-registrations-eventin-404-missing-authorization-to-authenticated-contributor-event-data-import</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-core-features/designthemes-core-features-47-missing-authorization-to-unauthenticated-arbitrary-file-read-via-dt_process_imported_file</loc>
<lastmod>2025-03-04T21:27:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-auto-tag/simple-auto-tag-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-side-data-storage-for-contact-form-7/admin-side-data-storage-for-contact-form-7-112-stored-cross-site-scripting</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-idx-home-search/my-idx-home-search-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:56:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WP_UltimateToursBuilder/wp-ultimate-tours-builder-1055-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneclick-whatsapp-order/oneclick-chat-to-order-1041-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nhrrob-options-table-manager/nhr-options-table-manager-112-authenticated-admin-php-object-injection</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listeo/listeo-208-authenticated-contributor-stored-cross-site-scripting-via-soundcloud-shortcode</loc>
<lastmod>2025-10-24T17:11:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bootstrap-tabs/wp-bootstrap-tabs-104-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T14:56:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-yandex-metrica/yandex-metrica-counter-143-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ia-map-analytics-basic/ia-map-analytics-basic-20170413-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ledenbeheer-external-connection/ledenbeheer-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-menu-extension/woocommerce-menu-extension-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone-contextual/amazon-native-shopping-recommendations-13-unauthenticated-sql-injection</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-43-cross-site-scripting</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-220-unauthenticated-open-email-relay-via-rest-api-email_to-parameter</loc>
<lastmod>2026-04-20T14:13:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-6425-cross-site-request-forgery</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-manager/seo-manager-19-authenticated-contributor-stored-cross-site-scripting-via-post-meta</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-export/image-export-111-path-traversal</loc>
<lastmod>2015-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reading-progress-bar/reading-progressbar-131-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inquiries/wp-inquiries-021-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-saml-20-single-sign-on/saml-single-sign-on-saml-sso-login-4873-cross-site-scripting</loc>
<lastmod>2019-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-308-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-620-cross-site-request-forgery</loc>
<lastmod>2017-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anymind-widget/anymind-widget-11-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supreme-modules-for-divi/supreme-modules-lite-divi-theme-extra-theme-and-divi-builder-253-authenticated-contributor-dom-based-cross-site-scripting</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/base64-encoderdecoder/base64-encoderdecoder-092-reflected-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-sms/-persian-woocommerce-sms-705-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T12:22:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-347-dom-based-cross-site-scripting</loc>
<lastmod>2021-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41031-missing-authorization-to-information-disclosure</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hmd/hmd-20-reflected-cross-site-scripting</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailing-group/mailing-group-listserv-304-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-fattureincloud/woocommerce-fattureincloud-267-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rdfa-breadcrumb/rdfa-breadcrumb-23-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trust-payments-gateway-3ds2/trust-payments-gateway-3ds2-120-cross-site-request-forgery</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-missing-authorization-to-settings-update-in-enableoptimization</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-3912-insufficient-authorization-checks-to-block-usual</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-skitter-slideshow/skitter-slideshow-252-unauthenticated-server-side-request-forgery</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9200-authenticated-subscriber-sql-injection-via-mj_smgt_show_event_task</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ayo-shortcodes/ayo-shortcodes-02-authenticated-contributor-stored-cross-site-scripting-via-color-shortcode-attribute</loc>
<lastmod>2025-12-11T14:29:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personalization-by-flowcraft/advanced-personalization-112-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-453-denial-of-service-via-oembed-protocol</loc>
<lastmod>2016-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notibar/notibar-notification-bar-for-wordpress-214-authenticated-subscriber-arbitrary-shortcode-execution-via-njt_nofi_text</loc>
<lastmod>2024-12-12T20:33:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zigaform-calculator-cost-estimation-form-builder-lite/zigaform-price-calculator-cost-estimation-form-builder-lite-742-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-renamer/media-file-renamer-194-stored-cross-site-scripting</loc>
<lastmod>2014-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/korea-for-woocommerce/korea-for-woocommerce-1111-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verowa-connect/verowa-connect-305-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phox-host/phox-hosting-208-reflected-cross-site-scripting</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/wordpress-social-login-and-register-7610-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-3362-cross-site-scripting-via-sort-parameter</loc>
<lastmod>2013-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate-x/qtranslate-x-344-reflected-cross-site-scripting</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagerank-tools/pagerank-tools-115-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:37:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-154-unauthenticated-information-exposure</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitepos-lite/vitepos-point-of-sale-pos-313-missing-authorization</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/botnet-attack-blocker/botnet-attack-blocker-200-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontific/fontific-google-fonts-016-cross-site-request-forgery-via-ajax_fontific_save_all</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/underconstruction/underconstruction-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jannah-extensions/jannah-extensions-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marmoset-viewer/marmoset-viewer-193-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hmenu/hero-mega-menu-responsive-wordpress-menu-plugin-1165-missing-authorization-to-authenticated-subscriber-arbitrary-directory-deletion</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-595-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-292-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/festy/festy-1130-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hkdev-maintenance-mode/maintenance-mode-by-helderk-301-unauthenticated-ip-spoofing</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-now-for-woocommerce/free-downloads-woocommerce-3582-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-images/instant-images-610-authenticated-author-arbitrary-options-update</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ruven-themes-shortcodes/ruven-themes-shortcodes-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-17T16:20:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-wordpress-gym-management-system-6770-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-09-09T17:42:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-331-subscriber-arbitrary-settings-update</loc>
<lastmod>2022-04-25T10:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-317-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-upload-types/file-upload-types-by-wpforms-140-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-24T20:07:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-widgets/display-widgets-203-authenticated-cross-site-scripting</loc>
<lastmod>2015-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-lite-195-authenticated-contributor-stored-cross-site-scripting-via-start_timestamp-parameter</loc>
<lastmod>2025-05-09T10:00:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-waveform-player/easy-waveform-player-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T14:17:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcp-contact-form/wcp-contact-form-310-missing-authorization-via-downloadcsv</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-162-authenticatedadministrator-sql-injection-via-txtsearch</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr-premium/complianz-645-premium-647-cross-site-request-forgery</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bulk-sms/wp-bulk-sms-by-smsto-1012-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:18:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/simple-calendar-google-calendar-plugin-342-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T12:31:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsearchwp/chatbot-with-chatgpt-244-missing-authorization</loc>
<lastmod>2024-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-usps-edition/small-package-quotes-usps-edition-139-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ean-for-woocommerce/ean-for-woocommerce-492-insecure-direct-object-reference-to-sensitve-information-exposure-via-shortcode</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess-login-block/htaccess-login-block-09a-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-288-missing-authorization-to-information-disclosure-sd_php_info</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tube-video-curator/tube-video-curator-119-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-2019-cross-site-request-forgery-via-save_account_details</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-3118-authenticated-contributor-stored-cross-site-scripting-via-import-data-from-file</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/themify-ultra/themify-ultra-735-authenticated-subscriber-php-object-injection</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_start_cdn_integration_ajax_request_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-5127-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-calendar-sync/vr-calendar-231-reflected-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-339-improper-input-validation-via-save_event_booking</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devexhub-gallery/devexhub-gallery-201-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-random-posts/ajax-random-posts-033-php-object-injection</loc>
<lastmod>2017-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dr-affiliate/dr-affiliate-123-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-plugin-11665-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-authenticated-subscriber-sql-injection-via-pbc_downmetaid</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonus-for-woo/bonus-for-woo-766-insufficient-input-validation</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem-elementor/thegem-elementor-51051-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-6026-reflected-cross-site-scripting</loc>
<lastmod>2014-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-facebook-pixel/meta-pixel-for-wordpress-222-php-object-injection</loc>
<lastmod>2021-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3330-unauthenticated-cron-trigger-due-to-hardcoded-cron-key</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/price-calculator-to-your-website/website-price-calculator-41-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4147-authentication-bypass</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcast-subscribe-buttons/podcast-subscribe-buttons-148-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5943-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/country-state-city-auto-dropdown/country-state-city-dropdown-cf7-272-unauthenticated-sql-injection</loc>
<lastmod>2024-05-21T19:38:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-373-reflected-cross-site-scripting</loc>
<lastmod>2021-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledgebase-helpdesk-pro/kbx-pro-ultimate-805-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-474-admin-sql-injection</loc>
<lastmod>2022-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inspirational-quote-rotator/inspirational-quote-rotator-100-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-typed-js-shortcode/animated-typed-js-shortcode-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-7221-authenticated-contributor-stored-cross-site-scripting-via-events_list_grouped-shortcode</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-wishlist-for-woocommerce/wishlist-and-save-for-later-for-woocommerce-1122-insecure-direct-object-reference-to-authenticated-subscriber-wishlist-item-deletion</loc>
<lastmod>2025-11-11T15:47:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-gutenberg-blocks-page-builder-for-gutenberg-editor-339-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-12-04T16:20:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleverreach-wp/cleverreach-wp-1521-unauthenticated-sql-injection</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-popup/wp-custom-post-popup-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-testimonials-slider-and-widget/wp-responsive-testimonials-slider-and-widget-15-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-276-authenticated-contributor-stored-cross-site-scripting-via-block_css-and-inner_css</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shelf-planner/shelf-planner-281-unauthenticated-information-exposure-via-log-files</loc>
<lastmod>2025-11-10T15:14:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pinboard/pinboard-1110-cross-site-scripting</loc>
<lastmod>2013-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-383-cross-site-request-forgery</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-support/fluent-support-helpdesk-customer-support-ticket-system-185-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-02-28T15:27:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-manager-for-wp-e-commerce/smart-manager-advanced-woocommerce-bulk-edit-inventory-management-8850-authenticated-contributor-privilege-escalation</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-sms-otp-for-woocommerce-order-notifications-abandoned-cart-recovery-393-missing-authorization</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1390-directory-traversal-via-wpcf7_guest_user_id-cookie</loc>
<lastmod>2025-08-15T19:13:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-types-image/custom-post-type-images-05-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-38-subscriber-sql-injection</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-1095-server-side-request-forgery</loc>
<lastmod>2022-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-polls-surveys-more-307-reflected-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-152-path-traversal-to-authenticated-administrator-arbitrary-file-read-via-downloadresponsefile-function</loc>
<lastmod>2025-02-13T22:19:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-user-access/restrict-user-access-membership-plugin-with-force-25-reflected-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-files-youtube-twitter-instagram-tiktok-ecommerce-contest-gallery-upload-vote-sell-via-paypal-or-stripe-social-share-buttons-openai-2610-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-07-31T16:20:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-3562-unauthenticated-arbitrary-file-read-via-media-field</loc>
<lastmod>2026-03-20T18:28:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-jplayer/mp3-jplayer-273-cross-site-request-forgery</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auction-feed/auction-feed-113-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-309-missing-authorization</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-flow/zoho-flow-2141-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmaper-elementor/gmaper-for-elementor-109-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-711-authenticated-contributor-sql-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trusty-woo-products-filter/shop-products-filter-12-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docket-cache/docket-cache-240703-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woocommerce-payments-590-missing-authorization-via-redirect_pay_for_order_to_update_payment_method</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-1062-missing-authorization</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-136-authenticated-admin-html-injection</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-wordpress-options-changes-via-ajax</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-395-local-file-inclusion</loc>
<lastmod>2014-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-503-authorization-bypass</loc>
<lastmod>2018-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-6219-sql-injection</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supreme-modules-for-divi/supreme-modules-lite-2562-authenticated-author-arbitrary-file-upload-via-json-upload-bypass</loc>
<lastmod>2026-01-15T01:09:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-notifier/event-notifier-120-cross-site-scripting</loc>
<lastmod>2017-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-contact-form/elfsight-contact-form-widget-231-unauthenticated-information-exposure</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/GoogleAlertandtwitterplugin/google-alert-and-twitter-plugin-315-multiple-vulnerabilities</loc>
<lastmod>2013-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-365-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-control/users-control-1016-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-442-missing-authorization-to-arbitrary-page-creation-and-publication</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-photos-media-sell-with-paypal-stripe-3000-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-304-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table/wp-table-143-local-file-inclusion</loc>
<lastmod>2007-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-11051-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ads-manager/simple-ads-manager-2797-multiple-sql-injections</loc>
<lastmod>2015-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19953-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-performance-accelerator/aio-performance-profiler-monitor-optimize-compress-debug-12-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flat-preloader/flat-preloader-155-stored-cross-site-scripting</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/work-the-flow-file-upload/work-the-flow-231-arbitrary-file-upload</loc>
<lastmod>2014-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezoic-integration/ezoic-288-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-optimizer-webp/wp-media-optimizer-webp-140-reflected-cross-site-scripting-via-wpmowebp-css-resources-and-wpmowebp-js-resources-parameters</loc>
<lastmod>2024-12-05T19:42:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-1318-authenticated-subscriber-information-disclsoure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-gallery-grid/responsive-gallery-grid-2310-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-700-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2020-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5280-bootstrap-modal-contact-form/5280-bootstrap-modal-contact-form-10-cross-site-request-forgery-to-bulk-delete-messages</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-395-contributor-arbitrary-thumbnail-removal</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3323-unauthenticated-limited-privilege-escalation-to-instructor</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6010-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging/wp-staging-backup-duplicator-migration-2917-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-megamenu/wp-mega-menu-136-unauthenticated-settings-update-to-stored-cross-site-scripting</loc>
<lastmod>2020-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keyy/keyy-two-factor-authentication-like-clef-123-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-10-14T20:04:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-filter/blog-filter-176-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/draw-attention/draw-attention-2011-missing-authorization-to-arbitrary-post-featured-image-modification</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-custom-post/display-custom-post-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workreap/workreap-332-authenticated-subscriber-arbitrary-file-upload-via-workreap_temp_upload_to_media</loc>
<lastmod>2025-06-11T16:31:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lb-mixed-slideshow/lb-mixed-slideshow-for-wordpress-10-arbitrary-file-upload</loc>
<lastmod>2012-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leenkme/leenkme-250-cross-site-request-forgery</loc>
<lastmod>2016-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-by-supsystic/photo-gallery-by-supsystic-11516-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/korea-sns/korea-sns-170-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-campaign-monitor-extension/contact-form-7-campaign-monitor-extension-0467-missing-authorization-to-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-303-reflected-cross-site-scripting</loc>
<lastmod>2020-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-demo-import/theme-demo-import-113-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3120-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-0112-reflected-cross-site-scripting</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tournamatch/wordpress-plugin-tournamatch-461-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-upload-file/easy-digital-downloads-upload-file-104-arbitrary-file-uploaddeletion</loc>
<lastmod>2015-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-2592-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lesson-plan-book/lesson-plan-book-13-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T21:37:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-backed-notices/hide-dashboard-notifications-123-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/winnex/winnex-132-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/palladio/palladio-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversionninja/conversion-ninja-unspecified-version-cross-site-scripting</loc>
<lastmod>2014-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiebot/cookiebot-458-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-management-xtended/admin-management-xtended-244-cross-site-request-forgery</loc>
<lastmod>2022-05-27T12:53:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pinterest-verify-meta-tag/pinterest-verify-meta-tag-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-221-missing-authorization-to-authenticated-contributor-arbitrary-modification-via-ajax-actions</loc>
<lastmod>2026-04-20T17:50:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nk-themes-helper/nk-themes-helper-179-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fbsurveypro/facebook-survey-pro-10-sql-injection</loc>
<lastmod>2012-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-unishippers-edition/ltl-freight-quotes-unishippers-edition-258-reflected-cross-site-scripting</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1070-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ig-shortcodes/ig-shortcodes-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-wordpress-booking-plugin-275-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-20T14:14:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-domain-redirect/wp-domain-redirect-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-35128-authenticated-administrator-sql-injection-via-sliderid-parameter</loc>
<lastmod>2025-07-29T19:33:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexter-extension/nexter-extension-203-authenticatededitor-remote-code-execution-via-metabox</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-872-missing-authorization</loc>
<lastmod>2024-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-converter-for-media/converter-for-media-optimize-images-convert-webp-avif-651-unauthenticated-server-side-request-forgery-via-src</loc>
<lastmod>2026-02-11T21:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-import-export-lite/wp-import-export-lite-3928-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-08-04T18:51:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rise-blocks/rise-blocks-a-complete-gutenberg-page-builder-37-authenticated-contributor-stored-cross-site-scripting-via-site-identity-block-attributes</loc>
<lastmod>2026-02-24T18:45:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-270-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/acerola/acerola-165-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-coupons/affiliate-coupons-173-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-locker/onepress-social-locker-562-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-online-users-stats/wp-online-users-stats-100-unauthenticated-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chamber-dashboard-business-directory/chamber-dashboard-business-directory-3311-missing-authorization-to-unauthenticated-business-information-export</loc>
<lastmod>2025-11-24T19:17:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lasa/lasa-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-394-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/huge-it-gallery-images-189-sql-injection</loc>
<lastmod>2016-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upload-media-by-url/upload-media-by-url-107-cross-site-request-forgery-via-umbu_download</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/education-lms/education-lms-007-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-framework/redux-framework-4412-4417-unauthenticated-json-file-upload-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-22T12:05:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirection-114-cross-site-request-forgery-to-plugin-reset</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keep-backup-daily/keep-backup-daily-212-authenticated-admin-stored-cross-site-scripting-via-backup-title</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshop/shop-261-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-watermark/dx-watermark-104-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-1532-reflected-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quietly-insights/quietly-insights-122-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsimpletools-log-viewer/basic-log-viewer-104-cross-site-request-forgery-via-wpst_lw_viewer</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-172-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41024-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getsocial/getsocial-201-reflected-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/extra/elegantthemes-123-privilege-escalation</loc>
<lastmod>2016-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-manager/job-board-manager-2161-authenticated-job-poster-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/book-a-room-event-calendar/book-a-room-event-calendar-19-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-23T16:40:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-banner-slider/b-banner-slider-11-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-crypto-shortcodes/simple-crypto-shortcodes-102-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-23T19:16:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-activities/booking-activities-116481-missing-authorization</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/muzaara-adwords-optimize-dashboard/optimize-your-campaigns-google-shopping-google-ads-google-adwords-31-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup/simple-popup-images-186-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3180-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docket-cache/docket-cache-240704-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-154-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chart-builder-196-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-malware-removal/malcure-malware-scanner-1-toolset-for-wordpress-malware-removal-168-missing-authorization-to-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catablog/catablog-170-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-customizer-light/product-customizer-light-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-17T15:48:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-catalog-feed/product-catalog-feed-by-pixelyoursite-210-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hmenu/hero-mega-menu-responsive-wordpress-menu-plugin-1165-reflected-cross-site-scripting</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-162614-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-export-and-more-for-woocommerce/order-export-for-woocommerce-324-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ilogic-accessibility/accessibility-press-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio2-html5/responsive-html5-audio-player-pro-with-playlist-357-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nexos/nexos-real-estate-17-reflected-cross-site-scripting</loc>
<lastmod>2020-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-forms-by-mailmunch/mailchimp-forms-by-mailmunch-314-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-modern-events-calendar-bookings-and-tickets-4047-unauthenticated-stored-cross-site-scripting-via-transaction-log</loc>
<lastmod>2024-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/string-locator/string-locator-265-reflected-cross-site-scripting</loc>
<lastmod>2024-08-23T13:40:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/terawallet-best-woocommerce-wallet-system-with-cashback-rewards-partial-payment-wallet-refunds-1410-missing-authorization-to-authenticated-subscriber-user-email-export</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shmapper-by-teplitsa/shmapper-by-teplitsa-1418-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-cookie-banner/wordpress-real-cookie-banner-gdpr-dsgvo-eprivacy-cookie-consent-2142-cross-site-request-forgery</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ketchup-restaurant-reservations/ketchup-restaurant-reservations-100-unauthenticated-sql-injection</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-365-cross-site-request-forgery</loc>
<lastmod>2022-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hack-me-if-you-can/hack-me-if-you-can-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mesmerize/mesmerize-16120-cross-site-request-forgery-to-cache-clearing</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-all-in-one-woo-cart/th-side-cart-and-menu-cart-for-woocommerce-111-cross-site-request-forgery</loc>
<lastmod>2023-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-notes-plus/plugin-notes-plus-126-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/pdf-invoices-packing-slips-for-woocommerce-380-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-crm-5431-missing-authorization</loc>
<lastmod>2026-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-276-unauthenticated-admin-account-creation</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-438-reflected-cross-site-scripting</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-auto-post-thumbnail-3915-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jonradio-private-site/my-private-site-307-cross-site-request-forgery</loc>
<lastmod>2022-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gravel/gravel-16-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forum-server/wp-forum-server-173-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proquoter/pro-quoter-plugin-10-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack/element-pack-addon-for-elementor-page-builder-wordpress-plugin-790-authenticatedcontributor-stored-cross-site-scripting-via-wrapper-link-url</loc>
<lastmod>2024-07-31T16:46:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chapa-payment-gateway-for-woocommerce/chapa-payment-gateway-plugin-for-woocommerce-103-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-02-03T19:32:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-discord-integration/miniorange-discord-integration-215-missing-authorization-to-plugin-options-update</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-31433-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-testimonials/quick-testimonials-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T16:10:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-voucher/gift-cards-gift-vouchers-and-packages-woocommerce-supported-449-missing-authorization-to-unauthenticated-price-date-and-note-updates</loc>
<lastmod>2025-02-19T21:09:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-google-plus-one-social-share-button/add-google-1-plus-one-social-share-button-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T18:32:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latest-post-shortcode/latest-post-shortcode-1421-missing-authorization</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-request-a-quote/yith-request-a-quote-for-woocommerce-163-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rizzi-guestbook/rizzi-guestbook-401-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-153-missing-authorization</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-for-current-date/shortcode-for-current-date-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onceki-yazi-linki/nceki-yaz-link-13-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rosaleen/rosaleen-28-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3251-unauthenticated-arbitrary-sql-execution</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-get-contents/jsm-file_get_contents-shortcode-270-authenticated-contributor-server-side-request-forgery-via-shortcode</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-21012-authenticated-contributor-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-manager-for-woocommerce/license-manager-for-woocommerce-309-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-ordering-reservations/restaurant-menu-food-ordering-system-table-reservation-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/emaurri/emaurri-101-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-anything/carousel-anything-for-wpbakery-page-builder-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-1712-cross-site-request-forgery</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/benevolent/benevolent-139-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webpushr-web-push-notifications/webpushr-4380-unauthenticated-information-exposure</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woomotiv/live-sales-notification-for-woocommerce-woomotiv-363-reflected-cross-site-scripting</loc>
<lastmod>2025-12-05T17:44:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-alidropship/ald-aliexpress-dropshipping-and-fulfillment-for-woocommerce-premium-110-sensitive-information-disclosure</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockholm-core/stockholm-core-241-reflected-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-vouchers/woocommerce-pdf-vouchers-494-reflected-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-721-sensitive-information-exposure-via-backup-filenames</loc>
<lastmod>2024-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-hidecollapse-expand/show-hide-collapse-expand-125-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brid-video-easy-publish/target-video-easy-publish-383-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T19:11:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-forms/mollie-forms-2712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipepress-reloaded/recipepress-reloaded-2120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:43:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-learning-management-system-for-wordpress-4962-unauthenticated-arbitrary-file-read-and-deletion</loc>
<lastmod>2024-11-08T17:34:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eona/eona-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-google-social-profiles-to-knowledge-graph-box/add-google-social-profiles-to-knowledge-graph-box-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:19:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-html-tinymce-button/download-html-tinymce-button-12-reflected-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-round-robin-lead-distribution/contact-form-7-round-robin-lead-distribution-121-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-313-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-player-for-elementor/music-player-for-elementor-246-authenticated-contributor-stored-cross-site-scripting-via-album_buy_url-parameter</loc>
<lastmod>2025-06-02T22:20:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/formula/formula-051-reflected-cross-site-scripting-via-ti_customizer_notify_dismiss_recommended_plugins</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19953-authenticated-instructor-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-4114-reflected-cross-site-scripting</loc>
<lastmod>2024-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-contact-form-payment-form-custom-form-builder-1292-authenticated-contributor-stored-cross-site-scripting-via-forminator_form-shortcode</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-plugin-for-wordpress/file-manager-plugin-for-wordpress-75-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-510-unauthenticated-arbitrary-file-move-via-move_temp_file_to_upload_dir</loc>
<lastmod>2026-04-01T16:50:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activedemand/activedemand-0227-missing-authorization-checks</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-import-export/import-export-customizer-settings-103-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-470-authenticated-subscriber-arbitrary-folder-name-update</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-2101-authenticated-contributor-stored-dom-based-cross-site-scripting-via-fancybox-5-javascript-library</loc>
<lastmod>2025-04-02T23:40:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-dribbble-portfolio/gs-shots-for-dribbble-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/CF7-mailchimp-addon/cf7-7-mailchimp-add-on-24-missing-authorization</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-156-missing-authorization</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-meta-data-manager/post-meta-data-manager-120-missing-authorization-to-post-term-and-user-meta-deletion</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrestaurants/vikrestaurants-table-reservations-and-take-away-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-631-cross-site-request-forgery</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ludos-paradise/ludos-paradise-213-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-wordpress-website-builder-1147-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockspare/blockspare-32132-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery</loc>
<lastmod>2025-01-13T17:58:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice/cookie-notice-compliance-for-gdpr-ccpa-258-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-21T16:28:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-869-cross-site-request-forgery</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pending-order-bot/pending-order-bot-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-spotlight/employee-spotlight-team-member-showcase-meet-the-team-plugin-513-missing-authorization-to-authenticated-subscriber-tracking-opt-inopt-out-modification</loc>
<lastmod>2025-12-12T14:37:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/selection-lite/selection-lite-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11540-unauthenticated-stored-cross-site-scripting-via-matrix-field-text-box</loc>
<lastmod>2026-04-13T13:52:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/re-pro/real-estate-pro-109-authenticated-admin-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-04-21T19:15:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-tree-page-view/cms-tree-page-view-167-reflected-cross-site-scripting-via-post_type</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4244-free-and-2275-premium-unauthenticated-sql-injection</loc>
<lastmod>2025-05-12T14:38:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailoptin/mailoptin-12490-missing-authorization-to-cache-deletion</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-guppy/wp-guppy-13-information-disclosure</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2844-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-pro/portfolio-filterable-masonry-portfolio-gallery-for-professionals-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-16T10:39:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-by-lisa-westlund/portfolio-plugin-204-cross-site-request-forgery</loc>
<lastmod>2012-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-817-authenticated-author-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/power-mag/power-mag-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-form-registration-form-profile-form-for-user-profiles-frontend-content-forms-for-user-submissions-ugc-287-missing-authorization</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recently/recently-304-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-block-ips/block-ips-for-gravity-forms-101-cross-site-request-forgery</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gAppointments/gappointments-appointment-booking-addon-for-gravity-forms-197-reflected-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-security-block-spam-users-comments-forms-20244-cross-site-request-forgery-csrf-via-sfs_process</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acurax-social-media-widget/social-media-widget-by-acurax-22-stored-cross-site-scripting</loc>
<lastmod>2015-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pricing-table/woocommerce-pricing-product-pricing-109-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-44-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-related-posts/custom-related-posts-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigbuy-wc-dropshipping-connector/bigbuy-dropshipping-connector-for-woocommerce-205-unauthenticated-ip-spoofing-to-phpinfo-exposure</loc>
<lastmod>2025-11-20T20:01:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/switch-cta-box/switch-cta-box-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-04-21T19:06:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-testimonials-and-reviews-widget/social-proof-testimonials-and-reviews-by-repuso-529-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-notification-bar/wpfront-notification-bar-332-authenticated-admin-stored-cross-site-scripting-via-wpfront-notification-bar-optionscustom_class</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brodos-net-onlineshop/brodosnet-onlineshop-plugin-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:44:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-post-submission-manager-lite/frontend-post-submission-manager-lite-126-incorrect-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2025-12-25T11:05:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-location-for-wp-job-manager/auto-location-for-wp-job-manager-via-google-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mediatagger/wp-mediatagger-411-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-click-backup-restore-database-by-sunbytes/1-click-backup-amp-restore-database-103-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-team-member/ht-team-member-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subscription-forms/wp-subscription-forms-123-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberful-wp/memberful-1739-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lottiefiles/lottiefiles-lottie-block-for-gutenberg-300-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-13T16:45:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-db/contact-form-to-db-170-multiple-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oganro-reservation-widget/xml-travel-portal-widget-20-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-243-multiple-cross-site-request-forgery</loc>
<lastmod>2015-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seedprod-coming-soon-pro-5/seedprod-pro-61813-authenticated-editor-remote-code-execution</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-chat-for-whatsapp/click-to-chat-318-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-to-text/export-to-text-24-unauthenticated-post-export</loc>
<lastmod>2022-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aumenu/aumenu-115-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-214-authenticated-contributor-stored-cross-site-scripting-via-slitems-attribute</loc>
<lastmod>2024-05-30T14:31:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-169-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-analytics/universal-analytics-130-cross-site-scripting</loc>
<lastmod>2016-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-with-carousel/image-hover-effects-plugin-caption-hover-with-carousel-28-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-upg/user-post-gallery-upg-219-missing-authorization-to-remote-command-execution</loc>
<lastmod>2022-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-ispring/ispring-embedder-10-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-buddypress-community-user-profile-social-network-membership-plugin-for-wordpress-130-authenticated-contributor-stored-cross-site-scripting-via-youzify_media-shortcode</loc>
<lastmod>2024-10-09T13:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oxygen-mydata/oxygen-mydata-for-woocommerce-1064-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/residential-address-detection/residential-address-detection-254-unauthenticated-arbitrary-options-update</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-open-redirect</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uniconsent-cmp/uniconsent-cookie-consent-cmp-for-gdpr-ccpa-143-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8110-authenticated-contributor-stored-cross-site-scripting-via-question-title</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-917-reflected-cross-site-scripting</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-upsell-and-order-bumps/upsellwp-woocommerce-upsell-and-related-products-offers-224-authenticated-shop-manager-sql-injection</loc>
<lastmod>2026-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-password-changer/lh-password-changer-155-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homeo/homeo-1259-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulimate-client-dash/ultimate-client-dash-47-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stm-motors-events/motors-events-147-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-2274-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-user-roles/premmerce-user-roles-1013-missing-authorization</loc>
<lastmod>2025-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hd-quiz/hd-quiz-183-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zalo-live-chat/zalo-live-chat-110-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership-wp-user-import/simple-membership-wp-user-import-191-cross-site-request-forgery</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/revivenews/revivenews-102-missing-authorization-via-revivenews_install_and_activate_plugins</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-js-external-link-info/wp-js-external-link-info-121-cross-site-scripting</loc>
<lastmod>2014-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-620-cross-site-request-forgery-via-apbct_settings__update_account_email</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-2135-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stumble-for-wordpress/stumble-for-wordpress-111-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-06T20:32:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soho/soho-photography-wordpress-303-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-embed/wp-google-map-180-subscriber-arbitrary-post-deletion-and-plugin-settings-update</loc>
<lastmod>2021-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-page-hierarchy/interactive-page-hierarchy-101-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artplacer-widget/artplacer-widget-2211-cross-site-request-forgery</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptiondna/subscription-dna-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spreadplugin/wp-spreadplugin-489-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4162-authenticated-contributor-stored-cross-site-scripting-via-malicious-svg</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/maxify/maxify-1016-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erima-zarinpal-donate/erima-zarinpal-donate-10-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshop/wp-shop-260-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-posts-grid/featured-posts-grid-17-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-uucss_update_rule</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/discy/discy-social-questions-and-answers-wordpress-theme-49-missing-authorization</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-form-builder-lite/ultimate-form-builder-lite-137-cross-site-scripting</loc>
<lastmod>2018-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2121-local-file-inclusion</loc>
<lastmod>2016-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-2513-information-exposure-via-log-files</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-12-reflected-cross-site-scripting</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-pro-454-free-227-missing-authorization-to-arbitrary-post-meta-update-via-evo_eventpost_update_meta</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-117-multiple-reflected-cross-site-scripting</loc>
<lastmod>2015-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-wordpress-directory-listing-theme-254-cross-site-scripting</loc>
<lastmod>2020-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-938-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animation-addons-for-elementor/animation-addons-for-elementor-116-authenticated-contributor-sensitive-information-exposure-via-content-slider-and-tabs-widget-elementor-template</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thebi/thebi-105-reflected-cross-site-scripting</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscription/subscription-recurring-payment-for-woocommerce-191-cross-site-request-forgery</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-favicon/all-in-one-favicon-47-authenticatedadmin-directory-traversal</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-iframe/auto-iframe-17-authenticated-author-stored-cross-site-scripting-via-tag-parameter</loc>
<lastmod>2024-10-08T17:35:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/user-extra-fields-170-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-mailing-queue/smtp-mailing-queue-147-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-scroll-recent-post/vertical-scroll-recent-post-140-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-1915-unauthenticated-sql-injection-via-user_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safe-svg/safe-svg-195-cross-site-scripting</loc>
<lastmod>2019-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-support-ticket-system-226-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/jettabs-227-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-maintenance-mode-coming-soon/easy-maintenance-mode-142-information-exposure</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wah-forms/wah-forms-10-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trx_addons/themerex-addons-various-versions-missing-authorization</loc>
<lastmod>2020-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unseen-blog/unseen-blog-100-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1392-missing-authorization-to-unauthenticated-file-deletion</loc>
<lastmod>2026-01-14T18:17:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bridge/bridge-creative-multipurpose-wordpress-theme-112-cross-site-scripting</loc>
<lastmod>2017-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/manufactory/manufactory-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninjafirewall/ninjafirewall-433-authenticated-phar-deserialization</loc>
<lastmod>2021-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/vform-3114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-487-authenticated-contributor-svg-upload-to-local-file-inclusion-remote-code-execution</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12405-authenticated-subscriber-sql-injection-via-search-parameter</loc>
<lastmod>2025-03-06T22:02:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-locations/google-map-locations-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dadevarzan-common/dadevarzan-wordpress-common-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmunch/newsmunch-1035-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/wpschoolpress-224-cross-site-request-forgery</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-inline-form-woocommerce-271-272-missing-authorization-to-arbitrary-options-exposure</loc>
<lastmod>2024-06-05T19:24:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cortex/cortex-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fuse-social-floating-sidebar/fuse-social-floating-sidebar-5410-authenticated-author-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2024-08-07T17:11:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1352-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-3616-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-bank/contact-bank-3030-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-223-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affs/sumo-affiliates-pro-1110-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-inspector/plugin-inspector-15-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-login/heateor-social-login-1130-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3210-insecure-direct-object-reference-to-authenticated-contributor-stored-cross-site-scripting-via-template-conditions</loc>
<lastmod>2026-03-10T19:04:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-762-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kirki/kirki-606-missing-authorization-to-authenticated-subscriber-sensitive-form-submission-data-exposure-via-kirki_wp_admin_get_apis-action</loc>
<lastmod>2026-05-19T06:22:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-615-directory-traversal</loc>
<lastmod>2016-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-landing-page-popupx-marketing-automation-affiliate-marketing-44-cross-site-request-forgery-via-init_endpoint</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vod-infomaniak/vod-infomaniak-159-missing-authorization</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scraper/wp-scraper-57-missing-authorization-to-arbitrary-pagepost-creation</loc>
<lastmod>2024-05-21T18:42:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mitech/mitech-234-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-15-154-sql-injection</loc>
<lastmod>2012-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templazee/templazee-102-missing-authorization</loc>
<lastmod>2025-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-paypal-payments/quick-paypal-payments-57263-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1542-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-my-blog/favicon-my-blog-102-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelcockpit/funnelcockpit-143-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inprosysmedia-likes-dislikes-post/likes-and-dislikes-plugin-100-unauthenticated-sql-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-for-wp/related-posts-for-wordpress-203-reflected-cross-site-scripting</loc>
<lastmod>2021-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-counter/alex-user-counter-60-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-23T19:22:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hidepost/hidepost-238-cross-site-request-forgery</loc>
<lastmod>2025-09-26T18:33:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-wordpress-booking-plugin-279-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visit-counter/visit-counter-10-reflected-cross-site-scripting</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-paypal-for-woocommerce/skt-paypal-for-woocommerce-14-unauthenticated-payment-bypass</loc>
<lastmod>2025-11-26T16:26:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-763-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-34-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gp-premium/gp-premium-240-reflected-cross-site-scripting</loc>
<lastmod>2024-06-04T19:49:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/injection-guard/injection-guard-121-cross-site-request-forgery-to-whitelist-update</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1290-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/five-minute-webshop/five-minute-webshop-132-authenticated-admin-sql-injection-via-id</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3333-authenticated-contributor-stored-dom-based-cross-site-scripting-via-text-path</loc>
<lastmod>2025-12-15T22:04:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/umberto/umberto-128-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-jquery-migrate-helper/enable-jquery-migrate-helper-141-missing-authorization-to-authenticated-subscriber-jquery-version-downgrade</loc>
<lastmod>2026-05-26T17:35:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-307-missing-authorization</loc>
<lastmod>2019-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-svg-image-allow/easy-svg-allow-10-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activation-email/user-activation-email-130-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posts-re-order/wp-posts-re-order-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:19:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-agenda-prise-de-rendez-vous-en-ligne/smart-agenda-prise-de-rendez-vous-en-ligne-46-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wp-455-unauthenticated-sql-injection</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-express/express-payment-for-stripe-1280-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-05T10:34:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-1913-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-elements/hash-elements-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-10web/seo-by-10web-126-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paygreen-woocommerce/paygreen-ancienne-version-4102-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mortgage-loan-calculator/mortgage-calculator-loan-calculator-1520-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:44:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-podcast/penci-podcast-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rebuild-permalinks/rebuild-permalinks-16-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-11263-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0940-authenticated-author-stored-cross-site-scripting-via-catlist-shortcode</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutensee/gutensee-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srbtranslatin/srbtranslatin-320-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-open-street-map/wp-open-street-map-125-cross-site-request-forgery-via-wp_openstreetmaps</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-modal/easy-modal-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-11T13:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rozy/rozy-flower-shop-1225-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4618-directory-traversal</loc>
<lastmod>2019-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webman-amplifier/webman-amplifier-1512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/your-simple-svg-support/your-simple-svg-support-101-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-03-24T21:16:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-recipes/recipe-cards-for-your-food-blog-from-zip-recipes-827-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-restaurant-reservations/nd-restaurant-reservations-13-options-change</loc>
<lastmod>2019-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ready-ecommerce/ready-ecommerce-shopping-cart-051-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration-calendar-by-vcita/event-registration-calendar-by-vcita-131-online-payments-get-paid-with-paypal-square-stripe-391-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miwoftp/miwoftp-106-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2015-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mella/mella-1229-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.3/wordpress-core-331-same-origin-policy-bypass</loc>
<lastmod>2012-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-tweets-widget-212-cross-site-request-forgery</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-robot/wordpress-video-robot-the-ultimate-video-importer-1200-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-online-courses-elearning-pro-plus-479-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toggle-the-title/toggle-the-title-14-cross-site-scripting</loc>
<lastmod>2019-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waymark/waymark-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-exit-box-lite/wordpress-exit-box-lite-106-full-path-dislcosure</loc>
<lastmod>2013-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/werkstatt/werkstatt-483-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-support-ticket-system/woocommerce-support-ticket-system-177-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-391-xml-external-entity-xxe-weakness</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attendance-manager/attendance-manager-062-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carspot/carspot-dealership-wordpress-classified-theme-217-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vegas-fullscreen-background-slider/wp-vegas-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-page-builder-556-reflected-cross-site-scripting-via-wp-login-and-register-widget</loc>
<lastmod>2024-06-20T14:04:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lekker/lekker-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-6102-missing-authorization</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-citilights/support-for-citilights-real-estate-wordpress-theme-371-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-profile-search/bp-profile-search-575-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-08-19T13:39:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/custom-product-tabs-for-woocommerce-185-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2025-01-06T15:37:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faqs-manager/faqs-manager-10-sql-injection</loc>
<lastmod>2013-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-slideshow/layer-slider-1197-cross-site-request-forgery-via-save_slide_ajax</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zen-mobile-app-native/wordpress-plugin-mobile-app-native-30-30-arbitrary-file-upload</loc>
<lastmod>2017-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bard-extra/bard-extra-127-missing-authorization-to-authenticated-subscriber-demo-import</loc>
<lastmod>2024-11-20T13:55:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-any-extension-to-pages/add-any-extension-to-pages-13-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biblesupersearch/bible-supersearch-601-authenticated-contributor-stored-cross-site-scripting-via-selector_height-parameter</loc>
<lastmod>2025-08-20T20:41:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-saml-20-single-sign-on/saml-single-sign-on-sso-login-premium-multisite-2007-open-redirect</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-n-drop-upload-cf7-pro/drag-and-drop-multiple-file-upload-pro-2109-directory-traversal</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userback/userback-1015-missing-authorization-to-authenticated-subscriber-plugins-configuration-exposure</loc>
<lastmod>2025-12-12T16:08:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mpl-publisher/phprelativepath-library-various-plugins-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-1150-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buttons-x/button-builder-buttons-x-086-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/control-horas/control-horas-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/depot/depot-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-396-cross-site-request-forgery-to-product-limit-update</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezyonlinebookings-online-booking-system/ezyonlinebookings-online-booking-system-widget-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-pro/blog-designer-pro-347-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kk-star-ratings/kk-star-ratings-545-missing-authorization</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder-by-bitware/easy-form-builder-10-arbitrary-file-upload</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinycode/tinycode-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-contact-form-payment-form-custom-form-builder-1520-missing-authorization-to-unauthenticated-stripe-paymentintent-reuse-underpayment-bypass-via-paymentid-parameter</loc>
<lastmod>2026-05-04T17:34:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-for-twitter-feed-youtube-and-more-299-reflected-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-115-missing-authorization-to-unauthenticated-form-submission</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-tool/debug-tool-22-missing-authorization-to-information-exposure</loc>
<lastmod>2024-11-08T14:06:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/min-and-max-purchase-for-woocommerce/min-and-max-purchase-for-woocommerce-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cgc-maintenance-mode/cgc-maintenance-mode-12-ip-spoofing</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-257-unauthenticated-sql-injection</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crontrol/wp-crontrol-1161-remote-code-execution</loc>
<lastmod>2024-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnisend-connect/email-marketing-for-woocommerce-by-omnisend-1190-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/izooto-web-push/izooto-3720-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-422-cross-site-scripting</loc>
<lastmod>2014-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33101-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-organizer/admin-menu-organizer-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-plugin/bestwebsofts-twitter-255-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11518-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rupantorpay/rupantorpay-200-missing-authorization-to-unauthenticated-order-status-modification</loc>
<lastmod>2026-01-27T21:47:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fusion-lite/wp-fusion-lite-marketing-automation-and-crm-integration-for-wordpress-34210-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3101-missing-authorization-via-add_row_actions</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-ultimate-addon/ultimate-addons-for-beaver-builder-13514-authenticatedcontributor-privilege-escalation</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-einzeltitellinks/amazon-einzeltitellinks-133-cross-site-request-forgery-to-arbitrary-settings-update</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/repairbuddy-41116-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-signature-upload-to-orders</loc>
<lastmod>2026-01-16T14:36:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-752-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/posterity/posterity-33-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-bootstrap-blocks/all-bootstrap-blocks-1319-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alpine-photo-tile-for-instagram/alpine-phototile-for-instagram-129-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-tabs/responsive-tabs-406-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9150-authenticated-student-arbitrary-file-upload</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-page-publication/whitepage-115-cross-site-request-forgery-via-params_api_formphp</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/assistant/wordpress-assistant-152-reflected-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightweight-accordion/lightweight-accordion-1514-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-membership/micropayments-fans-paysite-paid-creator-subscriptions-digital-assets-tokens-wallet-2929-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-integration-365/wpo365-mail-integration-for-office-365-outlook-190-reflected-cross-site-scripting-via-error_description</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vedrixa-forms-registration-builder/vedrixa-forms-111-missing-authorization-to-authenticated-subscriber-arbitrary-form-structure-modification-via-wefb_save_form_structure-ajax-action</loc>
<lastmod>2026-05-21T19:24:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autocatset/autocatset-214-cross-site-request-forgery</loc>
<lastmod>2025-09-10T18:53:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7-1373-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-sms-notifications/ultimate-sms-notifications-for-woocommerce-141-csv-injection</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-users-from-csv-with-meta-112-import-cross-site-scripting</loc>
<lastmod>2018-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bertha-ai-free/bertha-ai-plugin-111107-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exact-links/url-shortener-plugin-for-wordpress-307-unauthenticated-sql-injection</loc>
<lastmod>2025-12-12T18:31:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-216-unauthenticated-sql-injection</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-97-information-disclosure</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdv-one-page-docs/wdv-one-page-docs-124-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-album/audio-album-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/bulk-noindex-nofollow-toolkit-216-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-wordpress-virtual-event-calendar-plugin-5011-unauthenticated-blind-sql-injection-via-search-parameter</loc>
<lastmod>2026-06-29T20:41:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fushion-theme/fusion-21-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/afi-the-easiest-integration-plugin-1990-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-files-youtube-twitter-instagram-tiktok-ecommerce-contest-gallery-upload-vote-sell-via-paypal-social-share-buttons-26001-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T16:40:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popularis-extra/popularis-extra-127-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nepali-date-utilities/nepali-date-utilities-1013-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogmarks/blogmarks-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitterdash/twitterdash-21-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-stream/review-stream-165-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-177-missing-authorization-to-arbitrary-post-deletion</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-code-checker/run-contests-raffles-and-giveaways-with-contestswp-203-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edublink/edublink-207-missing-authorization</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-wordpress-migration-plugin-044-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-custom-registration-form-login-form-and-user-profile-for-wordpress-3041-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-204-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-554-authenticated-contributor-stored-cross-site-scripting-via-progress-bar-header-meta-content-scroll-navigation-pricing-table-flip-box</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-images/instant-images-one-click-unsplash-pixabay-and-pexels-uploads-440-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tabber-widget/wp-tabber-widget-40-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/wp-front-user-submit-front-editor-493-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-lightbox/wpb-quick-view-for-woocommerce-218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickyelements/my-sticky-elements-233-missing-authorization-to-authenticated-subscriber-arbitrary-bulk-lead-deletion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-elementor-post-grid-addon-for-elementor-page-builder/void-elementor-post-grid-addon-for-elementor-page-builder-2110-missing-authorization-to-review-notice-dismissal</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-fancybox/easy-fancybox-1817-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-269-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neom-blog/neom-blog-009-reflected-cross-site-scripting</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/everse/multiple-deothemes-themes-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-444-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-383-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-10-24T17:20:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack-pro/all-in-one-seo-pro-4251-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-cloak-affiliate-links/woocommerce-cloak-affiliate-links-1035-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-users-order/custom-users-order-42-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/sirv-722-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miraculous-el/miraculous-elementor-207-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-x/contact-form-x-24-reflected-cross-site-scripting</loc>
<lastmod>2022-02-25T15:41:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/avventure/avventure-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/welcome-email-editor/swift-smtp-506-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-6105-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-125-reflected-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ez-form-calculator/ez-form-calculator-21403-reflected-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360deg-javascript-viewer/360-javascript-viewer-1712-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-1334-authenticated-feedback-submission</loc>
<lastmod>2023-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/am-login-logo/logo-changer-12-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quadmenu/wordpress-mega-menu-quadmenu-320-cross-site-request-forgery-to-limited-user-meta-update</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-infinite-scroll-load-more-lazy-load-784-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/drag-and-drop-multiple-file-upload-for-woocommerce-108-missing-authorization-in-upload-and-delete_file</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bridge-core/bridge-core-320-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gbteamstats/gb-team-stats-151-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-27-reflected-cross-site-scripting</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-704-authenticated-contributor-stored-cross-site-scripting-via-note_color-shortcode</loc>
<lastmod>2024-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-emberdder/document-embedder-178-subscriber-arbitrary-privatedraft-post-title-disclosure</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-footer-code/jet-footer-code-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-yourmembership/login-with-yourmembership-ym-sso-login-117-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-moym_display_test_attributes</loc>
<lastmod>2025-10-14T19:58:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-manager/media-file-manager-142-reflected-cross-site-scripting</loc>
<lastmod>2018-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor-builder/vertex-addons-for-elementor-164-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation-and-activation-via-afeb_activate_required_plugins</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-468-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-attach_rule</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debtcom-business-in-a-box/debtcom-business-in-a-box-410-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-08T21:36:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-logic-visual/widget-logic-visual-152-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wp-portfolio/wp-portfolio-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/book-landing-page/book-landing-page-127-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2285-233-unauthenticated-privilege-escalation</loc>
<lastmod>2025-01-14T21:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-531-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hybrid-composer/hybrid-composer-146-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2019-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpik-wordpress-basic-ajax-form/wpik-wordpress-basic-ajax-form-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-11T15:09:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-99601-authenticated-contributor-stored-cross-site-scripting-via-classname</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbi-referral-manager/cbi-referral-manager-121-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cool-fade-popup/cool-fade-popup-101-authenticated-contributor-sql-injection</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-integration-for-emailoctopus/eo4wp-1081-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-elegant-testimonial/wp-elegant-testimonial-116-cross-site-scripting</loc>
<lastmod>2020-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/allure-real-estate-theme-for-placester/allure-real-estate-theme-for-placester-011-cross-site-scripting</loc>
<lastmod>2013-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/english-wp-admin/english-wordpress-admin-1511-unauthenticated-open-redirect</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21034-authenticated-contributor-stored-cross-site-scripting-via-services-and-post-type-grid-widgets</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tuxedo-big-file-uploads/big-file-uploads-212-authenticated-author-full-path-disclosure</loc>
<lastmod>2024-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wechat-social-login/wechat-social-login-130-authentication-bypass</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ut-demo-importer/ultra-demo-importer-105-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ycontributors/ycontributors-05-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-07-03T12:23:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-4220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-213-missing-access-controls</loc>
<lastmod>2015-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-1211-missing-authorization</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-204-2021-missing-authorization</loc>
<lastmod>2019-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omplag/complag-102-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-11T14:27:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-294-authorization-bypass-due-to-improper-access-control</loc>
<lastmod>2020-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-232-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdl-shortcodes/modern-design-library-114-authenticated-contributor-stored-cross-site-scripting-via-class-parameter</loc>
<lastmod>2025-06-25T20:44:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-1685-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-686-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3213-missing-authorization-to-sensitive-information-exposure-in-search_posts</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-1027-authenticated-settings-reset-via-reset-cmb-parameter</loc>
<lastmod>2019-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-ai-powered-recruitment-system-for-company-or-job-board-website-252-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-xml-sitemap/simple-xml-sitemap-13-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-booking-calendar-20198-reflected-cross-site-scripting</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-370-authenticated-contributor-malicious-redirect-via-http-equiv-injection</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-team-manager/wordpress-team-manager-2112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-types/wp-easy-post-types-144-authenticated-contributor-stored-cross-site-scripting-via-post-meta</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spa-and-salon/spa-and-salon-132-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-custom-templates-lite/post-custom-templates-lite-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2722-cross-site-request-forgery</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-security-202117-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-watchdog/login-watchdog-104-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-icons-281-missing-authorization-via-handle_installation</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-212-authenticated-manager-sql-injection-via-sort-parameter</loc>
<lastmod>2026-03-31T10:30:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-link-pages/social-link-pages-link-in-bio-landing-pages-for-your-social-media-profiles-169-missing-authorization-to-arbitrary-page-creation-and-cross-site-scripting</loc>
<lastmod>2024-06-03T17:10:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-velocity-minify/fast-velocity-minify-351-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-24T18:28:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-364-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-534-missing-authorization-via-openai_file_list_callback</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/make-email-customizer-for-woocommerce/make-email-customizer-for-woocommerce-105-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mailchimp-for-wordpress-4010-reflected-cross-site-scripting</loc>
<lastmod>2016-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-gallery-with-filter/simple-gallery-with-filter-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-publications/wp-publications-11-local-file-inclusion</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lemmony/lemmony-171-cross-site-request-forgery</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-product-review/wp-product-review-lite-375-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-3130-missing-authorization</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resads/resads-206-reflected-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2025-01-08T22:09:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uni-woo-custom-product-options-premium/product-options-and-price-calculation-formulas-for-woocommerce-uni-cpo-premium-4955-unauthenticated-arbitrary-file-upload-via-uni_cpo_upload_file</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-all-in-one-woo-cart/th-side-cart-and-menu-cart-for-woocommerce-111-missing-authorization</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elite-video-player/elite-video-player-1005-reflected-cross-site-scripting</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-wordpress-gutenberg-blocks-199-authenticated-contributor-stored-cross-site-scripting-via-section_tag-parameter</loc>
<lastmod>2025-01-29T20:00:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-widget-for-ultimate-member/login-widget-for-ultimate-member-112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whizz-plugins/whizz-plugins-19-reflected-cross-site-scripting</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-window-music-player/floating-window-music-player-342-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-429-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awsa-shipping/awsa-shipping-130-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-293-294-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-07-30T16:06:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-namad-shamed-logo-manager/e-namad-amp-shamed-logo-manager-22-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard-for-wp/exactmetrics-710-902-authenticated-custom-improper-privilege-management-to-role-privilege-escalation-via-settings-update</loc>
<lastmod>2026-03-10T21:02:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-370-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsmaster/smsmaster-multipurpose-sms-gateway-for-wordpress-all-versions-authenticated-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-plugin-pro/salon-booking-system-pro-103012-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-or-embed-articulate-content-into-wordpress/insert-or-embed-articulate-content-into-wordpress-429991-directory-traversal</loc>
<lastmod>2019-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-deleteredirect-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-carousel-slider-and-grid-ultimate/product-carousel-slider-grid-ultimate-for-woocommerce-1910-authenticated-contributor-local-file-inclusion-via-theme</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-and-user-login-4603-cross-site-request-forgery-to-settings-modification</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-1118-stored-cross-site-scripting</loc>
<lastmod>2018-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-restaurant-menu-by-pricelisto/best-restaurant-menu-by-pricelisto-131-cross-site-request-forgery-via-menu_page</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/networker/networker-tech-news-wordpress-theme-with-dark-mode-119-missing-authorization</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3356-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-feed/smash-balloon-social-photo-feed-1113-cross-site-request-forgery-to-back-up-deletion</loc>
<lastmod>2019-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9300-authenticated-student-local-file-inclusion</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11532-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fb-autoconnect/wp-fb-autoconnect-463-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1724-cross-site-request-forgery-via-ajax-action</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surecart/surecart-402-missing-authorization</loc>
<lastmod>2026-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go_pricing/go-pricing-wordpress-responsive-pricing-tables-3319-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-a-restaurant-plugin-31813-reflected-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-1001-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/increase-upload-file-size-maximum-execution-time-limit/increase-upload-file-size-maximum-execution-time-limit-20-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-quotation/free-quotation-316-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:56:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-wp-by-pushassist/push-notifications-for-wordpress-by-pushassist-308-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-126-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-community-and-user-profile-wordpress-plugin-5111-cross-site-request-forgery</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kk-star-ratings/kk-star-ratings-543-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkedin-sc/linkedin-sc-119-authenticated-administrator-stored-cross-site-scripting-via-settings-page</loc>
<lastmod>2026-01-13T17:32:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newscrunch/newscrunch-184-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-03-03T15:46:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-and-accordion-slider/accordion-and-accordion-slider-145-missing-authorization-to-authenticated-contributor-attachment-metadata-modification</loc>
<lastmod>2026-02-13T18:20:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-two-factor-authentication-for-wordpress-220-missing-authorization</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify-moderation/buddypress-moderation-125-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hdw-tube/hdw-wordpress-video-gallery-12-reflected-cross-site-scripting-via-channel-parameter</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-11031-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-204-missing-authorization-to-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-skill-bar/skt-skill-bar-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myflash/myflash-111-remote-file-inclusion</loc>
<lastmod>2007-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayers-request/wp-prayer-ii-247-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-419-sensitive-information-exposure</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-e-commerce-shopping-cart/simple-ecommerce-shopping-cart-plugin-sell-products-through-paypal-312-missing-authorization-to-authenticated-subscriber-settings-update-data-access</loc>
<lastmod>2024-12-06T21:09:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-google-sheets-connector-pro/cf7-google-sheets-connector-501-reflected-cross-site-scripting-via-code</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-arbitrary-account-creation</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-469-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suki-sites-import/suki-sites-import-121-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-17T15:45:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-preloader/ai-preloader-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-421-4212-unprotected-ajax-actions</loc>
<lastmod>2020-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-452-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallax-scrolling-enllax-js/parallax-scrolling-enllaxjs-006-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awebooking/awebooking-3226-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-puzzle-captcha/wp-forms-puzzle-captcha-41-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse-official/email-marketing-for-wordpress-by-getresponse-official-153-missing-authorization</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-4107-unauthorized-account-access-and-privilege-escalation</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-missing-authorization-in-categorifyajaxaddcategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_preload_single_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-activity-social-share/wbcom-designs-buddypress-activity-social-share-350-cross-site-request-forgery</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/multiple-plugins-by-crocoblock-various-versions-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-330-authenticated-contributor-stored-cross-site-scripting-via-mf-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-photo-reviews/woocommerce-photo-reviews-144-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-wordpress-gutenberg-blocks-188-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-video-gallery/video-gallery-api-gallery-youtube-and-vimeo-link-gallery-153-missing-authorization</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-5212-5213-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-currency-switcher-professional-for-woocommerce-146-authenticated-subscriber-authorization-bypass-via-user-controlled-key-to-wooc_order_user_roles-parameter</loc>
<lastmod>2026-05-27T14:49:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dominokit/dominokit-110-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-11-03T15:31:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-payment-gateway-paysera/woocommerce-payment-gateway-paysera-3100-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cornerstone/cornerstone-773-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexmls-idx/flexmls-idx-31427-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-235-missing-authorization-to-unauthenticated-limited-file-uploads-and-conversation-erasing</loc>
<lastmod>2025-10-17T19:09:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-multi-criteria-rating-reviews-for-woocommerce-1628-insufficient-input-validation</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gptranslate/gptranslate-231-unauthenticated-stored-cross-site-scripting-via-rest-api-translation-storage</loc>
<lastmod>2026-06-12T17:00:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/location-weather/location-weather-133-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2725-authenticated-admin-php-object-injection</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberlite-shortcodes/memberlite-shortcodes-139-authenticated-contributor-stored-cross-site-scripting-via-memberlite_accordion-shortcode</loc>
<lastmod>2024-11-22T21:03:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olevmedia-shortcodes/olevmedia-shortcodes-118-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-3141-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-157-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-803-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmash/postmash-custom-post-order-120-unauthenticated-sql-injection</loc>
<lastmod>2024-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boost/boost-203-unauthenticated-blind-sql-injection-via-multiple-parameters</loc>
<lastmod>2026-05-19T14:25:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21516-authenticated-subscriber-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-05-19T12:07:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1369-missing-authorization</loc>
<lastmod>2022-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-tag-manager/wp-google-tag-manager-11-cross-site-request-forgery</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-092-missing-authorization</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ms-registration/custom-login-and-registration-100-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tangible-loops-and-logic/loops-logic-414-reflected-cross-site-scripting</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-artillery/email-artillery-mass-email-41-arbitrary-file-upload</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-wordpress-booking-plugin-2714-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-hackers-diet/the-hackers-diet-096b-sql-injection</loc>
<lastmod>2007-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-responsive-wordpress-slideshows-3700-authenticated-contributor-stored-cross-site-scripting-via-metaslider-shortcode</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-lister-ebay/product-lister-for-ebay-209-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-439-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-477-authenticated-administrator-stored-cross-site-scripting-in-faq-builder</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bd-courier-order-ratio-checker/bd-courier-order-ratio-checker-201-missing-authorization</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-for-eventbrite-api/display-eventbrite-events-656-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sweet-energy-efficiency/sweet-energy-efficiency-106-missing-authorization-to-authenticated-subscriber-arbitrary-graph-deletion</loc>
<lastmod>2025-12-17T23:38:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weekly-planner/weekly-planner-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T17:39:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-downloader/media-library-downloader-140-cross-site-request-forgery</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cgc-maintenance-mode/cgc-maintenance-mode-12-sensitive-information-exposure</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2128-authenticated-contributor-stored-cross-site-scripting-via-image-gallery-block</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geotagged-media/geotagged-media-030-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restricted-site-access/webpack-js-package-5750-sandbox-bypass</loc>
<lastmod>2023-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-manager/contact-form-manager-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poptics/poptics-1020-authenticated-contributor-information-exposure</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tag-groups/wordpress-tag-cloud-plugin-tag-groups-203-missing-authorization-to-information-exposure</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5161-cross-site-request-forgery</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-459-authenticated-arbitrary-file-download</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cool-timeline/cool-timeline-horizontal-vertical-timeline-202-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1066-reflected-cross-site-scripting-via-_serverrequest_uri</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bard/bard-2229-missing-authorization</loc>
<lastmod>2025-10-31T15:58:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-sales-notifications-for-woocommerce/live-sales-notification-for-woocommerce-2339-missing-authorization-to-unauthenticated-customer-data-exposure</loc>
<lastmod>2025-11-17T20:54:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-page-contact-people/contact-us-page-contact-people-370-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-skins-contact-form-7/custom-skins-contact-form-7-10-missing-authorization-to-authenticated-subscriber-arbitrary-post-update-and-skin-creation</loc>
<lastmod>2024-12-11T15:19:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-food-menu/advance-food-menu-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-326-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post/yoast-duplicate-post-25-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecava-diot-scada/diot-scada-with-mqtt-1051-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:42:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-3910-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2021-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5915-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-sms/booking-calendar-clockwork-sms-105-reflected-cross-site-scripting</loc>
<lastmod>2017-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doppler-form/doppler-forms-251-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-381-authenticated-subscriber-privilege-escalation-via-handlewplogincreateuseraction-function</loc>
<lastmod>2025-05-09T21:58:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream-status-for-twitch/streamweasels-online-status-bar-219-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trivialy/make-my-trivia-110-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formfacade/formfacade-132-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-any-think/wpmk-ajax-finder-101-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-for-twitter-feed-youtube-and-more-299-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-pro-wordpress-virtual-event-calendar-plugin-468-cross-site-request-forgery-via-admin_test_email</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mejorcluster/el-mejor-cluster-1115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spolecznosciowa-6-pl-2013/spoecznociowa-6-pl-2013-206-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-831-multiple-cross-site-scripting</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2421-authenticated-remote-code-execution</loc>
<lastmod>2019-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/healthfirst/healthfirst-101-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flaming-forms/flaming-forms-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-3392-reflected-cross-site-scripting-via-question</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-weather/awesome-weather-widget-302-reflected-cross-site-scripting-via-id-parameter</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3143-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T18:31:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/funnelkit-automations-email-marketing-automation-and-crm-for-wordpress-woocommerce-3641-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-04T21:17:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggator/taggator-154-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-450-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-order-searching/woocommerce-order-search-110-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-891-authenticated-custom-limited-code-execution-via-get_table_records-function</loc>
<lastmod>2025-05-07T21:30:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compute-links/compute-links-121-unauthenticated-remote-file-inclusion</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-499-4916-reflected-cross-site-scripting</loc>
<lastmod>2024-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-popup/iframe-popup-33-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-wp-writer/ai-wp-writer-365-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-221-time-based-totp-attack-to-sensitive-information-exposure</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-15-stored-cross-site-scripting</loc>
<lastmod>2005-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-204-cross-site-scripting</loc>
<lastmod>2007-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-7311-sensitive-information-disclosure</loc>
<lastmod>2022-02-10T08:34:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-form/hash-form-128-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-for-woocommerce/xplainer-woocommerce-product-faq-woocommerce-accordion-faq-plugin-170-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/custom-admin-interface-740-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendar-wd/eventcalendar-1145-cross-site-scripting</loc>
<lastmod>2021-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-for-woocommerce/membership-for-woocommerce-280-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/123-chat-videochat/123chat-video-chat-131-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-composite-products/woocommerce-composite-products-875-reflected-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luzuk-slider/luzuk-slider-015-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-160-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sumomemberships/sumo-memberships-for-woocommerce-780-cross-site-request-forgery</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/century-toolkit/century-toolkit-121-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nssuser-register/wp-nssuser-register-100-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-50-denial-of-service</loc>
<lastmod>2018-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accredible-certificates/accredible-certificates-open-badges-148-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cart-all-in-one/cart-all-in-one-for-woocommerce-1110-cross-site-request-forgery-to-cart-changes</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/light-poll/light-poll-100-cross-site-request-forgery-to-poll-answers-deletion</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp-me/rsvp-me-199-unauthenticated-sql-injection</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solid-affiliate/solid-affiliate-191-sensitive-information-exposure</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-video-store/photo-video-store-2107-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-hss-extension-for-streaming-video/woocommerce-hss-extension-for-streaming-video-331-reflected-cross-site-scripting-via-videolink-parameter</loc>
<lastmod>2025-01-06T16:04:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandprix/grandprix-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-4991-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-geo-maps/interactive-geo-maps-158-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-custom-js-and-css/easy-custom-js-and-css-112-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-220-missing-authorization-via-rest-api</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-broken-images/broken-images-02-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blog/jetblog-243-missing-authorization</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-easy-eu-vat-taxes/easy-eu-value-added-vat-taxes-120-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-restaurant-reservations/restaurant-reservations-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3-video/videojs-various-versions-cross-site-scripting</loc>
<lastmod>2015-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attendance-manager/attendance-manager-056-cross-site-request-forgery</loc>
<lastmod>2019-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-104-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/paypal-donation-131-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-3995-missing-authorization-to-unauthenticated-event-ticket-download</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exit-popup-free/exit-popup-free-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3267-sql-injection</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-button_text_link-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2kb-amazon-affiliates-store/2kb-amazon-affiliates-store-215-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motopress-hotel-booking-lite/hotel-booking-lite-4111-unauthenticated-php-object-injection</loc>
<lastmod>2024-05-10T09:13:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-simple-fields/search-simple-fields-02-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-05-26T17:23:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-pdf-embed/wonder-pdf-embed-16-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-tools/stock-tools-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:23:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-27-arbitrary-file-upload</loc>
<lastmod>2018-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oboxmedia-ads/oboxmedia-ads-198-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:22:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embedder/video-embedder-171-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zippy/zippy-169-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/applay-shortcodes/applay-shortcodes-37-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-wwe-edition/small-package-quotes-worldwide-express-edition-5217-unauthenticated-sql-injection</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-135-unauthenticated-insecure-direct-object-reference-via-cookie</loc>
<lastmod>2025-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-411-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/core-control/core-control-121-cross-site-request-forgery</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ux-flat/ux-flat-44-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moseter/moseter-131-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slotti-ajanvaraus/slotti-ajanvaraus-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woodpecker/woodpecker-for-wordpress-304-authenticated-contributor-stored-cross-site-scripting-via-form_name-shortcode-attribute</loc>
<lastmod>2026-01-08T21:54:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-font-awesome/wp-font-awesome-178-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-frases/vr-frases-collect-share-quotes-301-authenticated-admin-sql-injection</loc>
<lastmod>2025-01-29T21:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-preview-emails/preview-e-mails-for-woocommerce-221-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clicface-trombi/clicface-trombi-208-authenticated-contributor-stored-cross-site-scripting-via-nom-parameter</loc>
<lastmod>2025-02-28T15:27:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-310-unauthenticated-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cackle/cackle-433-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-image-importer/url-image-importer-106-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-11-20T18:48:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-107-cross-site-request-forgery-to-customer-deletion</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posten-post-blocks/posten-001-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-98810-stored-contributor-cross-site-scripting-in-cta-post</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-replacer-ultra/word-replacer-pro-10-missing-authorization-to-unauthenticated-arbitrary-content-update</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team/team-showcase-12215-object-injection</loc>
<lastmod>2020-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1344-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-accordion-free/easy-accordion-2120-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-149-authenticated-editor-stored-cross-site-scripting-via-category_name-description-description_2-parameters</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-badge-management/wpc-badge-management-for-woocommerce-240-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2312-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1510-authenticated-admin-local-file-inclusion</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-340-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-portfolio/penci-portfolio-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-icon/category-icon-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-11T20:10:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-tracker/email-tracker-email-tracking-plugin-to-track-emails-for-open-and-email-links-click-compatible-with-woocommerce-526-reflected-cross-site-scripting</loc>
<lastmod>2021-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/property-hive-210-reflected-cross-site-scripting</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-5010-unauthenticated-sql-injection</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo/eu-dsgvo-helper-1061-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-300-330-missing-authorization</loc>
<lastmod>2023-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-nab-dp/nab-transact-212-payment-system-bypass</loc>
<lastmod>2020-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/belletrist/belletrist-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6086-authenticated-subscriber-authentication-bypass-via-forged-paypal-ipn-request</loc>
<lastmod>2026-06-26T18:09:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codoc/codoc-095112-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-album-gallery/my-album-gallery-104-authenticated-author-stored-cross-site-scripting-via-image-title</loc>
<lastmod>2026-01-06T20:39:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proranktracker/pro-rank-tracker-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-everything/search-everything-702-sql-injection</loc>
<lastmod>2014-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rainbownews/rainbownews-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phone-orders-for-woocommerce/phone-orders-for-woocommerce-371-cross-site-request-forgery</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-comments-webcam-recorder/html5-webcam-microphone-recorder-forms-155-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-2934-missing-authorization-via-wp_ajax_stm_wpcfto_get_settings</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-385-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiptime-discount-shipping/shiptime-discounted-shipping-rates-111-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-173-unauthenticated-php-object-injection-phar-triggered-via-admin-submission-deletion</loc>
<lastmod>2025-07-08T17:20:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-show-more/wp-show-more-107-authenticated-contributor-stored-cross-site-scripting-via-show_more-shortcode</loc>
<lastmod>2024-10-25T19:52:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-807-arbitrary-file-upload</loc>
<lastmod>2017-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-intro-js-tours/wp-introjs-plugin-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-2212-admin-sql-injection</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raygun4wp/raygun4wp-180-reflected-cross-site-scripting</loc>
<lastmod>2017-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cliengo/cliengo-chatbot-304-cross-site-request-forgery</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-198-authenticated-contributor-private-post-disclosure-in-pagelayer_builder_posts_shortcode</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-product-review/wordpress-plugin-smart-product-review-104-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2021-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flagallery-skins/flagallery-skins-115-sql-injection</loc>
<lastmod>2013-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mounthood/mounthood-ski-and-snowboarding-html-template-132-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-payment-gateways-woocommerce/custom-payment-gateways-for-woocommerce-210-unauthenticated-stored-cross-site-scripting-via-alg_wc_cpg_input_fields-parameter</loc>
<lastmod>2026-06-30T15:45:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/wordpress-file-sharing-plugin-203-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-online-courses-quizzes-learning-4241-unauthenticated-email-template-disclosure</loc>
<lastmod>2024-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/post-grid-post-carousel-list-category-posts-2418-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-reloaded/limit-login-attempts-reloaded-22525-missing-authorization</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-widget/wp-social-widget-225-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-11635-csv-injection-via-a-customers-profile</loc>
<lastmod>2020-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-facebook-popup-likebox/popup-like-box-page-plugin-353-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callback-request/callback-request-14-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-triggered-animations/animator-3016-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-quotes-list/stock-quotes-list-2911-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesforce-wordpress-to-candidate/wordpress-to-candidate-for-salesforce-crm-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonial-manager/easy-testimonial-manager-120-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-llama/quotes-llama-07-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/responsive-image-gallery-gallery-album-203-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-662-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1123-authenticated-administrator-sql-injection-via-type</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-woocommerce-email-designer/kadence-woocommerce-email-designer-1517-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-01T16:23:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitspecter-suite/bitspecter-suite-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-03-21T22:14:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-1012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-custom-field-values/get-custom-field-values-401-authenticated-administrator-stored-cross-site-scripting-via-plugin-widget</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updownupdown-postcomment-voting/updownupdown-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6505-denial-of-service</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-lms-course-builder-quizzes-certificates-220-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-3911-authenticated-administrator-sql-injection-via-data-parameter</loc>
<lastmod>2026-06-17T17:23:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourplugins-wc-conditional-cart-notices/conditional-cart-messages-for-woocommerce-8211-yourpluginscom-1210-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1170-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/in-stock-mailer-for-woocommerce/in-stock-mailer-for-woocommerce-211-reflected-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/regallery/re-gallery-responsive-photo-gallery-1189-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-598-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sinking-dropdowns/sinking-dropdowns-125-cross-site-request-forgery</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-builder/internal-link-builder-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1091-missing-authorization-checks</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/republish-old-posts/republish-old-posts-121-cross-site-request-forgery-via-rop_options_page</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-176-unauthenticated-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-27-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buying-buddy-idx-crm/buying-buddy-idx-crm-128-cross-site-request-forgery-to-php-object-injection</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-beaver-lite-addons-for-beaver-builder/ninja-beaver-add-ons-for-beaver-builder-245-authenticated-contributor-stored-cross-site-scripting-via-widgets</loc>
<lastmod>2024-05-21T19:30:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-432-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-herd-effect/herd-effects-621-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yahoo-media-player/yahoo-webplayer-206-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-148-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-218-authenticated-contributor-protected-post-disclosure</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-survey-versus-poll-image-poll-video-poll-246-authenticated-administrator-sql-injection-via-s-parameter</loc>
<lastmod>2025-04-14T11:33:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-382-missing-authorization-in-activate_ai_handler-and-deactivate_ai_handler</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baslider/image-slider-by-nextcode-112-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/terawallet-best-woocommerce-wallet-system-with-cashback-rewards-partial-payment-wallet-refunds-150-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-malware-firewall/login-security-firewall-malware-removal-by-cleantalk-2168-unauthenticated-stored-cross-site-scripting-via-page-url</loc>
<lastmod>2025-12-08T16:28:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-dump-iphone-to-wordpress-photo-uploader/idump-iphone-to-wordpress-photo-uploader-18-arbitrary-file-upload</loc>
<lastmod>2015-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autopilot/ortto-1019-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenmart/greenmart-4211-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-727-missing-authorization-to-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-08-21T17:42:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lead-capture/lead-capturing-pages-25-unauthenticated-sql-injection</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-captcha/secure-captcha-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pwgrandom/pwgrandom-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2014-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugin/download-plugin-204-cross-site-request-forgery</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primary-addon-for-elementor/primary-addon-for-elementor-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-of-contents-plus/table-of-contents-plus-2106-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/simpledark/simpledark-1211-cross-site-scripting</loc>
<lastmod>2011-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wholesale-pricing/premmerce-wholesale-pricing-for-woocommerce-1110-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-11-17T20:08:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-bulk-editor-and-products-manager-professional-for-woocommerce-by-pluginusnet-115-cross-site-request-forgery-to-taxonomy-term-deletion</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker-wp/popup-maker-responsive-popup-exit-intent-pop-up-email-optins-autoresponder-more-136-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teleadmin/teleadmin-100-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jc-importer/import-wp-import-and-export-wordpress-data-to-xml-or-csv-files-245-authenticated-arbitrary-file-upload</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-elementor-panel/flexible-elementor-panel-238-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-missing-authorization-in-wpfc_purgecache_varnish_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depart-deposit-and-part-payment-for-woo/depart-107-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-262-stored-cross-site-scripting</loc>
<lastmod>2016-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protected-wp-login/protected-wp-login-21-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-by-email/post-by-email-104b-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nasa-core/nasa-core-632-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/bp-better-messages-2432-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-optimizer/simple-optimizer-127-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wordpress-4501-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-downloader/ebook-downloader-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-620-incorrect-authorization-checks-on-rest-api-endpoints</loc>
<lastmod>2022-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-coming-soon-redirect-animation/maintenance-coming-soon-redirect-animation-213-missing-authorization-to-settings-update</loc>
<lastmod>2024-12-19T18:09:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-203-open-redirect-via-link-parameter</loc>
<lastmod>2024-09-16T19:55:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/freeagent/freeagent-212-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-text-editor/visual-text-editor-121-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-gift-cards-premium/yith-woocommerce-gift-cards-premium-3231-missing-authorization</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-8612-authenticated-contributor-arbitrary-file-download</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-9015-authenticated-admin-directory-traversal</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-91123-authenticated-contributor-stored-cross-site-scripting-via-sns-title</loc>
<lastmod>2026-02-17T16:43:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/certifica-wp/certifica-wp-31-authenticated-contributor-stored-cross-site-scripting-via-evento-parameter</loc>
<lastmod>2025-09-10T18:45:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-rocket/social-rocket-129-cross-site-request-forgery</loc>
<lastmod>2020-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uji-popup/uji-popup-143-authenticated-contributor-stored-cross-site-scripting-via-uji_popup_code-shortcode</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carta-online/carta-online-2130-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-03-06T18:48:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-blog-designer/sp-blog-designer-100-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-511-authenticated-php4-upload</loc>
<lastmod>2021-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsa-shipping-for-woocommerce/smsa-shipping-for-woocommerce-104-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-shortcode/widget-shortcode-035-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/getaway/getaway-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager-pro/file-manager-pro-834-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pathomation/pathomation-251-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crawlomatic-multipage-scraper-post-generator/crawlomatic-multisite-scraper-post-generator-2682-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/connect-contact-form-7-woocommerce-to-google-sheets-other-platforms-advanced-form-integration-1620-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-wp/coming-soon-under-construction-maintenance-mode-by-dazzler-163-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/torro-forms/torro-forms-1016-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blossomthemes-email-newsletter/blossomthemes-email-newsletter-224-missing-authorization</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vision/vision-interactive-153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-5-550-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-10-24T15:31:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-shopping-cart-705-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-ad-staff-employee-directory-search/staff-employee-business-directory-for-active-directory-123-authenticated-admin-ldap-passback</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-121-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-68-authenticated-admin-path-traversal-to-arbitrary-file-modification</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedwordpress/feedwordpress-20220222-insecure-direct-object-referece</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-18102-sql-injection</loc>
<lastmod>2014-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5263-denial-of-service</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-slider-pro-drag-drop-slider-builder-for-woocommerce/woo-slider-pro-drag-drop-slider-builder-for-woocommerce-112-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2025-05-29T21:41:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board/job-board-by-bestwebsoft-121-cross-site-request-forgery-to-stored-cross-site-scripting-via-_get-array-storage</loc>
<lastmod>2025-11-24T19:08:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-6918-authenticated-author-open-redirect</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-rss/add-rss-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-shortcode-buttons/simple-shortcode-buttons-132-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-additional-fees-on-checkout-wordpress/woocommerce-additional-fees-on-checkout-free-152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adstxt-guru-connect/adstxt-guru-connect-111-cross-site-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-wp/gridkit-portfolio-200-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-posts-summary/best-posts-summary-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-comments/quote-comments-300-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-update</loc>
<lastmod>2026-01-06T18:35:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bloglo/bloglo-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tc-ecommerce/themes-coder-create-android-ios-apps-for-your-woocommerce-site-134-insecure-direct-object-reference-to-password-changeaccount-takeoverprivilege-escalation</loc>
<lastmod>2025-01-06T15:09:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pinterest-rss-widget/pinterest-rss-widget-231-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-326-authenticatedshop-manager-stored-cross-site-scripting-via-variable-pricing-options</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-wordpress-backup-plugin-plus-restore-migrate-by-boldgrid-11610-authenticated-admin-command-injection</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/better-wp-security-353-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-wordpress-wave-audio-player-with-playlist-691-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-04T21:11:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-pdf-invoices-abandoned-cart-variation-swatches-100-tools-7113-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aparat-shortcode/aparat-video-shortcode-024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-enable-users-to-submit-posts-from-the-front-end-20251210-unauthenticated-stored-cross-site-scripting-via-custom-field</loc>
<lastmod>2026-01-23T19:55:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rumbletalk-chat-a-chat-with-themes/rumbletalk-live-group-chat-635-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-newsletter/contact-form-7-newsletter-22-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-mastodon-feed/include-mastodon-feed-194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:44:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-2814-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-1026-cross-site-scripting</loc>
<lastmod>2019-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-284-insecure-oauth-implementation</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks-pro/essential-blocks-420-unauthenticated-php-object-injection-via-products</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whizzy/whizzy-1118-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-7102-cross-site-scripting</loc>
<lastmod>2017-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infolinks-ad-wrap/infolinks-ad-wrap-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-pages/insert-pages-361-contributor-arbitrary-postspages-access</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/letterpress/letterpress-elevate-your-wordpress-site039s-e-mail-campaigns-and-marketing-122-cross-site-request-forgery</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/torod/torod-the-smart-shipping-and-delivery-portal-for-e-shops-and-retailers-19-cross-site-request-forgery-to-plugins-settings-modification</loc>
<lastmod>2025-12-04T17:32:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-flow-dashboard/fast-flow-1212-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator/em-cost-calculator-231-unauthenticated-stored-cross-site-scripting-via-customer_name</loc>
<lastmod>2026-02-25T12:47:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amministrazione-trasparente/amministrazione-trasparente-802-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coschool/coschool-lms-14-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplms_plugin/wplms-1997-missing-authorization</loc>
<lastmod>2025-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-quote-calculator-order/woocommerce-quote-calculator-11-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-3410-missing-authorization-to-authenticated-contributor-arbitrary-post-tag-modification</loc>
<lastmod>2026-01-05T19:03:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-1688-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-199-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-pro/featured-image-pro-post-grid-514-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtpayment-donation/gtpayment-donations-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classified-ads-146-reflected-cross-site-scripting</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-posts/wp-video-posts-351-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woopy/woopy-multipurpose-store-woocommerce-wordpress-shop-theme-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-443-reflected-cross-site-scripting</loc>
<lastmod>2020-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parcelpanel/parcelpanel-432-reflected-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotel-listing/hotel-listing-140-reflected-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lingotek-translation/ray-enterprise-translation-171-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome-4-menus/font-awesome-4-menus-470-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/inhype/inhype-blog-magazine-wordpress-152-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eupago-gateway-for-woocommerce/eupago-gateway-for-woocommerce-319-cross-site-request-forgery-via-eupago_page_content</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blu-logistics/blu-logistics-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coinpress/coinpress-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/gratisfaction-434-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tripgo/tripgo-156-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kidz/kidz-524-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdreseller/gdreseller-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-pages/wordpress-landing-pages-190-unauthenticated-remote-command-execution</loc>
<lastmod>2015-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-206-username-enumeration-via-error-messages</loc>
<lastmod>2007-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fusion-delisted/fusion-31-arbitrary-file-upload</loc>
<lastmod>2015-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-wishlist/flexible-wishlist-for-woocommerce-ecommerce-wishlist-save-for-later-1226-cross-site-request-forgery-to-wishlist-creationmodification</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsearchwp/chatbot-with-chatgpt-245-missing-authorization-to-unauthenticated-openai-api-key-exposure</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-store/food-store-137-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-theme-71113-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nasa-core/nasa-core-644-reflected-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf_transaction_id-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copyprotect/wp-copyprotect-protect-your-blog-posts-300-cross-site-scripting</loc>
<lastmod>2015-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chartbeat/chartbeat-207-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-constant-contact/integration-for-constant-contact-and-contact-form-7-wpforms-elementor-ninja-forms-116-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveforms/wordpress-contact-form-drag-and-drop-form-builder-plugin-live-forms-321-cross-site-scripting</loc>
<lastmod>2017-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-154-authenticated-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-church-center/wp-church-center-133-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/msync/msync-100-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-7312-missing-authorization</loc>
<lastmod>2024-11-04T20:39:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-addon-for-elementor/events-addon-for-elementor-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-309-reflected-cross-site-scripting</loc>
<lastmod>2021-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediavine-create/create-by-mediavine-197-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-wordpress-70-missing-authorization</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-2183-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-24T16:58:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aora/aora-1315-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3620-authenticated-subscriber-race-condition-to-multiple-reviews</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox/starbox-348-authenticated-subscriber-stored-cross-site-scripting-via-job-settings</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popular-posts/wordpress-popular-posts-605-unauthenticated-views-changes</loc>
<lastmod>2022-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-authenticated-contributor-stored-cross-site-scripting-via-header_tag</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkedinclude/linkedinclude-304-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-392-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ingenioso/ingenioso-1140-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/listing-classified-ads-business-directory-ulisting-205-cross-site-request-forgery</loc>
<lastmod>2021-07-27T04:29:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medicare/medicare-210-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-263-missing-authorization-to-authenticated-subscriber-limited-plugin-installation</loc>
<lastmod>2025-09-18T14:48:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-492-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-mobile-pack/wordpress-mobile-pack-341-cross-site-request-forgery</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-carousel-elementor/testimonial-carousel-for-elementor-1020-missing-authorization-to-limited-setting-update</loc>
<lastmod>2024-05-24T14:43:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy2map/easy2map-129-directory-traversal-and-local-file-inclusion</loc>
<lastmod>2015-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-carousel-elementor/testimonial-carousel-for-elementor-1162-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-10-24T17:10:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-text-widget/advanced-text-widget-212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/f4-improvements/f4-improvements-180-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/c9-blocks/c9-blocks-177-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-player-for-elementor/music-player-for-elementor-audio-player-podcast-player-241-missing-authorization-to-authenticated-subscriber-template-import</loc>
<lastmod>2024-11-14T16:40:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/consultor/consultor-a-business-financial-advisor-psd-template-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/famita/famita-154-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/minimog/minimogwp-396-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convert-to-blocks/minimist-125-prototype-pollution</loc>
<lastmod>2022-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-exclude/search-exclude-249-missing-authorization-to-unauthenticated-plugin-settings-modification</loc>
<lastmod>2025-05-06T12:55:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-widget/content-blocks-custom-post-widget-335-authenticated-contributor-stored-cross-site-scripting-via-content-parameter</loc>
<lastmod>2025-02-19T21:17:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-525-cross-site-request-forgery</loc>
<lastmod>2026-02-13T18:24:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-285-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-634-authenticated-contributor-settings-importexport</loc>
<lastmod>2025-10-17T14:41:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kv-send-email-from-admin/kv-compose-email-from-dashboard-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postapanduri/postapanduri-213-unauthenticated-sql-injection</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sql-chart-builder/sql-chart-builder-236-authenticated-contributor-sql-injection</loc>
<lastmod>2024-12-11T15:19:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-421-authenticated-shell-upload</loc>
<lastmod>2021-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webengage/webengage-feedback-survey-and-notification-201-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-phar-unserialization</loc>
<lastmod>2018-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-language-translator/translate-wordpress-google-language-translator-6011-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/topfit/topfit-fitness-and-gym-wordpress-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rankmath-seo-101072-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-contact-chat-icons-whatsapp-telegram-chat-line-messenger-wechat-email-sms-call-button-chaty-322-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons-pro/xpro-elementor-addons-pro-147-authenticated-contributor-arbitrary-file-read-via-draw-svg</loc>
<lastmod>2026-05-26T20:55:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-add/form-builder-1990-cross-site-request-forgery</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dental/dental-clinic-37-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-241-authenticated-stored-cross-site-scripting-via-element-url</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/next-page-not-next-post/next-page-not-next-post-030-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nuss/nuss-133-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bne-gallery-extended/bne-gallery-extended-121-authenticated-contributor-stored-cross-site-scripting-via-gallery-shortcode</loc>
<lastmod>2024-11-25T20:16:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-reservation-calendar/cp-reservation-calendar-117-sql-injection</loc>
<lastmod>2015-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backuply/backuply-backup-restore-migrate-and-clone-126-denial-of-service</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed/youtube-embed-332-cross-site-scripting</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-71037-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-offrepo/captcha-25d-cross-site-scripting</loc>
<lastmod>2007-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-testimonials-slider/elfsight-testimonials-slider-101-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cache-control-by-cacholong/cache-control-by-cacholong-541-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook-lite/real3d-flipbook-lite-3d-flipbook-pdf-viewer-pdf-embedder-48-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2024-11-15T15:06:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-login-image/customize-login-image-34-cross-site-scripting</loc>
<lastmod>2021-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-affordable-powerful-email-marketing-for-wordpress-woocommerce-5744-authenticated-admin-stored-cross-site-scripting-via-form-settings</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/different-menus-in-different-pages/different-menu-in-different-pages-control-menu-visibility-all-in-one-232-missing-authorization-to-menu-duplication</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-files-upload-and-contest-plugin-for-wordpress-1704-admin-sql-injection</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bello/bello-directory-listing-159-unauthenticated-sql-injection</loc>
<lastmod>2021-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-347-cross-site-request-forgery</loc>
<lastmod>2020-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-login-when-resister/enabledisable-auto-login-when-register-110-cross-site-request-forgery</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coming-soon-product/woocommerce-coming-soon-product-with-countdown-50-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-rdw-kenteken-voertuiginformatie/open-rdw-kenteken-voertuiginformatie-2014-reflected-cross-site-scripting-via-open_data_rdw_kenteken</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sparkling/sparkling-249-missing-authorization-to-unauthenticated-arbitrary-plugin-activationdeactivation</loc>
<lastmod>2025-03-04T21:26:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-for-wordpress-64-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2020-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-3215-unauthenticated-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2510-authenticated-author-sql-injection</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/valenti-engine/valenti-engine-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-dashboard/live-dashboard-033-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-hubspot/wp-gravity-forms-hubspot-125-open-redirect</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-splitter/order-splitter-for-woocommerce-530-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-632-authenticated-subscriber-arbitrary-shortcode-execution-via-parse-media-shortcode</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3123-missing-authorization</loc>
<lastmod>2024-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-227-unauthenticated-sensitive-information-exposure-via-email-parameter</loc>
<lastmod>2026-01-16T14:00:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdeepl/deepl-pro-api-translation-214-cross-site-request-forgery-via-savesettings</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookster/bookster-wordpress-appointment-booking-plugin-211-authenticated-administrator-sql-injection-via-raw</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html2wp/html2wp-100-cross-site-request-forgery</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxgooglemap/cbx-map-for-google-map-openstreetmap-1111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-page-post-video-and-photo-galleries-286-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-effect-header/banner-effect-header-127-cross-site-request-forgery</loc>
<lastmod>2015-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wordpress-importer-import-any-xml-file-to-wordpress-101-server-side-request-forgery</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-subscribe-list/mail-subscribe-list-2110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-page/maintenance-page-108-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adbuddy-adblocker-detection/adbuddy-adblocker-detection-by-netfunkdesign-113-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stackable-ultimate-gutenberg-blocks/stackable-page-builder-gutenberg-blocks-3136-unauthenticated-css-injection</loc>
<lastmod>2024-10-11T20:24:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/crown-art/crown-art-drawing-and-music-school-wordpress-theme-1211-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-github/wp-github-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-824-reflected-cross-site-scripting</loc>
<lastmod>2022-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comparepress/comparepress-208-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scand-multi-mailer/multimailer-103-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/institute-management/institute-management-55-authenticated-administrator-stored-cross-site-scripting-via-enquiry-form-title-setting</loc>
<lastmod>2026-02-18T20:53:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-casengo-chat-widget/casengo-live-chat-support-214-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/job-postings-28-missing-authorization</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wot-elementor-widgets/wot-elementor-widgets-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fpw-category-thumbnails/fpw-category-thumbnails-195-authenticated-subscriber-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2026-06-01T19:45:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-worldwide-express-edition/ltl-freight-quotes-worldwide-express-edition-5021-reflected-cross-site-scripting</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-286-sensitive-information-exposure</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dp-intro-tours/intro-tour-tutorial-deeppresentation-652-reflected-cross-site-scripting</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alloggio/alloggio-hotel-booking-wordpress-theme-212-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-2411-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/points-and-rewards-for-woocommerce/points-and-rewards-for-woocommerce-295-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-207-authenticated-contributor-missing-authorization-to-arbitrary-form-submission-access-via-entries_id-parameter</loc>
<lastmod>2026-06-15T17:15:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-mailchimp/integration-for-mailchimp-and-contact-form-7-wpforms-elementor-ninja-forms-122-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/droip/droip-252-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-323-cross-site-request-forgery</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agenteasy-properties/agenteasy-properties-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2speed/wp2speed-faster-optimize-pagespeed-insights-score-90-100-101-improper-authorization-due-to-use-of-hardcoded-credentials</loc>
<lastmod>2024-07-08T19:47:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/layouts-for-elementor/layouts-for-elementor-17-missing-authorization-to-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-builder/internal-link-builder-10-authenticated-administrator-stored-cross-site-scripting-via-plugins-settings</loc>
<lastmod>2026-01-13T16:46:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphina-elementor-charts-and-graphs/graphina-elementor-charts-and-graphs-189-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-05-10T10:03:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/czater/czaterpl-live-chat-i-telefon-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptelegram-widget/wp-telegram-widget-and-join-link-2127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-flashcards/easy-flashcards-01-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:43:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/wordpress-social-login-and-register-7512-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consulting-elementor-widgets/consulting-elementor-widgets-130-authenticated-contributor-sql-injection</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-cart/fluentcart-a-new-era-of-ecommerce-131-authenticated-administrator-sql-injection-via-groupkey-parameter</loc>
<lastmod>2025-12-02T15:10:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-3212-reflected-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensive-vc-addon/extensive-vc-addons-for-wpbakery-page-builder-191-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-email-subscriber/simple-email-subscriber-23-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/object-cache-4-everyone/object-cache-4-everyone-232-information-exposure</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerfy/careerfy-job-board-wordpress-theme-390-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-81-subscriber-sql-injection</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-6116-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vibebp/vibebp-19951-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-155-reflected-cross-site-scripting</loc>
<lastmod>2020-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1127-unauthenticated-information-exposure</loc>
<lastmod>2026-01-16T19:16:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vithy/vithy-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pootle-button/pootle-button-120-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mark-posts/mark-posts-224-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/afi-the-easiest-integration-plugin-112612-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podamibe-twilio-private-call/podamibe-twilio-private-call-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery/imagepress-image-gallery-122-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-4913-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bosa-elementor-for-woocommerce/bosa-elementor-addons-and-templates-for-woocommerce-1012-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printcart-integration/printcart-web-to-print-product-designer-for-woocommerce-239-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-1289-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bibtex/wp-bibtex-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:48:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagination/pagination-by-bestwebsoft-106-multiple-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-instance-rename/wordpress-renaming-tool-by-vlajo-10-path-traversal</loc>
<lastmod>2015-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-button/floating-button-60-cross-site-request-forgery-via-process_bulk_action</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-timed-popup/wp-timed-popout-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2014-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-pix-for-woocommerce/pix-for-woocommerce-150-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-03-12T18:45:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anual-archive/annual-archive-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-direct-checkout-lite/direct-checkout-for-woocommerce-lite-103-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171028-authenticated-contributor-stored-dom-based-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-06-25T20:58:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailup/mailup-newsletter-sign-up-form-132-cross-site-scripting</loc>
<lastmod>2013-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-122-cross-site-request-forgery</loc>
<lastmod>2012-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3355-authenticated-contributor-stored-cross-site-scripting-via-rest-api</loc>
<lastmod>2026-04-07T12:55:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-wp-mail/ultimate-wp-mail-138-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-mu-26-cross-site-scripting</loc>
<lastmod>2008-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3632-unauthenticated-local-file-inclusion-via-controller</loc>
<lastmod>2025-12-04T20:41:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vision/vision-interactive-for-wordpress-151-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duracelltomi-google-tag-manager/google-tag-manager-for-wordpress-gtm4wp-1151-stored-cross-site-scripting-via-content-element-id</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-video-store/photo-video-store-2107-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fresh-framework/fresh-framework-1700-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campus-directory/faculty-staff-and-student-directory-plugin-campus-directory-190-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-561-cross-site-request-forgery</loc>
<lastmod>2022-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scrollbar-by-webxapp/scrollbar-by-webxapp-best-verticalhorizontal-scrollbars-plugin-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-gutenberg-block-310-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-341-improper-access-control-leading-to-table-data-deletion</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-20260510-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-file-changes-monitor/website-file-changes-monitor-182-authenticated-admin-sql-injection</loc>
<lastmod>2022-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-378-authenticated-contributor-dom-based-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2025-01-27T19:08:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2081-reflected-cross-site-scripting</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-or-sidebar-per-shortcode/widget-or-sidebar-shortcode-061-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-29T14:05:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postman-widget/paloma-widget-114-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokintroscroller/rokintroscroller-18-arbitrary-file-upload</loc>
<lastmod>2013-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-upload-restriction/wp-upload-restriction-224-missing-authorization-checks</loc>
<lastmod>2021-07-02T15:05:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-peek/database-peek-12-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-display/acf-frontend-display-206-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2015-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortlinkspro/shortlinks-pro-107-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-2022928-unauthorized-file-upload-via-acf</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-bubble/chat-bubble-23-cross-site-request-forgery-via-cbb_submit_settings_data</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-search-permalink/seo-search-permalink-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flowbox/flowbox-115-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-line-up-exactry-by-milliard/related-posts-line-up-exactly-by-milliard-0022-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandportfolio/grand-portfolio-33-cross-site-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/total-donations/total-donations-205-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2019-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2694-authenticated-contributor-stored-cross-site-scripting-via-call-to-action</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-css-compiler/wow-best-css-compiler-202-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-214-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classic-addons-wpbakery-page-builder-addons/classic-addons-wpbakery-page-builder-30-authenticated-editor-local-file-inclusion</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-responsive-photo-gallery-image-viewer-justified-masonry-carousel-2429-authenticated-custom-stored-cross-site-scripting-via-album-title-size</loc>
<lastmod>2025-03-07T16:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-testimonial/super-testimonials-401-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/designfolio-plus/designfolio-plus-theme-unkown-versions-arbitrary-file-upload</loc>
<lastmod>2015-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jch-optimize/jch-optimize-400-missing-authorization-to-authenticated-subscriber-settings-modification</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-registration-and-profile-form-builder-frontend-editor-buddyforms-easy-wordpress-forms-281-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration-calendar-by-vcita/event-registration-calendar-by-vcita-131-online-payments-get-paid-with-paypal-square-stripe-3100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-6113-missing-authorization-to-unauthenticated-minor-settings-update</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-517-cross-site-scripting</loc>
<lastmod>2012-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-datatable/wp-jquery-datatable-410-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-481-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-forms-invitation-based-registrations-custom-login-payments-3723-open-redirect</loc>
<lastmod>2021-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backup-mainwp/wpvivid-backup-for-mainwp-0933-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-reflected-cross-site-scripting-via-referer</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-734-authenticated-administrator-sql-injection</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-popup-on-user-login/legal-terms-and-conditions-popup-for-user-login-and-woocommerce-checkout-tpul-208-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/validar-certificados-de-cursos/validatecertify-161-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-9032-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-249-263-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T22:01:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waitlist-woocommerce/waitlist-woocommerce-back-in-stock-notifier-252-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-plus/featured-image-plus-164-missing-authorization-to-authenticated-subscriber-featured-image-update</loc>
<lastmod>2025-05-29T19:23:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-translate/wp-translate-530-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0916-authenticated-admin-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2021-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tijaji/tijaji-143-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yahoo-boss/yahoo-boss-07-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-281-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2025-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gAppointments/gappointments-1951-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedding-barcodes-into-product-pages-and-orders/barcode-generator-for-woocommerce-show-barcodes-on-products-orders-invoices-and-other-pages-202-authenticated-subscriber-sensitive-information-disclosure</loc>
<lastmod>2024-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fonts-manager-custom-fonts/fonts-manager-custom-fonts-12-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/termageddon-usercentrics/termageddon-cookie-consent-privacy-compliance-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-forms-for-paystack/payment-forms-for-paystack-402-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T18:12:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-plus-google/google-plus-102-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-posts/category-posts-widget-4919-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-69-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openai-tools-for-wp-wc/openai-tools-for-wordpress-woocommerce-215-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultra-skype-button/ultra-skype-button-10-authenticated-contributor-stored-cross-site-scripting-via-btn_id-shortcode-attribute</loc>
<lastmod>2025-12-05T16:46:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-544-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kentha-elementor/kentha-elementor-widgets-31-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/norse-runes-oracle/norse-rune-oracle-plugin-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-loyalty-points-and-rewards-plugin-for-wordpress-and-woocommerce-give-points-ranks-badges-cashback-woocommerce-rewards-and-woocommerce-credits-for-gamification-273-missing-authorization-to-unauthenticated-database-upgrade</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/glamchic/glamchic-1011-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-manager-connector/emagicone-store-manager-for-woocommerce-125-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-05-23T14:33:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-wordpress-table-plugin-1414-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T21:19:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11212-directory-traversal-to-local-file-inclusion</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-profile/user-profile-2020-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1728-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-jplayer/mp3-jplayer-242-full-path-disclosure</loc>
<lastmod>2015-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/arforms-form-builder-161-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-370-authenticated-administrator-sql-injection</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-pinterest-portfolio/wordpress-pinterest-plugin-161-stored-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-15115-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-217-cross-site-scripting</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-recommend-this/i-recommend-this-373-sql-injection</loc>
<lastmod>2014-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentoptin/contentoptin-lite-wp-content-upgrade-plugin-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58012-authenticated-administrator-stored-cross-site-scripting-via-order-details</loc>
<lastmod>2025-07-21T09:53:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-swagger-ui/embed-swagger-ui-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack-feedback-exporter/jetpack-feedback-exporter-123-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securesubmit/wp-securesubmit-1518-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-455-authenticated-marketer-sql-injection-via-search-parameter</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-plugin-532-sql-injection</loc>
<lastmod>2020-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sw-contact-form/sw-contact-form-10-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-for-plugin-by-fluent-forms-508-insecure-direct-object-reference</loc>
<lastmod>2023-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/inspiro/inspiro-212-cross-site-request-forgery-to-arbitrary-plugin-installation</loc>
<lastmod>2025-08-20T16:43:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-flexible-shortcodes/meks-flexible-shortcodes-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-paypal/payment-button-for-paypal-12335-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-3212-unauthenticated-sql-injection</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5p/h5p-1157-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-ai-powered-woocommerce-multivendor-marketplace-solution-504-authenticated-custom-stored-cross-site-scripting-via-product-sku</loc>
<lastmod>2026-06-26T17:53:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-stock-prices-for-wordpress/financial-stocks-crypto-market-data-plugin-1103-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:16:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-pricing-woocommerce/quantity-dynamic-pricing-bulk-discounts-for-woocommerce-403-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox/starbox-the-author-box-for-humans-351-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-facebook-connect/nextend-social-login-and-register-150-cross-site-scripting</loc>
<lastmod>2014-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-251-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/privacy-policy-generator-terms-conditions-generator-wordpress-plugin-wp-legal-pages-351-missing-authorization-to-unauthenticated-api-disconnect</loc>
<lastmod>2025-10-31T13:45:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-star-rating/gd-star-rating-1922-blind-sql-injection</loc>
<lastmod>2014-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-service/opal-service-191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-exclude/search-exclude-126-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-time-clock-lite/all-in-one-time-clock-lite-13325-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brave-popup-builder/brave-create-popup-optins-lead-generation-survey-sticky-elements-interactive-content-069-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eggdrop/wp-eggdrop-01-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-input-fields-for-woocommerce/product-input-fields-for-woocommerce-170-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter-pro/ad-inserter-pro-2739-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-instruction-recorder/library-instruction-recorder-114-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4257-command-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zendesk/zendesk-support-for-wordpress-184-cross-site-request-forgery</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forget-about-shortcode-buttons/forget-about-shortcode-buttons-212-missing-authorization-via-fasc_buttons</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-multisite-selector/dropdown-multisite-selector-092-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-countdown/redirect-countdown-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:19:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1672-reflected-cross-site-scripting-via-locale-parameter</loc>
<lastmod>2025-02-18T10:25:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riode-core/riode-core-1626-unauthenticated-sql-injection</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-379-authenticated-contributor-stored-cross-site-scripting-via-wpf_optin_form-shortcode</loc>
<lastmod>2026-04-03T22:13:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0189-cross-site-scripting</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/responsive-image-gallery-gallery-album-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-viewer-for-elementor/pdf-viewer-for-elementor-293-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-with-ai-seo-tools-10216-authenticated-contributor-stored-cross-site-scripting-via-titlewrapper</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/donpeppe/don-peppe-13-missing-authorization</loc>
<lastmod>2026-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-search-360/site-search-360-217-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-markdown/external-markdown-001-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-2611-authenticated-contributor-sensitive-information-exposure-via-countdown-and-off-canvas</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3138-missing-authorization-to-unauthenticated-account-destruction-of-non-admin-users</loc>
<lastmod>2026-03-23T16:27:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopbuilder/shopbuilder-321-reflected-cross-site-scripting</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/freightco/freightco-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goldish/goldish-347-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/five-minute-webshop/five-minute-webshop-132-authenticated-admin-sql-injection-via-orderby</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_option_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-524-cache-poisoning</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-281-remote-code-execution-via-tax_query-meta_query-date_query-parameters</loc>
<lastmod>2019-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/easync-1311-reflected-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-salesmate-add-on/salesmate-add-on-for-gravity-forms-203-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-402-cross-site-scripting</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goods-catalog/goods-catalog-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/wp-rss-aggregator-4235-authenticated-admin-server-side-request-forgery-via-rss-feed-source</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadconnector/leadconnector-3022-missing-authorization</loc>
<lastmod>2026-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hdw-tube/hdw-wordpress-video-gallery-12-reflected-cross-site-scripting-via-playlist-parameter</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1311-cross-site-request-forgery-to-arbitrary-plugin-activation-and-deactivation</loc>
<lastmod>2021-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-facebook-comments/fancy-comments-wordpress-1214-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluetrait-event-viewer/btev-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4257-insecure-direct-object-reference-to-information-disclosure</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-346-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-dashboard/material-dashboard-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-featured-image/bulk-featured-image-121-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-240-multiple-cross-site-scripting</loc>
<lastmod>2018-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turitop-booking-system/turitop-booking-system-1010-missing-authorization</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-3112-restricted-email-bypass</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-contact-form-integration-for-elementor/eleforms-2999-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quttera-web-malware-scanner/quttera-web-malware-scanner-34148-sensitive-data-exposure</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/appointment-booking-calendar-plugin-and-scheduling-plugin-bookingpress-1116-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0910-authenticated-contributor-sql-injection-via-plugins-shortcode</loc>
<lastmod>2025-12-10T14:30:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/struktur/struktur-251-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userback/userback-1013-cross-site-request-forgery</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-2910-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-slider/wp-contact-slider-246-stored-cross-site-scripting</loc>
<lastmod>2022-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail/mail-13-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-splash-screen/kento-splash-screen-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3267-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-264-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/001-prime-strategy-translate-accelerator/001-prime-strategy-translate-accelerator-111-missing-authorization</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup-plugin/simple-popup-plugin-45-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-27T13:55:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/files-download-delay/files-download-delay-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:02:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-manager/popup-manager-166-missing-authorization-to-arbitrary-popup-deletion</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easylogo/easy-logo-193-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/holmes/holmes-digital-agency-wordpress-theme-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-malware-firewall/security-malware-scan-by-cleantalk-2145-authorization-bypass-via-reverse-dns-spoofing-to-unauthenticated-sql-injection</loc>
<lastmod>2024-11-25T17:07:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activity-reactions-for-buddypress/activity-reactions-for-buddypress-1022-cross-site-request-forgery</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upi-qr-code-payment-for-woocommerce/upi-qr-code-payment-gateway-for-woocommerce-162-missing-authorization</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/utw-importer/ultimate-tag-warrior-importer-02-cross-site-request-forgery</loc>
<lastmod>2025-08-28T15:44:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-410-464-missing-authorization-to-authenticated-subscriber-limited-user-meta-update</loc>
<lastmod>2026-01-23T19:29:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klarna-checkout-for-woocommerce/klarna-checkout-for-woocommerce-2134-denial-of-service</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-232-reflected-cross-site-scripting</loc>
<lastmod>2016-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalogue-313-sql-injection</loc>
<lastmod>2015-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-csv-xls-exporter/simple-csvxls-exporter-158-csv-injection</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitly-linker/bitly-linker-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bitly/bitly-274-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20243-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cab-fare-calculator/cab-fare-calculator-116-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bot-block-stop-spam-google-analytics-referrals/bot-block-8211-stop-spam-referrals-in-google-analytics-26-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reality/reality-estate-multipurpose-wordpress-theme-255-reflected-cross-site-scripting</loc>
<lastmod>2020-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-791-and-ithemes-security-pro-684-hidden-login-bypass</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-409-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-manager/jquery-manager-for-wordpress-1104-jquery-migrate-helper-141-running-vulnerable-dependency</loc>
<lastmod>2020-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-table-of-content/rich-table-of-contents-138-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-audio-dock/themify-audio-dock-205-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-3137-cross-site-request-forgery</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets-extended/code-snippets-extended-147-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-05-17T14:51:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-repeater/content-repeater-113-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1818-authenticated-administrator-stored-cross-site-scripting-via-widget</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-503-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slippy-slider-responsive-touch-navigation-slider/slippy-slider-responsive-touch-navigation-slider-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:26:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-108-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sellkit/sellkit-181-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cwicly/cwicly-1402-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-5722-authenticated-subscriber-sql-injection-vulnerability-via-optionslist_id</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aweber-wp/aweber-forms-by-optin-cat-257-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T21:31:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magicform/magicform-01-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-158-blind-sql-injection</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5951-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-515-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-566-booster-plus-565-and-booster-elite-117-for-woocommerce-cross-site-request-forgery-leading-to-arbitrary-custom-role-creationdeletion</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshopgermany-protectedshops/wpshopgermany-protected-shops-20-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syncee-global-dropshipping/syncee-premium-dropshipping-wholesale-1027-missing-authorization</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-3417-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-and-registration-5265-unauthenticated-ticket-payment-bypass</loc>
<lastmod>2025-10-17T18:07:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-1910-1911-full-path-disclosure</loc>
<lastmod>2013-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flowplayer6-video-player/flowerplayer-video-player-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jnews-paywall/jnews-paywall-1201-cross-site-request-forgery</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2742-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-wordpress-poll/wordpress-poll-3405-sql-injection</loc>
<lastmod>2013-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-2100-missing-authorization</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libro-de-reclamaciones-y-quejas/libro-de-reclamaciones-y-quejas-09-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-openpos/woocommerce-openpos-644-unauthenticated-sql-injection</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-wordpress-backup-plugin-plus-restore-migrate-by-boldgrid-1168-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallax-section/parallax-section-block-109-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-star-rating/universal-star-rating-1104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wti-like-post/wti-like-post-145-stored-cross-site-scripting</loc>
<lastmod>2020-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newspaper-lite/newspaper-lite-110-reflected-cross-site-scripting</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-270-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-portfolio/companion-portfolio-responsive-portfolio-plugin-2401-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:48:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/antispam-by-cleantalk-5185-authenticated-administrator-sql-injection</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5919-authenticated-contributor-stored-cross-site-scripting-via-dual-color-header-event-calendar-advanced-data-table</loc>
<lastmod>2024-05-09T19:32:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-for-woocommerce-along-with-bookings-subscription-listings-compatible-6725-authenticated-vendor-insecure-direct-object-reference-to-arbitrary-user-deletion</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iq-block-country/iq-block-country-1213-admin-arbitrary-file-deletion-via-zip-slip</loc>
<lastmod>2022-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotlight-social-photo-feeds/spotlight-social-media-feeds-1610-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggator/taggator-plugin-133-sql-injection</loc>
<lastmod>2012-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/websand-subscription-form/websand-subscription-form-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cumulus/wp-cumulus-120-sensitive-information-exposure</loc>
<lastmod>2009-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-526-cross-site-request-forgery</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-1312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3312-authenticated-author-arbitrary-file-deletion</loc>
<lastmod>2025-04-18T18:52:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atomchat/atomchat-114-missing-authorization-via-credits-rest-api-endpoint</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-cards-meta/twitter-cards-meta-best-twitter-card-plugin-for-wordpress-250-cross-site-scripting</loc>
<lastmod>2017-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flags-widget/flags-widget-107-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-488-authenticated-contributor-stored-cross-site-scripting-via-widget-url-attribute</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dashboard-chat/wp-dashboard-chat-103-authenticated-contributor-sql-injection-via-id</loc>
<lastmod>2025-10-14T20:03:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adapta-rgpd/adapta-rgpd-132-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/credova-financial/credova_financial-248-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/3cx-live-chat-8007-cross-site-scripting</loc>
<lastmod>2018-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-411-reflected-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-375-reflected-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-quick-view/wpc-smart-quick-view-for-woocommerce-425-insecure-direct-object-reference-to-unauthenticated-private-product-exposure</loc>
<lastmod>2025-10-17T18:24:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/k-elements/k-elements-539-authentication-bypass</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-basic-contact-form/simple-basic-contact-form-20221201-reflected-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshopgermany-it-recht-kanzlei/wpshopgermany-it-recht-kanzlei-17-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-wp-as-saml-idp/login-using-wordpress-users-wp-as-saml-idp-1156-authenticated-administrator-sql-injection</loc>
<lastmod>2024-11-15T20:41:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-shortcodes-for-genesis/awesome-shortcodes-for-genesis-118-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-458-pro-227-free-missing-authorization-via-eventon_save_virtual_event_settings</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himalayas/himalayas-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-favorite-posts/wp-favorite-posts-165-unauthenticated-cross-site-scripting</loc>
<lastmod>2016-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devs-accounting/devs-accounting-120-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-id-parameter</loc>
<lastmod>2026-06-23T16:39:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2105-missing-authorization</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-alt-text/image-alt-text-200-missing-authorization-to-authenticated-subscriber-image-alt-text-update</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-205-authenticated-author-insecure-direct-object-reference</loc>
<lastmod>2025-11-12T15:20:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-301-missing-authorization</loc>
<lastmod>2010-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-preview/wordpress-responsive-preview-11-reflected-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-pop-up-banners/cm-pop-up-banners-172-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-2533-authenticated-contributor-stored-cross-site-scripting-via-post-title</loc>
<lastmod>2026-06-16T17:40:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-google-mapsopenstreetmapmapboxstore-locatorlistingdirectory-filters-493-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3319-authenticated-open-redirect</loc>
<lastmod>2018-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-392-reflected-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-map-pro/image-map-pro-6020-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/qaengine/qaengine-14-privilege-escalation</loc>
<lastmod>2015-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-ninja-forms-contact-form-3610-authenticated-admin-stored-cross-site-scripting-via-import</loc>
<lastmod>2022-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-1201-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-5726-missing-authorization</loc>
<lastmod>2024-07-16T18:52:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recaptcha-bp/wp-recaptcha-bp-41-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-static/simply-static-313-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/case-addons/case-addons-130-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/masterstudy/masterstudy-48122-missing-authorization</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1096-unauthorized-settings-change</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-notice/gdpr-cookie-notice-120-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registration-password/fs-registration-password-101-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-01-05T16:31:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-148-arbitrary-file-upload</loc>
<lastmod>2014-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-facebook/wordpress-facebook-1013-sql-injection</loc>
<lastmod>2017-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-management-for-woocommerce/woocommerce-category-banner-management-241-cross-site-request-forgery</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpleflickr/simpleflickr-303-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twinklesmtp/twinklesmtp-email-service-provider-for-wordpress-103-authenticated-administrator-stored-cross-site-scripting-via-sender-settings</loc>
<lastmod>2026-01-06T18:34:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokstories/rokstories-125-full-path-disclosure</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-baidu-submit/wp-baidu-submit-121-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-260-authenticatedstudent-html-injection-via-qa</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1292-authenticated-admin-sql-injection</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easysnippet/rich-snippet-site-report-200105-authenticated-admin-sql-injection</loc>
<lastmod>2025-10-14T19:47:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rollbar/rollbar-271-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-custom-registration-form-builder-custom-login-form-user-profile-content-restriction-membership-plugin-446-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-15T02:13:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-115-cross-site-scripting</loc>
<lastmod>2020-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-286-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-ai-powered-business-directory-plugin-with-classified-ads-listings-848-authenticated-subscriber-arbitrary-file-move</loc>
<lastmod>2025-10-24T17:34:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nimble-portfolio/wordpress-picture-portfolio-media-gallery-301-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-06-18T14:30:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javo-core/javo-core-300529-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-973-authenticated-stored-cross-site-scripting-via-title-description</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-armour-extended/wp-armour-extended-126-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2711-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adifier/adifier-premium-theme-314-reflected-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backupwordpress/backupwordpress-042b-remote-file-inclusion</loc>
<lastmod>2007-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-quotation/simple-quotation-132-sql-injection</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eps-301-redirects/301-redirects-easy-redirect-manager-272-cross-site-request-forgery-via-dismiss_notice</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-custom-testimonial/ap-custom-testimonial-147-sql-injection</loc>
<lastmod>2022-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artificial-intelligence-auto-content-generator/ai-tools-407-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-wordpress-70-unauthenticated-php-object-injection-via-path-traversal</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-3171-reflected-cross-site-scripting</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crayon-syntax-highlighter/crayon-syntax-highlighter-284-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-17-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookit/booking-calendar-appointment-booking-bookit-250-missing-authorization-to-unauthenticated-stripe-connection</loc>
<lastmod>2025-11-11T19:23:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mshop-naver-talktalk/-1118-authenticated-contributor-stored-cross-site-scripting-via-add_plus_friends-and-add_plus_talk-shortcodes</loc>
<lastmod>2024-11-22T23:35:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/altima-lookbook-free-for-woocommerce/altima-lookbook-free-for-woocommerce-110-refletced-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-200-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peachpay-for-woocommerce/peachpay-112046-cross-site-request-forgery-to-stripe-unlink</loc>
<lastmod>2026-05-27T18:40:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode-site-under-construction/conditional-marketing-mailer-for-woocommerce-152-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bvd-easy-gallery-manager/bvd-easy-gallery-manager-106-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/min-and-max-quantity-for-woocommerce/minimum-and-maximum-quantity-for-woocommerce-200-missing-authorization</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/elex-woocommerce-advanced-bulk-edit-products-prices-attributes-149-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitor-stats-widget/visitor-stats-widget-150-reflected-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-maintenance-extension/mainwp-maintenance-extension-411-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-11036-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likebtn-like-button/like-button-rating-253-arbitrary-settings-change</loc>
<lastmod>2017-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-login/heateor-social-login-1139-cross-site-request-forgery</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbrutalai/wp-brutal-ai-206-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-2723-missing-authorization</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support-pro/wp-live-chat-support-pro-8026-arbitrary-file-upload</loc>
<lastmod>2019-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/obfuscate-email/obfuscate-email-381-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T20:36:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3248-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-pay/wp-easy-pay-payment-and-donation-form-builder-for-square-450-cross-site-request-forgery</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1502-missing-authorization</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-750-cross-site-request-forgery</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pano/wp-pano-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-post-and-buddypress/push-notification-for-post-and-buddypress-163-missing-authorization-to-unauthenticated-admin-notice-dismissal</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-actions-and-filters/add-shortcodes-actions-and-filters-210-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feeds-for-youtube/feeds-for-youtube-youtube-video-channel-and-gallery-plugin-221-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/hubbub-lite-1311-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3965-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-soundcloud-player-with-playlist/html5-soundcloud-player-280-authenticated-author-php-object-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-assistant-by-10web/10web-ai-assistant-ai-content-writing-assistant-1018-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2024-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-popular-elementor-templates-widgets-6513-authenticated-author-limited-privilege-escalation-via-register_user</loc>
<lastmod>2026-05-13T18:07:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yet-another-stars-rating-338-missing-authorization-to-vote-tampering</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-admin-stored-cross-site-scripting-via-pages-parameter</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-727-authenticatedsubscriber-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2024-07-11T09:29:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protect-wp-admin/protect-wp-admin-36-unauthenticated-plugin-deactivation</loc>
<lastmod>2021-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postem-ipsum/postem-ipsum-301-missing-authorization-to-authenticated-subscriber-privilege-escalation-in-postem_ipsum_generate_users</loc>
<lastmod>2025-12-12T16:05:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-contact/wp-easy-contact-401-authenticated-contributor-stored-cross-site-scripting-via-noaccess_msg-parameter</loc>
<lastmod>2025-08-04T17:36:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-264-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsmanapp/newsmanapp-276-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T16:04:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/image-gallery-responsive-photo-gallery-170-reflected-cross-site-scripting-via-thumbtext</loc>
<lastmod>2015-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-local-pickup-for-woocommerce/advanced-local-pickup-for-woocommerce-162-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-stream-badger/live-stream-badger-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-18T14:12:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viet-nam-affiliate/viet-nam-affiliate-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-people/wp-people-341-sql-injection</loc>
<lastmod>2008-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-286-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-257-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagemash/pagemash-page-management-130-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-wp-debug-toggle/wp_debug-toggle-11-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-tab-for-directorypress-pp/coupon-tab-for-directorypress-pp-coupon-tab-020-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/social-pug-1300-missing-authorization-via-multiple-admin_init-actions</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3812-missing-authorization-to-arbitrary-user-deletion</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-wpforms/pdf-for-wpforms-621-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-year-firework/new-year-firework-119-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-424-stored-cross-site-scripting-via-accessibility-helper-title</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-google-authenticator/login-with-otp-over-sms-email-whatsapp-and-google-authenticator-104-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-builder-3151-unauthenticated-sql-injection-via-product_order-parameter</loc>
<lastmod>2026-05-12T21:06:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6718-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T18:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-members/advanced-members-for-acf-125-authenticated-subscriber-arbitrary-file-deletion-via-path-traversal</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-share-buttons3/easy-social-share-buttons-94-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41017-authenticatedcontributor-stored-cross-site-scripting-via-link-wrapper</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1548-authenticated-admin-cross-site-scripting-xss</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-525-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-02T18:30:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-7892-authenticated-subscriber-arbitrary-file-upoload-via-module-import</loc>
<lastmod>2026-01-23T23:49:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-304-cross-site-scripting</loc>
<lastmod>2007-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-151-cross-site-scripting</loc>
<lastmod>2010-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmovielibrary/wpmovielibrary-2148-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-2717-authenticated-contributor-stored-cross-site-scripting-via-_html_tag</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-contact-forms/slick-contact-forms-137-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-images/wp-responsive-images-10-unauthenticated-path-traversal-to-arbitrary-file-read-via-src</loc>
<lastmod>2026-02-25T12:50:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-thumbnailsBanner/lambertgroup-allinone-banner-with-thumbnails-38-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-calendar/spider-calendar-113-multiple-vulnerabilities</loc>
<lastmod>2012-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spreadr-for-woocomerce/spreadr-woocommerce-104-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azurecurve-shortcodes-in-comments/azurecurve-shortcodes-in-comments-202-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-09T18:09:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xews-lite/xews-lite-109-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arya-multipurpose-pro/arya-multipurpose-pro-108-reflected-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2042-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foundation-columns/foundation-columns-08-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3240-reflected-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashicons-cpt/dashicons-custom-post-types-102-missing-authorization</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-featured-image-from-bing/external-featured-image-from-bing-102-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockspare/blockspare-320-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vikinger/vikinger-1932-authenticated-subscriber-arbitrary-file-deletion-via-vikinger_delete_activity_media_ajax-function</loc>
<lastmod>2025-07-01T20:29:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-444-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wordpress-importer-import-any-xml-file-to-wordpress-102-reflected-cross-site-scripting</loc>
<lastmod>2022-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/auberge/auberge-145-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reformer-elementor/reformer-for-elementor-105-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modular-connector/modular-ds-251-unauthenticated-privilege-escalation</loc>
<lastmod>2026-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/league-of-legends-shortcodes/league-of-legends-shortcodes-101-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-less-to-css/wp-less-to-css-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-list/page-list-62-missing-authorization-to-authenticated-contributor-sensitive-information-disclosure-via-shortcode-attributes</loc>
<lastmod>2026-06-05T12:41:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3106-authenticated-contributor-stored-cross-site-scripting-via-calendly-widget</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/valiance/valiance-12-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxi-blocks/maxi-blocks-219-authenticated-author-stored-cross-site-scripting-via-style-card-rest-api</loc>
<lastmod>2026-05-01T14:44:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/this-or-that/this-or-that-by-andr-boekhorst-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycryptocheckout/mycryptocheckout-bitcoin-ethereum-and-100-altcoins-for-woocommerce-2161-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/register-plus/register-plus-3511-sensitive-information-disclosure</loc>
<lastmod>2010-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mabel-shoppable-images-lite/shoppable-images-lookbook-for-woocommerce-13-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-cfdb7/contact-form-7-database-addon-1253-sql-injection</loc>
<lastmod>2021-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfavicon/wpfavicon-211-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-team/team-members-showcase-340-reflected-cross-site-scripting</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm-map-elementor/osm-map-widget-for-elementor-130-authenticated-contributor-stored-cross-site-scripting-via-button-url</loc>
<lastmod>2025-08-28T15:44:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-489-cross-site-request-forgery-to-php-code-injection-in-bsacreateadtemplate</loc>
<lastmod>2025-07-01T14:53:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-plus/limit-login-attempts-plus-109-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securimage-wp/securimage-wp-plugin-351-reflected-cross-site-scripting</loc>
<lastmod>2013-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-326-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-261-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anubis/anubis-125-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-386-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/give-donation-plugin-2330-authenticatedgive-manager-privilege-escalation</loc>
<lastmod>2023-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arrival/arrival-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-publications-by-supsystic/digital-publications-by-supsystic-176-cross-site-request-forgery-via-ajax-action</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-email-marketing-lead-generation-optins-popups-78102-missing-authorization-to-unauthenticated-conversion-tracking-data-manipulation</loc>
<lastmod>2026-04-07T10:52:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-153-missing-authorization-in-save_options-and-reset_widgets</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-membership/micropayments-paid-author-subscriptions-content-downloads-membership-195-cross-site-request-forgery</loc>
<lastmod>2022-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buy-one-click-woocommerce/buy-one-click-woocommerce-229-missing-authorization-to-authenticated-subscriber-settings-export</loc>
<lastmod>2024-11-12T13:28:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecover-builder-for-dummies/ecover-builder-for-dummies-10-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-03-20T15:06:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-posts-display/magical-posts-display-1252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/wordpress-geolocation-plugin-cf-geo-plugin-71311-reflected-cross-site-scripting</loc>
<lastmod>2021-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-481-cross-site-scripting-via-tribe_paged-parameter</loc>
<lastmod>2019-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-460-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/monetag-official/monetag-official-113-missing-authorization</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-elements/elements-for-elementor-19-stored-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3212-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-text-popup/inline-text-popup-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-327-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divebook/divebook-114-sql-injection</loc>
<lastmod>2020-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsol/wpsol-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-search/seo-search-11-cross-site-request-forgery</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falling-things/falling-things-108-authenticated-editor-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-475-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2022-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-131-cross-site-request-forgery</loc>
<lastmod>2024-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7318727-sql-injection</loc>
<lastmod>2019-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evergreen-content-poster/evergreen-content-poster-142-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-auto-find-and-replace/better-find-and-replace-177-authenticated-subscriber-limited-code-injection</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-events/wp-events-234-sql-injection</loc>
<lastmod>2017-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/sprout-invoices-2053-sensitive-information-exposure</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-265-cross-site-scripting</loc>
<lastmod>2017-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse-integration/getresponse-5519-cross-site-request-forgery</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-logo-slider/logo-slider-logo-showcase-logo-carousel-logo-gallery-and-client-logo-presentation-368-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-wordpress-file-upload-pro-4191-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reset/reset-16-cross-site-request-forgery-to-database-reset</loc>
<lastmod>2025-02-17T15:48:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-294-unauthenticated-php-object-injection</loc>
<lastmod>2023-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-appointment-scheduling/ultimate-appointment-booking-scheduling-1110-reflected-cross-site-scripting</loc>
<lastmod>2020-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-font-uploader/wbcom-designs-custom-font-uploader-234-missing-authorization-to-font-deletion</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoloblocks/zoloblocks-2312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10253-cross-site-request-fogery-via-extend_builder</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/storekeeper-for-woocommerce/storekeeper-for-woocommerce-1444-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-238-missing-authorization</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-duplicate-switcher/catch-duplicate-switcher-21-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-maintenance-mode/smart-maintenance-mode-151-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-a-meeting-scheduler-by-vcita/contact-form-and-calls-to-action-by-vcita-4105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-724-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-151-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-1912-reflected-cross-site-scripting</loc>
<lastmod>2021-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensorpress-uptime-monitoring/sensorpress-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-274-reflected-cross-site-scripting</loc>
<lastmod>2023-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-617-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-346-reflected-cross-site-scripting-via-s-parameter</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ubigeo-peru/ubigeo-de-per-para-woocommerce-y-wordpress-363-unauthenticated-sql-injection</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-245-cross-site-request-forgery-via-rtcl_ajax_thumbnail_delete</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-ajax-product-filters-for-woocommerce/dynamic-ajax-product-filters-for-woocommerce-137-authenticated-contributor-stored-cross-site-scripting-via-name-parameter</loc>
<lastmod>2025-08-27T17:41:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backtotop/back-to-top-20-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exs-widgets/exs-widgets-031-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-1515-multiple-sql-injection</loc>
<lastmod>2015-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aardvark/aardvark-463-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bbcode/wp-bbcode-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:19:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3393-cross-site-request-forgery</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-code-to-head/add-code-to-head-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-page-stub-creator/bulk-page-stub-creator-11-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-17154-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-booking/fluent-booking-1911-missing-authorization</loc>
<lastmod>2025-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-easy-quiz-and-survey-maker-1034-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ddirections/driving-directions-144-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hotstar/hotstar-multi-purpose-business-theme-14-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advance-search/advance-search-for-woocommerce-109-cross-site-scripting</loc>
<lastmod>2018-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-manager-light/content-manager-light-32-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/birdseed/birdseed-220-cross-site-request-forgery-via-birdseed-token-change</loc>
<lastmod>2026-06-01T19:45:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixel-formbuilder/pixel-wordpress-form-builderplugin-autoresponder-103-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abitgone-commentsafe/abitgone-commentsafe-100-cross-site-request-forgery-to-settings-update-and-cross-site-request-forgery</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-authenticated-admin-server-side-request-forgery-via-give_get_content_by_ajax_handler</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-archive-generator/simple-archive-generator-52-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggbox-widget/tagbox-ugc-galleries-social-media-widgets-user-reviews-analytics-32-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3265-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloasso/helloasso-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mapa-politico-spain/wp-mapa-politico-espaa-380-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-2212-missing-authorization</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/exquisite-wp/exquisite-ultimate-newspaper-theme-133-cross-site-scripting</loc>
<lastmod>2015-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-31-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stax-buddy-builder/buddybuilder-buddypress-builder-for-elementor-173-cross-site-request-forgery</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dropzone/wp-dropzone-111-authenticated-contributor-stored-cross-site-scripting-via-callback-shortcode-attribute</loc>
<lastmod>2025-12-11T15:09:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liquid-speech-balloon/liquid-speech-balloon-118-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-sidebars/custom-sidebars-2102-reflected-cross-site-scripting</loc>
<lastmod>2015-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/f12-profiler/f12-profiler-139-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fwduvp/ultimate-video-player-wordpress-woocommerce-plugin-101-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3344-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voucherpress/voucherpress-157-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-donation-plugin-1650-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-274-authenticated-contributor-stored-cross-site-scripting-via-mycred_link-shortcode</loc>
<lastmod>2024-11-07T21:21:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/t-countdown/t-countdown-248-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-29T13:32:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-yogi/yogi-health-beauty-yoga-292-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/cookie-notice-for-gdpr-ccpa-eprivacy-consent-407-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-mail-by-constant-contact/creative-mail-154-cross-site-request-forgery-to-plugin-deactivation</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-generator/custom-post-type-generator-242-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subpages-extended/subpages-extended-166-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-insights/analytics-insights-62-open-redirect</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-4410-missing-authorization</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5917-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-easy-instagram-widget/meks-easy-photo-feed-widget-124-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poeditor/poeditor-0910-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homefix-ele-portfolio/homefix-elementor-portfolio-101-missing-authorization</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tune-library/tune-library-155-sql-injection</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-post-thumbnail/generate-images-magic-post-thumbnail-527-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/MDx/mdx-203-authenticated-contributor-stored-cross-site-scripting-via-mdx_list_item-shortcode</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelers-map/travelers-map-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-schemaorg-rich-snippets/schema-all-in-one-schema-rich-snippets-165-cross-site-request-forgery-in-rich_snippet_dashboard</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-forms-plugin-for-wordpress-919-missing-authorization-to-authenticated-subscriber-license-deactivation-via-deactivate_license</loc>
<lastmod>2026-03-13T15:17:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-184-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-45-cross-site-scripting-via-network-settings-page</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/appointment-event-booking-calendar-plugin-webba-booking-5048-missing-authorization-to-authenticated-subscriber-css-settings-update</loc>
<lastmod>2024-09-23T13:28:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-distance-calculator/mk-google-directions-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T16:43:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-usermetas/delete-usermetas-112-cross-site-request-forgery</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-guppy/wp-guppy-433-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gearside-developer-dashboard/gearside-developer-dashboard-1072-reflected-cross-site-scripting</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feature-comments/featured-comments-125-cross-site-request-forgery</loc>
<lastmod>2014-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopbuilder/shopbuilder-elementor-woocommerce-builder-addons-2112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/different-shipping-and-billing-address-for-woocommerce/multiple-shipping-and-billing-address-for-woocommerce-13-unauthenticated-sql-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-5719-missing-authorization-in-handle_ajax_request</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-7010-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-notepads/dashboard-notepads-121-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-2d/live2dwebcanvas-1911-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-01-30T14:13:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-2437-unauthenticated-remote-code-execution</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/about-author/about-author-162-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simpleweather/wp-simpleweather-025-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-3108-missing-authorization-to-plugin-settings-change-via-wppb_two_factor_authentication_settings_update</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-element/news-element-elementor-blog-magazine-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pos/woocommerce-pos-178-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-18-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-9011-authenticated-contributor-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-288-unauthenticated-arbitrary-file-read-and-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/privy-crm-integration/privyr-crm-102-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveoptim/seo-plugin-liveoptim-113-cross-site-request-forgery</loc>
<lastmod>2014-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpspx/wpspx-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor-pro/piotnet-addons-for-elementor-pro-7117-missing-authorization-to-arbitrary-postpage-deletion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-1574-file-upload-path-traversal</loc>
<lastmod>2021-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5953-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-revolution-of-a-slider-hero-slider-ecommerce-slider-3165-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-companion-21026-authenticated-contributor-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designo/designo-220-cross-site-request-forgery</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-feed/smash-balloon-instagram-feed-690-free-680-pro-authenticated-contributor-stored-cross-site-scripting-via-data-plugin-attribute</loc>
<lastmod>2025-05-28T16:22:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coins-marketcap/coins-marketcap-558-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-spotlight/employee-spotlight-511-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recencio-book-reviews/recencio-book-reviews-1660-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youmax-channel-embeds-for-youtube-businesses/youtube-video-grid-19-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-61-super-interactive-maps-19-super-logo-showcase-22-arbitrary-file-upload</loc>
<lastmod>2020-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-free/real-testimonials-216-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flex-mag/flex-mag-responsive-wordpress-news-theme-352-missing-authorization-to-authenticated-subscriber-arbitrary-option-deletion</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricetable/price-table-022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-01-27T11:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-settings/wordpress-custom-settings-10-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-4912-authenticated-admin-sql-injection</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-questions/wp-security-question-105-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-my-blog/print-my-blog-166-server-side-request-forgery</loc>
<lastmod>2019-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-188-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1290-unauthenticated-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-77-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-395-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-ups-edition/ltl-freight-quotes-tforce-edition-364-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-2450-authenticated-editor-stored-cross-site-scripting-via-form-prize-and-sharing-method-fields</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-loc8/ip-loc8-11-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donations-block/donation-block-for-paypal-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brandfolder/brandfolder-digital-asset-management-simplified-301-localremote-file-inclusion</loc>
<lastmod>2016-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wb-sticky-notes/sticky-notes-for-wp-dashboard-124-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-d3-tree/category-d3-tree-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-google-map-travel/ab-google-map-travel-ab-map-40-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yml-for-yandex-market/yml-for-yandex-market-5026-authenticated-shop-manager-remote-code-execution</loc>
<lastmod>2026-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/utech-world-time-for-wp/utech-world-time-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-responsive-gallery/portfolio-responsive-gallery-117-blind-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-member-directory/paid-memberships-pro-member-directory-add-on-126-authenticated-contributor-information-exposure</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-cross-site-request-forgery-to-afilliate-deletion</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-manager-for-enamad/logo-manager-for-enamad-072-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-organizer/plugin-organizer-1023-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protected/password-protected-password-protect-your-wordpress-site-pages-woocommerce-products-277-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-local-avatar/add-local-avatar-121-cross-site-request-forgery-via-manage_avatar_cache</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-and-user-login-4603-authenticated-privilege-escalation</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-22-unauthenticated-limited-options-update-via-failed-login</loc>
<lastmod>2026-01-06T19:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-product-labels-for-woocommerce/product-labels-for-woocommerce-153-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/exhibz/exhibz-309-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bubble-menu/bubble-menu-circle-floating-menu-402-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mesmerize-companion/mesmerize-companion-16158-missing-authorization-authenticated-subscriber-settings-update</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-manager-connector/emagicone-store-manager-for-woocommerce-125-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-05-23T14:33:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-html-page-sitemap/wp-html-page-sitemap-22-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nest-addons/nest-addons-163-unauthenticated-sql-injection</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-231-missing-authorization-checks</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-contect-editor-for-specific-template/disable-content-editor-for-specific-template-20-cross-site-request-forgery-to-template-configuration-update</loc>
<lastmod>2025-10-23T20:09:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-253-missing-authorization</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forym/forym-158-reflected-cross-site-scripting</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleverreach-wc/official-cleverreach-plugin-for-woocommerce-344-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-353-missing-authorization</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-for-woocommerce/fibosearch-1321-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-527-authenticated-admin-php-object-injection</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-by-azexo/page-builder-by-azexo-127133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2010-authenticated-cross-site-scripting</loc>
<lastmod>2018-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lis-video-gallery/lis-video-gallery-021-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-383-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3332-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/mixed-media-gallery-blocks-332-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/epic-church/epic-church-by-organized-themes-36-arbitrary-file-download</loc>
<lastmod>2014-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-3050-missing-authorization-to-unauthenticated-privilege-escalation</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-login-url-change/admin-login-url-change-115-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/abandoned-cart-recovery-for-woocommerce-by-autonami-211-missing-authorization</loc>
<lastmod>2022-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-searchable-data-entry-system/custom-searchable-data-entry-system-171-unauthenticated-database-wiping</loc>
<lastmod>2020-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trademe-widget/trademe-widgets-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-co-pilot-for-wp/ai-copilot-127-authenticated-contributor-information-exposure</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personalize-woocommerce-cart-page/personalized-woocommerce-cart-page-24-cross-site-request-forgery</loc>
<lastmod>2019-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrar-getnet-con-woo/getnet-argentina-para-woocommerce-001-004-authorization-bypass-via-webhook</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captchinoo-captcha-for-login-form-protection/captchinoo-admin-login-page-protection-with-google-recaptcha-24-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/service/service-104-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mementor-core/mementor-core-225-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-11-10T15:06:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multimedia-carousel/multimedia-responsive-carousel-with-image-video-audio-support-260-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-xml-feeds-for-woocommerce/product-xml-feed-manager-for-woocommerce-293-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boom-fest/boom-fest-221-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magazine-blocks/magazine-blocks-1315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-widget/content-blocks-custom-post-widget-339-authenticated-author-stored-cross-site-scripting-via-content_block-shortcode</loc>
<lastmod>2026-04-17T21:21:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-elements/hash-elements-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-535-missing-capabilities-check</loc>
<lastmod>2016-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-12-153-remote-code-execution</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classic-editor-and-classic-widgets/classic-editor-and-classic-widgets-141-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-missing-authorization-to-admin-account-and-ticket-creation</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codup-wp-freshsales/wordpress-to-freshsales-integration-1322-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-by-audioeye/accessibility-by-audioeye-1049-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timer-countdown/countdown-timer-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-responsive-faq/html5-responsive-faq-285-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hello-agency/hello-agency-105-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-a-meta-field-as-block/meta-field-block-151-insecure-direct-object-reference-to-authenticated-contributor-arbitrary-user-meta-exposure</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveaways-contests-by-promosimple/giveaways-and-contests-by-promosimple-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-clock-pro/time-clock-122-time-clock-pro-114-unauthenticated-limited-remote-code-execution</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-73-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-google-analytics-dashboard-for-wordpress-71-stored-cross-site-scripting</loc>
<lastmod>2018-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/infocus/infocus-33-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-472-arbitrary-page-modification</loc>
<lastmod>2017-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-design-icons-for-elementor/material-design-icons-for-page-builders-142-cross-site-request-forgery</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-by-elementor-90-authenticated-contributor-local-file-inclusion-via-widget-template-parameter</loc>
<lastmod>2026-04-15T17:56:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-1916-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobcareer/jobcareer-job-board-responsive-wordpress-theme-71-missing-authorization-to-authenticated-subscriber-multiple-administrative-actions</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userplus/userplus-20-unauthenticated-privilege-escalation</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/gutenberg-blocks-page-builder-comboblocks-2287-authenticated-contributor-stored-cross-site-scripting-via-accordion-block</loc>
<lastmod>2024-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/simple-calendar-3142-cross-site-request-forgery-to-transient-cache-clearing</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-free-paid-memberships-subscriptions-content-restriction-user-profile-custom-user-registration-login-builder-522-missing-authorization</loc>
<lastmod>2026-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3140-unauthenticated-information-disclosure-in-nf_ajax_submit-ajax-action</loc>
<lastmod>2026-02-09T20:41:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-external-links-in-a-new-window/external-links-in-new-window-new-tab-142-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-473-unauthenticated-sql-injection</loc>
<lastmod>2021-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-urls/export-all-urls-43-arbitrary-file-deletion</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-cpt-options-pages/advanced-custom-fields-cpt-options-pages-209-cross-site-request-forgery</loc>
<lastmod>2025-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kraken-image-optimizer/krakenio-image-optimizer-267-missing-authorization-to-authenticated-subscriber-plugin-options-update</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-user-registration-forms-plugin-6086-missing-authorization</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticketbai/ticketbai-facturas-para-woocommerce-321-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-327-cross-site-request-forgery</loc>
<lastmod>2019-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-595-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-247-missing-authorization-to-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxi-blocks/maxiblocks-2200-patterns-190-pages-142k-icons-100-styles-192-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-07-22T13:02:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-295-authorization-bypass</loc>
<lastmod>2020-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-elements/powerpack-pro-for-elementor-21017-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-06-07T16:16:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfrom-email/wpfrom-email-188-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostfact-bestelformulier-integratie/hostfact-bestelformulier-integratie-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:22:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-widget-creator/custom-widget-creator-105-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/globe-gateway-e4/global-gateway-e4-payeezy-gateway-20-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv2wpec-coupon/csv2wpec-coupon-11-arbitrary-file-upload</loc>
<lastmod>2016-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsolr-free/wpsolr-240-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pressmart/pressmart-modern-elementor-woocommerce-wordpress-theme-1216-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardgate/cardgate-payments-for-woocommerce-3115-lack-of-origin-validation</loc>
<lastmod>2020-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialdriver/socialdriver-2024-prototype-pollution</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schedulicity-online-appointment-booking/schedulicity-easy-online-scheduling-221-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/history-collection/history-collection-111-arbitrary-file-download</loc>
<lastmod>2015-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/salient-portfolio/salient-portfolio-182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-222-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-timelines/wp-timeline-vertical-and-horizontal-timeline-plugin-367-reflected-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/help-scout/help-scout-656-missing-authorization</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.3/wordpress-core-431-authenticated-cross-site-scripting</loc>
<lastmod>2015-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-366-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-by-elementor-90-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-04-15T17:57:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmcs-bridge/whmcs-bridge-61-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-clock-232-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-28T10:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice-bar/cookie-notice-bar-130-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-19T21:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libsyn-podcasting/libsyn-publisher-hub-144-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dailyedition/daily-edition-162-cross-site-scripting</loc>
<lastmod>2015-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vision/vision-interactive-171-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-631-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-1160-reflected-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-image-store/cp-image-store-with-slideshow-106-arbitrary-file-download</loc>
<lastmod>2015-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-626-reflected-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-file-upload-wc-pro/drag-and-drop-multiple-file-upload-pro-woocommerce-506-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3810-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-salesforce/integration-for-contact-form-7-and-salesforce-139-cross-site-request-forgery</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-time/countdown-timer-block-display-the-events-date-into-a-timer-124-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-377-insecure-direct-object-reference-to-authenticated-contributor-arbitrary-optimizer-data-deletionreadmodification-via-post_path-parameter</loc>
<lastmod>2026-06-30T14:57:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-admin-menu/custom-admin-menu-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailtree-log-mail/mailtree-log-mail-100-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yurl-retwitt/yurl-retwitt-14-cross-site-request-forgery</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posturl/add-post-url-210-cross-site-request-forgery</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filedownload/filedownload-14-blind-sql-injection</loc>
<lastmod>2015-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-114-authenticated-author-csv-injection</loc>
<lastmod>2020-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexo-countdown/flexo-counter-10001-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-making-json-ld/auto-making-json-ld-453-cross-site-request-forgery-to-plugin-certification-settings-via-nonce-validation-bypass</loc>
<lastmod>2026-05-26T17:23:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/section-widget/section-widget-331-unauthenticated-path-traversal</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-woocommerce-dynamic-pricing-and-discounts/elex-woocommerce-dynamic-pricing-and-discounts-212-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-ai-seo-tools-to-dominate-seo-rankings-10235-authenticated-contributor-stored-cross-site-scripting-via-rank-math-api</loc>
<lastmod>2025-02-12T16:21:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debt-calculator/debt-calculator-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dologin/dologin-security-37-missing-authorization-on-dashboard-widget</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-aggregator/wp-event-aggregator-182-reflected-cross-site-scripting</loc>
<lastmod>2025-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-simple-recaptcha/contact-form-7-captcha-011-reflected-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/tagdiv-cloud-library-27-missing-authorization-to-arbitrary-user-metadata-update</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-blacklist-cloud/ip-blacklist-cloud-500-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75417212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontier-post/frontier-post-61-cross-site-request-forgery</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendor-marketplace-solution-for-woocommerce-373-insecure-direct-object-reference</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consulting-elementor-widgets/consulting-elementor-widgets-130-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5320-reflected-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-factory/icons-factory-1612-missing-authorization-to-unauthenticated-arbitrary-file-deletion-via-delete_files-function</loc>
<lastmod>2025-08-14T20:15:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-structured-data-schema/wp-seo-structured-data-schema-2711-authenticated-contributor-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2025-05-07T17:42:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-roadmap/wp-roadmap-108-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5188-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xelion-webchat/xelion-webchat-910-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-04-23T19:47:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adstxt/adstxt-plugin-100-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-3520-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-304-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-wp_user_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-facebook-comments/wordpress-fancy-comments-1210-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lawyer-landing-page/lawyer-landing-page-127-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-url/include-url-035-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-get-contents/jsm-file_get_contents-shortcode-271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-search-by-my-solr-server/advanced-search-by-my-solr-server-205-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T20:29:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-support/svg-support-242-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-text-widget/enhanced-text-widget-163-missing-authorization-via-etw_hide_admin_notification_callback</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scw-bus-seat-reservation/bus-ticket-booking-with-seat-reservation-for-woocommerce-17-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nightlife/nightlife-theme-all-known-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloudflare-cache-purge/cloudflarer-cache-purge-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-489-and-492-authenticated-subscriber-directory-traversal-to-arbitrary-file-write-via-qcld_openai_upload_pagetraining_file</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-add-engaging-countdowns-timers-counters-to-your-wordpress-site-206-authenticated-administrator-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-330-authenticated-contributor-stored-cross-site-scripting-via-mf_last_name-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-logs-book/wp-logs-book-101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-importer/csv-importer-038-cross-site-request-forgery</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-328-reflected-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/truemag/truemag-unknown-versions-reflected-cross-site-scripting</loc>
<lastmod>2016-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-241209-reflected-cross-site-scripting</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-event-booking/awesome-event-booking-272-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chart-generator/wp-chart-generator-104-authenticated-contributor-stored-cross-site-scripting-via-wpchart-shortcode</loc>
<lastmod>2025-08-11T14:04:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoloblocks/zoloblocks-2311-unauthenticated-sever-side-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/samandehi-logo-manager/logo-manager-for-samandehi-05-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-bookshelves/library-bookshelves-58-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acurax-social-media-widget/social-media-widget-22-stored-cross-site-scripting</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-app-structured-data-for-schemaorg/schema-app-structured-data-220-cross-site-request-forgery</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carter-elementor/carter-for-elementor-102-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-603-authenticated-contributor-stored-cross-site-scripting-via-wrapper_class-and-class-parameters</loc>
<lastmod>2024-08-29T14:54:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-218-reflected-cross-site-scripting</loc>
<lastmod>2023-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/celestial-aura/celestial-aura-22-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-bulk-edit/astra-bulk-edit-127-missing-authorization</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-blogster-lite/video-blogster-lite-12-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-55-unauthorized-password-reset-via-interception</loc>
<lastmod>2017-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-2912-authenticated-contributor-stored-cross-site-scripting-via-premium-magic-scroll-module</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-twitter-feed/peadigs-twitter-feed-embedded-timeline-wordpress-plugin-22-reflected-cross-site-scripting</loc>
<lastmod>2010-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-bbpress-attachments/gd-bbpress-attachments-23-directory-traversal</loc>
<lastmod>2015-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/context-blog/context-blog-125-unauthenticated-private-post-disclosure</loc>
<lastmod>2026-02-17T16:33:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm2go/crm-2go-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-playlist/wp-video-playlist-112-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mhr-custom-anti-copy/mhr-custom-anti-copy-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nimble-builder/nimble-page-builder-321-reflected-cross-site-scripting</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-2110-local-file-inclusion</loc>
<lastmod>2015-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1155-reflected-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0955-reflected-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-toolkit/uncanny-toolkit-for-learndash-3701-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radykal-fancy-gallery/radykal-fancy-gallery-124-arbitrary-file-upload</loc>
<lastmod>2012-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepact-klaviyo-contact-form-7/sitepacts-contact-form-7-extension-for-klaviyo-105-unauthenticated-sql-injection</loc>
<lastmod>2024-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-icons-widget-by-wpzoom/social-icons-widget-block-4217-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-410-unauthenticated-information-disclosure</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-import-ultimate-csv-xml-importer-for-wordpress-733-missing-authorization-to-authenticated-author-sensitive-information-exposure</loc>
<lastmod>2025-11-11T20:07:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-envoy/push-envoy-notifications-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-controller/block-controller-143-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-content/private-content-8115-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-testimonial-carousel-for-elementor/advanced-testimonial-carousel-for-elementor-300-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-attempts-limit-wp/login-and-registration-attempts-limit-21-cross-site-request-forgery</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-jquery-image-gallery/slideshow-2113-cross-site-scripting-and-sensitive-information-disclosure</loc>
<lastmod>2012-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4992-authenticated-privilege-escalation</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4997-reflected-cross-site-scripting-via-to-parameter</loc>
<lastmod>2025-03-21T16:21:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversation-watson/chatbot-with-ibm-watson-0821-cross-site-scripting</loc>
<lastmod>2020-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ql-cost-calculator/cost-calculator-74-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-shortcodes/themify-shortcodes-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stagtools/stagtools-238-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup4phone/popup4phone-132-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-652-server-side-request-forgery</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-217-reflected-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-photo-feed-widget/widgets-for-social-photo-feed-179-unauthenticated-stored-cross-site-scripting-via-feed_data</loc>
<lastmod>2026-04-03T19:57:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-collections/docket-woocommerce-collections-wishlist-watchlist-170-missing-authorization-to-unauthenticated-arbitrary-postpage-deletion</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9320-unauthenticated-sql-injection</loc>
<lastmod>2025-08-15T14:57:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audiotube/audiotube-003-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:20:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-member-subscriptions-2159-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onoffice-for-wp-websites/onoffice-for-wp-websites-651-authenticated-editor-sql-injection</loc>
<lastmod>2025-10-14T19:47:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-guest-post/really-simple-guest-post-106-local-file-inclusion</loc>
<lastmod>2015-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dejavu/dejavu-24-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woorewards/myrewards-loyalty-points-and-rewards-for-woocommerce-561-missing-authorization-to-authenticated-subscriber-arbitrary-loyalty-rule-modification</loc>
<lastmod>2026-02-03T19:44:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-security/siteground-security-158-missing-authorization</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-manager-powered-by-behance/behance-portfolio-manager-175-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collect-and-deliver-interface-for-woocommerce/cdi-553-authenticated-shop-manager-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-64-super-interactive-maps-21-sql-injection</loc>
<lastmod>2021-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-and-projects/essentialplugin-plugins-various-versions-injected-backdoor</loc>
<lastmod>2026-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-audio-player/ws-audio-player-118-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-address-blocker/ip-blocker-lite-1111-ip-spoofing</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-20218-reflected-cross-site-scripting</loc>
<lastmod>2021-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-collections/docket-woocommerce-collections-wishlist-watchlist-170-unauthenticated-sql-injection</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-fields-to-media/add-custom-fields-to-media-203-cross-site-request-forgery-to-custom-field-deletion-via-delete-parameter</loc>
<lastmod>2026-03-18T18:16:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/markup-markdown/markup-markdown-3206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-logs-book/wp-logs-book-101-cross-site-request-forgery-to-log-disabling</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-countdown-widget/wordpress-countdown-widget-3191-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-shortcode/contact-form-with-shortcode-425-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-23519-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-management/wpchurch-church-management-system-for-wordpress-theme-13-07-2019-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yasr-yet-another-stars-rating-091-authenticated-sql-injection</loc>
<lastmod>2015-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-business-manager/simple-business-manager-4674-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recover-wc-abandoned-cart/recover-abandoned-cart-for-woocommerce-25-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-bottom-menu-for-wp/wp-mobile-bottom-menu-140-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-portfolio-grid/advance-portfolio-grid-1076-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-rename-media-on-upload/auto-rename-media-on-upload-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/appointment-and-event-booking-calendar-for-wordpress-amelia-1049-arbitrary-booking-update-and-sensitive-data-exposure</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360deg-javascript-viewer/360-javascript-viewer-1711-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-contact-form/very-simple-contact-form-115-captcha-bypass</loc>
<lastmod>2022-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-add-on/contact-form-7-paypal-stripe-add-on-23-reflected-cross-site-scripting</loc>
<lastmod>2024-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-250-unauthenticated-improper-output-neutralization-for-logs-via-log_js_errors-ajax-action</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propovoice/propovoice-crm-178-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prowess/prowess-181-missing-authorization</loc>
<lastmod>2026-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taxonomy-chain-menu/taxonomy-chain-menu-108-authenticated-contributor-stored-cross-site-scripting-via-pn_chain_menu-shortcode</loc>
<lastmod>2025-05-01T15:09:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-businessdirectory/wp-businessdirectory-business-directory-plugin-for-wordpress-400-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/update-alt-attribute/update-image-tag-alt-attribute-245-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1334-csv-injection</loc>
<lastmod>2020-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badr-naver-syndication/naver-syndication-v2-083-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-manager/table-manager-100-authenticated-contributor-sensitive-information-exposure-via-table-shortcode-attribute</loc>
<lastmod>2026-04-21T19:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3433-authenticated-sendwp-plugin-installation-and-client-secret-key-disclosure</loc>
<lastmod>2021-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xen-carousel/xen-carousel-0122-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-699-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cart-all-in-one/cart-all-in-one-for-woocommerce-1121-authenticated-administrator-code-injection-via-sc_assign_page-setting</loc>
<lastmod>2026-02-17T18:22:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-214-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-416-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-users/email-users-482-reflected-cross-site-scripting</loc>
<lastmod>2016-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/infocus/infocus-33-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-elementor-addons/tutor-lms-elementor-addons-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-1151-reflected-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-contact-info-widget/contact-info-widget-262-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-261-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ungapped-widgets/ungapped-widgets-1-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T15:27:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-spam-by-math-reloaded/block-spam-by-math-reloaded-224-missing-authorization</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-127-missing-authorization-via-formcraft_nag_update</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linear/linear-2712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:02:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-filter-gallery/portfolio-gallery-image-gallery-plugin-112-cross-site-request-forgery</loc>
<lastmod>2020-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-532-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/while-it-is-loading/while-loading-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/like-dislike-voting/like-dislike-voting-101-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-11T14:23:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-templates-for-elementor/custom-post-type-templates-for-elementor-1101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-10466-authenticated-admin-arbitrary-directory-deletion</loc>
<lastmod>2025-01-24T18:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wbounce/wbounce-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-561-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-07-02T18:45:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twimp-wp/twimp-wp-01-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loan-comparison/loan-comparison-151-reflected-cross-site-scripting</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-file-duplicator/theme-file-duplicator-13-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-buttons-for-elementor/magic-buttons-for-elementor-10-authenticated-contributor-stored-cross-site-scripting-via-magic-button-shortcode</loc>
<lastmod>2025-07-01T14:56:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-elementor-wordpress-beaver-builder-templates-421-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3303-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onlyoffice-docspace/onlyoffice-docspace-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery-voting/nextgen-gallery-voting-275-authenticated-admin-sql-injection</loc>
<lastmod>2014-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-1589-authenticatedcontributor-remote-code-execution-via-template-import</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fancybox/wordpress-fancybox-102-stored-cross-site-scripting</loc>
<lastmod>2020-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/maxbuttons-1261-reflected-cross-site-scripting</loc>
<lastmod>2014-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elevio/elevio-441-cross-site-request-forgery</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/follow-me/follow-me-plugin-311-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ivysilani-shortcode/ivysilani-shortcode-30-authenticated-contributor-stored-cross-site-scripting-via-width-shortcode-attribute</loc>
<lastmod>2026-03-20T15:18:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-external-attachments/import-external-attachments-1512-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formassembly-web-forms/wp-formassembly-2011-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-17T15:41:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-772-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hls-crm-form-shortcode/helloleads-crm-form-shortcode-10-missing-authorization-to-unauthenticated-settings-reset</loc>
<lastmod>2025-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced-shortcode/advanced-file-manager-shortcode-253-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yellow-pencil-visual-theme-customizer/visual-css-style-editor-753-reflected-cross-site-scripting-via-wyp_page_type-parameter</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-web-share-button/share-buttons-social-media-102-authenticated-contributor-sql-injection</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/corpkit/corpkit-20-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/techlife-cpt/tech-life-cpt-164-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vocal/vocal-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hester/hester-1110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-701-arbitrary-file-upload</loc>
<lastmod>2020-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-138-reflected-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recently-viewed-most-viewed-and-sold-products-for-woocommerce/recently-11-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creavi-booking-service/appointment-booking-calendar-144-authenticated-author-stored-cross-site-scripting-via-custom-booking-field-label</loc>
<lastmod>2026-06-18T16:09:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_save_state</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-music-player-podcast-player-radio-by-sonaar-53-510-authenticated-author-server-side-request-forgery</loc>
<lastmod>2026-02-13T20:09:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-list-widget/simple-link-list-widget-032-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-accessibility-helper/wp-accessibility-helper-0606-reflected-cross-site-scripting-via-wahi</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodlayers-core/goodlayers-core-209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-core/avada-core-5150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-for-woocommerce/subscriptions-for-woocommerce-1810-missing-authorization</loc>
<lastmod>2026-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/domnoo/domnoo-149-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-post-docx-source/seraphinite-post-docx-source-2169-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-restrict-member-access-to-content-courses-communities-free-or-paid-subscriptions-2591-cross-site-scripting</loc>
<lastmod>2021-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/wzone-14100-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility/accessibility-102-authenticated-administrator-stored-cross-site-scritping</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-21210-cross-site-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21124-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1393-unauthenticated-ip-spoofing</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/circle-image-slider-with-lightbox/team-circle-image-slider-with-lightbox-1017-reflected-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-383-missing-authorization-to-unauthenticated-payment-status-update</loc>
<lastmod>2025-10-24T16:53:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/gallery-image-and-video-gallery-with-thumbnails-199-reflected-cross-site-scripting</loc>
<lastmod>2022-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-317-cross-site-scripting</loc>
<lastmod>2021-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/viable-blog/viable-blog-114-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gmappity-easy-google-maps/google-maps-made-simple-06-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-654-cross-site-request-forgery</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-596-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2021-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amwerk/amwerk-120-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloasso/helloasso-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1415-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shoutbox-live-chat/steveas-wp-live-chat-shoutbox-142-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery-via-uucss_update_rule</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-formerly-woolentor-287-missing-authorization-via-purchased_new_products</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41069-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-03T18:50:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-survey/perfect-survey-152-cross-site-request-forgery</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/create-block-theme/create-block-theme-121-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ses/guzzlehttppsr7-191-245-interpretation-conflict</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-store-toolkit/store-toolkit-for-woocommerce-156-missing-authorization</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5611-authenticated-contributor-stored-cross-site-scripting-via-onclick-events</loc>
<lastmod>2024-06-11T19:14:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-leads-builder-any-crm/lead-form-data-collection-to-crm-31-missing-authorization-to-authenticated-subscriber-many-actions</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-estate/opal-estate-1611-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alemha-watermark/alemha-watermarker-131-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sf-booking/service-finder-bookings-61-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-10-31T18:15:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-230-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-stripe-and-woocommerce-integration/stripe-payment-plugin-for-woocommerce-379-unauthenticated-sql-injection</loc>
<lastmod>2024-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-powerplaygallery/powerplay-gallery-33-arbitrary-file-upload</loc>
<lastmod>2015-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-333-missing-authorization-to-authenticated-subscriber-arbitrary-attachment-taxonomy-modification</loc>
<lastmod>2026-03-04T16:31:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popupally/popupally-211-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/woocommerce-affiliate-plugin-coupon-affiliates-41134-cross-site-request-forgery</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylist/extra-block-design-style-css-for-any-gutenberg-blocks-026-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-216-missing-authorization-to-authenticated-student-privilege-escalation-to-administrator</loc>
<lastmod>2026-03-25T12:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-plus/grid-plus-unlimited-grid-layout-135-unauthenticated-arbitrary-shortcode-execution-via-grid_plus_load_by_category</loc>
<lastmod>2024-12-11T15:38:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parsian-bank-gateway-for-woocommerce/parsian-bank-gateway-for-woocommerce-10-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-testimonial/gs-testimonial-slider-314-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-412-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rezo/multiple-themify-themes-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-plugin-1223-sensitive-information-disclosure</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ampedsense-adsense-split-tester/ampedsense-adsense-split-tester-468-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-771-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedweb/feedweb-3010-missing-authorization</loc>
<lastmod>2015-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice-consent/cookie-notice-consent-164-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-452-cross-site-scripting-via-pluploadflashswf</loc>
<lastmod>2016-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-219-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-gallery/gallery-manager-1512-cross-site-scripting</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-291-missing-authorization</loc>
<lastmod>2026-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-296-authenticated-administrator-directory-traversal</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-power/affiliate-power-sales-tracking-for-affiliate-marketers-220-reflected-cross-site-scripting</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swiftninjapro-inspect-element-console-blocker/developer-tools-blocker-321-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-mask/content-mask-184-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2022-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/drag-and-drop-multiple-file-upload-for-woocommerce-114-unauthenticated-arbitrary-file-move</loc>
<lastmod>2025-04-04T18:15:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-surveys/awesome-surveys-2010-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-popups/newspack-campaigns-2311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertplug/convertplug-342-unauthenticated-administrator-creation</loc>
<lastmod>2019-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/splide-carousel/splide-carousel-block-171-authenticated-contributor-stored-cross-site-scripting-via-url-block-attribute</loc>
<lastmod>2026-05-26T13:53:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream/stream-381-admin-sql-injection</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-343-unauthenticated-php-object-injection-via-form-entry-metadata</loc>
<lastmod>2026-04-07T11:35:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medicenter/medicenter-health-medical-clinic-wordpress-theme-149-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defender-security/defender-security-472-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-157-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-docs/smart-docs-111-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:34:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/os-bxslider/os-bxslider-26-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-log-action/wp-log-action-051-reflected-cross-site-scripting</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-buttons-for-taxonomies/radio-buttons-for-taxonomies-205-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-product-inquiry/fs-product-inquiry-111-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/membership-plugin-restrict-content-3222-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3106-authenticated-contributor-stored-cross-site-scripting-via-ms_layer-shortcode</loc>
<lastmod>2025-03-04T21:15:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-for-woocommerce-along-with-bookings-subscription-listings-compatible-6716-missing-authorization-to-unauthenticated-plugin-settings-modification</loc>
<lastmod>2025-07-08T11:13:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-books-showcase/gs-books-showcase-130-authenticator-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-245-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beeteam368-extensions-pro/beeteam368-extensions-pro-234-authenticated-subscriber-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2025-06-27T14:30:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-301-authenticated-author-server-side-request-forgery</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-engine/code-engine-032-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-019-missing-authorization</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aawp-obfuscator/aawep-obfuscator-10-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-slideshow/portfolio-slideshow-1130-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/total/total-2159-missing-authorization-to-authenticated-subscriber-sections-update</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-338-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-856-missing-authorization-via-restore_records</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2742-authenticated-contributor-stored-cross-site-scripting-via-icon-widget</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack-debug-helper/jetpack-debug-tools-200-missing-authorization</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-signup-form/simple-signup-form-165-authenticated-contributor-sql-injection</loc>
<lastmod>2025-02-17T15:47:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editorial-rating/editorial-rating-405-authenticated-administrator-stored-cross-site-scripting-via-link-url-field</loc>
<lastmod>2026-06-29T16:17:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-cpt-cusom-taxonomy-ct-manager/custom-post-type-and-taxonomy-gui-manager-11-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-addons-for-elementor/skt-addons-for-elementor-18-authenticated-contributor-stored-cross-site-scripting-via-widget-page-title</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-450-authenticated-stored-cross-site-scripting-via-title</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3220-missing-authorization</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zweb-social-mobile/zweb-social-mobile-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-24T19:08:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-in-comment/shortcode-in-comment-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearfy/clearfy-cache-232-cross-site-request-forgery</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-228-unprotected-ajax-action-to-storedreflected-cross-site-scripting</loc>
<lastmod>2020-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5259-cross-site-request-forgery</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pica-photo-gallery/pica-photo-gallery-10-sql-injection</loc>
<lastmod>2017-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-cross-site-request-forgery-to-product-manipulation</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-privacy/embed-privacy-180-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.2/wordpress-core-222-cross-site-scripting</loc>
<lastmod>2007-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gp-unique-id/gp-unique-id-155-unauthenticated-form-submission-unique-id-modification</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-bulk-assign-linked-products/bulk-assign-linked-products-for-woocommerce-21-missing-authorization</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-form/formflow-2121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-marketplace-4025-missing-authorization</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brid-video-easy-publish/target-video-easy-publish-388-authenticated-contributor-stored-cross-site-scripting-via-placeholder_img-parameter</loc>
<lastmod>2026-01-27T17:12:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-event-registration-plugin-2122-authenticated-contributor-sql-injection</loc>
<lastmod>2024-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/wp-simple-html-sitemap-22-reflected-cross-site-scripting-via-id</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-3753-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-240315-limited-privilege-escalation</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-387-reflected-cross-site-scripting</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publish-post-email-notification/publish-post-email-notification-1023-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-payment/simple-payment-237-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpfulcrowd-product-reviews/helpfulcrowd-product-reviews-129-inccorect-authorization-via-type-juggling-in-token-parameter-to-arbitrary-settings-update</loc>
<lastmod>2026-06-08T15:04:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-posts/wp-video-posts-351-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-171-unauthenticated-sql-injection</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp/wp-chat-app-368-missing-authorization-to-authenticated-subscriber-filebird-plugin-installation</loc>
<lastmod>2024-11-15T15:25:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webcam-2way-videochat/2way-videocalls-and-random-chat-html5-webcam-videochat-527-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tuturn/tuturn-36-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-1261-authenticated-administrator-stored-cross-site-scripting-via-widget</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-bootstrap-carousel/slider-bootstrap-carousel-107-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-21T19:06:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-56-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/katelyn/katelyn-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide-puzzle/slide-puzzle-100-reflected-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yozi/yozi-2063-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ut-shortcodes/shortcodes-by-united-themes-505-reflected-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-tynt/easy-tynt-0251-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wp-smart-import-import-any-xml-file-to-wordpress-112-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-donation/accept-stripe-donation-aidwp-315-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/live-streaming-broadcast-live-video-5515-missing-authorization-to-unauthenticated-remote-code-execution</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quiz/wp-quiz-2010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-376-missing-authorization-to-authenticated-subscriber-posts-and-media-creation-modification-and-deletion</loc>
<lastmod>2026-01-05T19:29:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riaxe-product-customizer/riaxe-product-customizer-212-missing-authorization-to-unauthenticated-arbitrary-options-update-to-privilege-escalation-via-install-imprint-ajax-action</loc>
<lastmod>2026-04-15T16:45:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-sphere/wp-photo-sphere-38-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swoop-password-free-authentication/1-click-login-passwordless-authentication-145-authentication-bypass-via-account-takeover</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-mounty/the-mounty-hiking-campground-children-camping-wordpress-theme-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-396-reflected-cross-site-scripting</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiritual-gifts-survey/spiritual-gifts-survey-0910-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-invoice/web-invoice-213-authenticated-sql-injection</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/contact-form-survey-popup-form-plugin-for-wordpress-arforms-form-builder-15-cross-site-scripting</loc>
<lastmod>2021-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2314-missing-authorization</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-2216-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invitation-based-registrations/invitation-based-registrations-2284-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-filester-186-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-cross-site-request-forgery-via-handlesubmitaction-function</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grou-random-image-widget/grou-random-image-widget-118-full-path-disclosure</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-550-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modify-profile-fields-dashboard-menu-buttons/profile-dashboard-fields-103-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publishpress-authors/publishpress-authors-475-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pjw-mime-config/pjw-mime-config-10-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-15T15:01:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-replace-image/easy-replace-image-352-missing-authorization-to-authenticated-contributor-arbitrary-attachment-replacement</loc>
<lastmod>2026-01-27T17:10:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-anti-fraud/woocommerce-anti-fraud-32-insecure-direct-object-reference</loc>
<lastmod>2020-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-news-slider/image-news-slider-32-unspecified-vulnerability</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-genix-lite/support-genix-1423-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-plus-comments/google-comments-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1840-authenticated-contributor-sql-injection-via-order_by-shortcode-attribute</loc>
<lastmod>2026-05-27T19:36:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite-pro/pixelyoursite-pro-12501-unauthenticated-blind-server-side-request-forgery-via-urls-parameter</loc>
<lastmod>2026-05-01T16:53:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/distance-based-shipping-calculator/distance-based-shipping-calculator-2023-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adirectory/adirectory-13-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-382-cross-site-request-forgery-via-handle_optin_optout</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-cross-site-request-forgery-to-record-deletion</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getgenie/getgenie-ai-content-writer-with-keyword-research-seo-tracking-441-unauthenticated-information-exposure</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-community-and-user-profile-wordpress-plugin-5110-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-06-13T19:48:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1192-stored-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-382-authorization-bypass</loc>
<lastmod>2015-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/n7-golf-club/n7-golf-club-sports-events-2160-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/panda-pods-repeater-field/panda-pods-repeater-field-1512-missing-authorization</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wow-media-library-fix/fix-media-library-20-unauthenticated-information-exposure</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-analytics/wp-search-analytics-1410-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T19:40:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1718-missing-authorization</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-page-extensions/custom-page-extensions-06-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0970-authenticated-arbitrary-file-read</loc>
<lastmod>2022-04-07T10:08:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ean-payment-gateway/woocommerce-ean-payment-gateway-610-missing-authorization-to-authenticated-contributor-ean-update</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-multi-view-calendar/cp-multi-view-event-calendar-1436-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-20503-sql-injection</loc>
<lastmod>2017-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-305-improper-authorization-to-information-disclosure</loc>
<lastmod>2011-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_add_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microtango/microtango-0929-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-10T20:03:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-categories/media-library-categories-111-unauthenticated-multiple-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carspot/carspot-dealership-wordpress-classified-theme-223-stored-cross-site-scripting</loc>
<lastmod>2020-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-woocommerce-email-designer/kadence-woocommerce-email-designer-1516-authenticated-shop-manager-arbitrary-options-update</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-play-button/spotify-play-button-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mixlr-shortcode/mixlr-shortcode-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:23:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-861-stored-cross-site-scripting-via-vc_custom_heading-shortcode</loc>
<lastmod>2025-10-14T17:32:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-to-pdf/post-to-pdf-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filepicker-media-uploader/filestack-208-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-17T16:17:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-publications-by-supsystic/digital-publications-by-supsystic-173-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automated-editor/automated-editor-13-cross-site-request-forgery-via-admin-menu-pages</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-css-and-js/add-custom-css-and-js-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-original-media-path/wp-original-media-path-240-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-role/user-role-155-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-513-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-stop-words/social-media-wpcf7-stop-words-113-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-11-03T15:34:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-cursors/wp-custom-cursors-30-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flytedesk-digital/flytedesk-digital-20181101-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookiechoise/wp-cookie-choice-110-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kleo/kleo-550-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-xendit-virtual-accounts/xendit-payment-602-missing-authorization-to-unauthenticated-arbitrary-order-status-update-to-paid</loc>
<lastmod>2026-02-03T19:31:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/which-template-file/which-template-file-480-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-set-slideshows/flickr-set-slideshows-09-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-251-authenticated-contributor-stored-cross-site-scripting-via-pricing-widgets</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/products-file-upload-for-woocommerce/product-file-upload-for-woocommerce-224-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auphonic-importer/auphonic-importer-151-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posts-carousel/wp-posts-carousel-1310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/info-cards/info-cards-207-authenticated-contributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-newsletter-signups/easy-newsletter-signups-104-authenticated-admin-sql-injection</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/batch-cat/batch-cat-03-missing-authorization</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipages-flipbook/ipages-flipbook-150-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiparcels-shipping-for-woocommerce/multiparcels-shipping-for-woocommerce-1153-reflected-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-rat-collect/fat-rat-collect-260-missing-authorization</loc>
<lastmod>2023-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-postpix/ai-image-generator-for-your-content-featured-images-ai-postpix-118-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noo-visionary-core/visionary-core-149-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-demo-importer/easy-demo-importer-a-modern-one-click-demo-import-solution-112-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-03T21:05:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-business-700-790-and-developer-2000-2090-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seedprod-coming-soon-pro-5/seedprod-pro-6195-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-fussball-de-widgets/include-fussballde-widgets-400-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-reviews-import-export-for-woocommerce/webtoffee-plugins-various-versions-arbitrary-user-creation</loc>
<lastmod>2020-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-free-flat-shipping-woocommerce/advanced-flat-rate-shipping-woocommerce-1644-cross-site-request-forgery-via-enabledisable-and-deletepost</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subtitle/wp-subtitle-341-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-792-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-image-crop-add-on/advanced-custom-fields-image-crop-add-on-1412-improper-authorization</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-855-reflected-cross-site-scripting-via-product-editing</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-12-modules-all-in-one-solution-formerly-woolentor-283-authenticated-contributor-stored-cross-site-scripting-via-wl-universal-product-layout</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/simpolio/simpolio-fullscreen-portfolio-blog-html-theme-132-arbitrary-options-update</loc>
<lastmod>2015-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userspn/users-manager-pn-1115-unauthenticated-privilege-escalation-via-account-takeover-via-userspn_form_save-ajax-action</loc>
<lastmod>2026-04-07T15:32:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-flight-radar/live-flight-radar-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2518-reflected-cross-site-scripting</loc>
<lastmod>2018-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more-excerpt-link/read-more-excerpt-link-15-cross-site-request-forgery</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amuli/amuli-230-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-product-frontend-for-woocommerce/add-product-frontend-for-woocommerce-106-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beebee-mini/beebee-mini-120-unauthorized-file-upload-via-acf</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vayu-blocks/vayu-blocks-gutenberg-blocks-for-wordpress-woocommerce-104-121-missing-authorization-to-unauthenticated-limited-arbitrary-options-update</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scancircle/scancircle-292-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-274-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-420-reflected-cross-site-scripting</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-727-missing-authorization-checks</loc>
<lastmod>2021-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fullcalendar/wp-fullcalendar-141-missing-authorization-to-information-disclosure</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-zendesk/wp-zendesk-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-115-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-02T20:39:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/force-first-last/force-first-and-last-name-as-display-name-12-cross-site-request-forgery</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-provider/wp-oauth-server-425-authenticated-subscriber-arbitrary-client-deletion-wo_ajax_remove_client</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-72-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-311-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-51030-unauthenticated-authentication-bypass-to-arbitrary-review-submission-via-key-parameter</loc>
<lastmod>2026-04-09T12:26:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress/sportspress-2726-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2026-02-03T19:45:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-icons-widget-by-wpzoom/social-icons-widget-block-by-wpzoom-4215-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3210-basic-information-exposure-via-rest-route</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjournal/wp-journal-11-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preserve-code-formatting/preserve-code-formatting-401-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kiddy/kiddy-208-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-reply-notification/comment-reply-notification-14-cross-site-request-forgery</loc>
<lastmod>2023-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderm00ns-simple-facebook-open-graph-tags/open-graph-and-twitter-card-tags-2241-reflected-cross-site-scripting</loc>
<lastmod>2018-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsite-background-takeover/wp-background-takeover-415-directory-traversal</loc>
<lastmod>2018-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-preloader/easy-preloader-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-rating-with-custom-login/ajax-rating-with-custom-login-11-unauthenticated-sql-injection</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-wp-image-gallery/awesome-wp-image-gallery-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/avantage/avantage-249-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3352-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-08T13:33:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-responsive-image-gallery/simple-image-gallery-106-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T12:43:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mww-disclaimer-buttons/mww-disclaimer-buttons-302-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-songbook/wp-songbook-2011-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-ticker/stock-ticker-3244-authenticated-contributor-stored-cross-site-scripting-via-stock_ticker-shortcode</loc>
<lastmod>2024-06-28T18:15:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19120-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/geo-controller-873-missing-authorization-to-authenticated-subscriber-menu-creationdeletion</loc>
<lastmod>2024-09-04T21:33:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-4811-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gbi-to-print/gbi-to-print-10-authenticated-contributor-stored-cross-site-scripting-via-div-shortcode-attribute</loc>
<lastmod>2026-05-26T17:21:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-designer/product-designer-1036-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-20T13:35:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-630-authenticated-sql-injection</loc>
<lastmod>2020-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-101410-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-08T19:08:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uptime-robot-monitor/uptime-robot-plugin-for-wordpress-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19952-authenticated-student-arbitrary-file-upload</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-shortlink/shortlink-by-bestwebsoft-153-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-management-xtended/admin-management-xtended-244-cross-site-request-forgery-to-post-status-update</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/endless-posts-navigation/endless-posts-navigation-229-missing-authorization</loc>
<lastmod>2026-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-engagement/slickstream-engagement-and-conversions-144-authenticated-contributor-stored-cross-site-scripting-via-slick-grid-shortcode</loc>
<lastmod>2024-11-11T18:17:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-redirect/shortcode-redirect-1001-cross-site-scripting</loc>
<lastmod>2012-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-222-open-redirect</loc>
<lastmod>2007-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-time-clock-lite/all-in-one-time-clock-lite-tracking-employee-time-has-never-been-easier-203-missing-authorization-to-page-creation-and-information-exposure</loc>
<lastmod>2025-11-03T16:00:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shouty/shouty-021-authenticated-contributor-stored-cross-site-scripting-via-shouty-shortcode-attributes</loc>
<lastmod>2025-11-26T14:21:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-status-for-woocommerce/additional-custom-order-status-for-woocommerce-160-reflected-cross-site-scripting</loc>
<lastmod>2024-12-03T21:03:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1304-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360crest-themeone-tinymce-shortcodes/tinymce-shortcode-addon-100-authenticated-contributor-stored-cross-site-scripting-via-btnrel-shortcode-attribute</loc>
<lastmod>2026-06-08T15:07:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mingle-forum/mingle-forum-10333-sql-injection</loc>
<lastmod>2013-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-confirmation-email/user-email-verification-for-woocommerce-350-reflected-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-3071-stored-cross-site-scripting</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-302-missing-authorization-to-unauthenticated-plugins-settings-modification</loc>
<lastmod>2026-02-18T14:59:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-464-cross-site-request-forgery</loc>
<lastmod>2017-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-widget-elementor/void-contact-form-7-widget-for-elementor-page-builder-24-authenticated-contributor-stored-cross-site-scripting-via-cf7_redirect_page-attribute</loc>
<lastmod>2024-07-01T15:08:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-4222-sql-injection</loc>
<lastmod>2017-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/handl-utm-grabber/handl-utm-grabber-tracker-264-cross-site-request-forgery</loc>
<lastmod>2019-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-464-missing-authorization</loc>
<lastmod>2021-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifepress/lifepress-221-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-reply-email/comment-reply-email-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traveler-code/traveler-code-311-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/listing-classified-ads-business-directory-ulisting-208-cross-site-request-forgery</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-maker/tabs-maker-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:53:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-2122-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-172-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-06T15:08:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5915-authenticated-contributor-stored-cross-site-scripting-via-filterable-gallery-interactive-circle</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-412-membership-privilege-escalation</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popping-sidebars-and-widgets-light/popping-sidebars-and-widgets-light-127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-geo/wp-geo-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-428-reflected-cross-site-scripting-via-cntctfrm_contact_subject</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/five9/five9-live-chat-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:25:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-slider/carousel-slider-229-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/vr-8548-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kelly-young/kelly-young-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-and-gallery-plugin/post-video-players-1159-cross-site-request-forgery-via-cincopa_mp_mt_options_page</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-to-301/404-to-301-230-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2016-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-voting-contest/voting-contest-58-missing-authorization</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raychat/raychat-210-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voting-record/voting-record-20-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1382-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiger-form/tiger-forms-200-reflected-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-live-automated-evergreen-webinar-system-also-for-woocommerce-408253-unauthenticated-privilege-escalation</loc>
<lastmod>2026-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/league-of-legends-rotation/wp-lol-rotation-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-best-wordpress-seo-plugin-easily-improve-seo-rankings-increase-traffic-460-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-easy-allopass/wp-easy-allopass-411-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1611-authenticated-contributor-stored-cross-site-scripting-via-siteorigin-blog-widget</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-files-upload-woocommerce/checkout-files-upload-for-woocommerce-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-store-locator/themify-store-locator-119-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-198-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-1305-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tock-widget/tock-widget-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progress-planner/progress-planner-190-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2429-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/history-log-by-click5/history-log-by-click5-1012-authenticatedadministrator-time-based-blind-sql-injection</loc>
<lastmod>2023-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-connect/social-connect-12-authentication-bypass</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cssigniter-shortcodes/cssigniter-shortcodes-241-authenticated-contributor-stored-cross-site-scripting-via-element-shortcode-attribute</loc>
<lastmod>2025-12-02T14:20:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-525-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-store-toolkit/woocommerce-store-toolkit-243-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formassembly-web-forms/wp-formassembly-208-limited-server-side-request-forgery-via-formassembly-shortcode</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-newsletter-signups/easy-newsletter-signups-104-missing-authorization</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9200-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robin-image-optimizer/robin-image-optimizer-202-authenticated-author-stored-cross-site-scripting-via-image-alternative-text-field</loc>
<lastmod>2026-02-04T19:32:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-screen-manager/login-screen-manager-352-cross-site-request-forgery</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/story-chief/storychief-1030-reflected-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-advanced-qtranslate-fix-editor-problems/tinymce-advanced-qtranslate-fix-editor-problems-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-137-reflected-cross-site-scripting</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-play-button-for-wordpress/sptify-play-button-for-wordpress-205-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-22-multiple-sql-injections</loc>
<lastmod>2013-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogintroduction-wordpress-plugin/blog-introduction-030-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uni-woo-custom-product-options-premium/product-options-and-price-calculation-formulas-for-woocommerce-uni-cpo-premium-4960-missing-authorization-to-unauthenticated-arbitrary-attachment-and-dropbox-file-deletion</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secudeal-payments-for-ecommerce/secudeal-payments-for-ecommerce-11-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4113-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/petje-af/petjeaf-218-cross-site-request-forgery-to-account-deletion-via-petjeaf_disconnect-ajax-action</loc>
<lastmod>2026-04-14T19:46:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-578-missing-authorization-to-order-updates</loc>
<lastmod>2025-01-07T21:10:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pdf-generator/wp-pdf-generator-122-cross-site-request-forgery-to-pdf-settings-update</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-182-privilege-escalation</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ripe-hd-player/ripe-hd-flv-11-full-path-disclosure</loc>
<lastmod>2013-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-expand-tabs-free/wp-tabs-2114-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-28813-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3618-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets/code-snippets-350-cross-site-request-forgery-via-load</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-160-unauthenticated-sql-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/track-everything/track-everything-201-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-577-unauthenticated-sql-injection-via-sortf-parameter</loc>
<lastmod>2026-05-12T17:13:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-magic/local-magic-260-unauthenticated-sql-injection</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-horizontal-reel-scroll-slideshow/image-horizontal-reel-scroll-slideshow-133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wp-smart-import-import-any-xml-file-to-wordpress-107-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-27-denial-of-service</loc>
<lastmod>2008-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/thanh-ton-qut-m-qr-code-t-ng-momo-viettelpay-vnpay-v-40-ngn-hng-vit-nam-200-cross-site-scripting</loc>
<lastmod>2022-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cleanup-and-basic-functions/wp-cleanup-and-basic-functions-221-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-04T12:37:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export/wp-all-export-130-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-merchantx/woo-merchantx-10-cross-site-request-forgery</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kastell/kastell-20-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-167-reflected-cross-site-scripting</loc>
<lastmod>2021-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-in-place/search-in-place-10104-missing-authorization-to-feedback-submission</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oi-yamaps/oi-yandexmaps-for-wordpress-327-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jc-importer/import-wp-export-and-import-csv-and-xml-files-to-wordpress-21417-unauthenticated-information-exposure</loc>
<lastmod>2025-11-20T18:54:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-page-scroll-updown-buttons/smooth-scroll-page-updown-buttons-13-cross-site-scripting</loc>
<lastmod>2021-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-3096-showbiz-pro-171-missing-authorization-to-arbitrary-file-upload</loc>
<lastmod>2014-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-bootstrap-menu/my-bootstrap-menu-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-management-system/library-management-system-357-unauthenticated-sql-injection</loc>
<lastmod>2026-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sahu-tiktok-pixel/sahu-tiktok-pixel-for-e-commerce-122-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hrm/wp-human-resource-management-200-2217-missing-authorization-to-authenticated-employee-arbitrary-user-deletion-via-ajax_delete_employee-function</loc>
<lastmod>2025-07-03T12:17:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-championship/wp-championship-59-sql-injection</loc>
<lastmod>2015-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-lyte/wp-youtube-lyte-1715-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-pdf-for-contact-form-7/send-pdf-for-contact-form-7-091-multiple-cross-site-scripting</loc>
<lastmod>2022-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-225-cross-site-request-forgery-to-cache-reset-via-ctf_clear_cache_admin-function</loc>
<lastmod>2025-03-19T16:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-popup-show/easy-popup-show-012-cross-site-request-forgery</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-2511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfmatters/perfmatters-263-reflected-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uber-grid/wordpress-portfolio-builder-portfolio-gallery-117-missing-authorization-to-unauthenticated-portfolio-update</loc>
<lastmod>2025-02-18T19:35:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-and-social-locker-arsocial/social-share-and-social-locker-142-unauthenticated-sql-injection</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/wp-travel-446-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/query-shortcode/query-shortcode-021-authenticated-contributor-local-file-inclusion-via-lens-shortcode-attribute</loc>
<lastmod>2026-05-26T17:25:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-limit-login/wps-limit-login-1461-stored-cross-site-scripting</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-plus/events-tickets-plus-590-missing-authorization-to-information-exposure</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-21015-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2020-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lottier-gutenberg/lottier-111-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-image-store/cp-image-store-with-slideshow-119-missing-authorization-to-authenticated-contributor-arbitrary-product-import</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-697-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-backup-plugin-0990-missing-authorization-via-start_staging-and-get_staging_progress</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-content-blocks/global-content-blocks-215-cross-site-request-forgery</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guitar-tuner/gtdb-guitar-tuners-422-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5194-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T16:24:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-seo-translator/aikct-engine-chatbot-chatgpt-gemini-gpt-4o-best-ai-chatbot-162-cross-site-request-forgery-via-update_integration_option</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-vibes/form-vibes-database-manager-for-forms-1413-authenticated-admin-sql-injection</loc>
<lastmod>2026-01-05T14:47:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-blocks/newspack-blocks-308-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sirius/sirius-10-cross-site-scripting</loc>
<lastmod>2007-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2543-missing-authorization</loc>
<lastmod>2022-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-641-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-stream/review-stream-167-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtm-server-side/gtm-server-side-2119-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-tidy-tags/xili-tidy-tags-11204-reflected-cross-site-scripting</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-by-supsystic/photo-gallery-by-supsystic-1155-cross-site-request-forgery-to-plugin-settings-change</loc>
<lastmod>2022-06-15T13:58:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-links/affiliate-links-wordpress-plugin-for-link-cloaking-and-link-management-301-missing-authorization-to-unauthenticated-importexport-and-php-object-injection</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cozy-addons/cozy-blocks-2018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-760-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-3290-reflected-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-769-ip-spoofing-to-limit-login-attempt-bypass</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatsome/flatsome-3205-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-plugin-stats/easy-plugin-stats-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T20:29:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fami-sales-popup/fami-sales-popup-200-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-249-authenticated-contributor-stored-cross-site-scripting-via-oceanwp_library-shortcode</loc>
<lastmod>2025-08-29T16:24:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/effect-maker/effect-maker-121-missing-authorization</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-booking-platform/course-booking-platform-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-per-product-emails/easy-digital-downloads-per-product-emails-109-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-any-api/contact-form-to-any-api-118-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-club-manager/wp-club-manager-2211-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crossword-compiler-puzzles/crossword-compiler-puzzles-52-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticket/wp-ticket-customer-service-software-support-ticket-system-602-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subaccounts-for-woocommerce/subaccounts-for-woocommerce-166-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-pro-4716-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rename-author-slug/rename-author-slug-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-seo-author-snippets/google-seo-pressor-snippet-20-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-1328-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-629-authenticated-contributor-code-injection</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/confidant/confidant-startup-consulting-services-wordpress-theme-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticketbai/ticketbai-facturas-para-woocommerce-318-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7save-extension/cf7save-extension-1-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-213-authorization-bypass</loc>
<lastmod>2007-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesmanago/salesmanago-leadoo-3112-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-missing-authorization</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-and-projects/multiple-wponlinesupport-plugins-various-versions-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-tech-tribe/the-tribal-134-unauthenticated-information-exposure</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp24-domain-check/wp24-domain-check-11014-reflected-cross-site-scripting</loc>
<lastmod>2024-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-savesettings-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-elementor-addons/tutor-lms-elementor-addons-215-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tinysalt/tinysalt-3100-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-via-ajax_unassign_folders</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-for-eventbrite-api/display-eventbrite-events-626-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-270-unauthenticated-server-side-request-forgery-via-pinecone_url-parameter</loc>
<lastmod>2025-11-26T21:00:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-prices/wholesale-suite-226-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ogami/ogami-153-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-bokun/embed-bokun-023-authenticated-contributor-stored-cross-site-scripting-via-align-parameter</loc>
<lastmod>2025-08-15T14:47:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-backup/simple-backup-2710-arbitrary-file-download-via-path-traversal</loc>
<lastmod>2015-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-login-register/houzez-login-register-263-privilege-escalation</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-wordpress-lms-plugin-for-complete-elearning-solution-338-authenticated-administrator-php-object-injection-via-import_all_courses</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klaviyo/klaviyo-309-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vipps/pay-with-vipps-for-woocommerce-11413-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-find-and-replace/real-time-find-and-replace-38-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alphabetical-list/alphabetical-list-103-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/visual-website-collaboration-feedback-project-management-atarim-3226-hardcoded-credentials</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/classified-pro/classified-pro-1014-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2025-10-15T17:58:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-ordering/loader-utils-js-package-321-regular-expression-denial-of-service</loc>
<lastmod>2022-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-shop-discount-for-woocommerce/sitewide-discount-for-woocommerce-apply-discount-to-all-products-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-menu/float-menu-awesome-floating-side-menu-60-cross-site-request-forgery-to-menu-deletion</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-304-unauthenticated-sql-injection-via-multiformid-parameter</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/travel-booking-wordpress-theme-323-reflected-cross-site-scripting</loc>
<lastmod>2025-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-bootstrap-collapse-aka-accordian-shortcode/twitter-bootstrap-collapse-aka-accordian-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/visitor-statistics-real-time-traffic-83-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-widget/video-widget-123-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustprofile/trustprofile-324-cross-site-request-forgery</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-233-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-missing-authorization-to-update-license</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-rates-widget/exchange-rates-widget-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-453-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hello-fse-blog/hello-fse-blog-106-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-news-slider/image-news-slider-33-arbitrary-file-upload</loc>
<lastmod>2012-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-style/contact-form-7-style-32-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-php-object-injection</loc>
<lastmod>2018-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-404-auto-redirect-to-similar-post/wp-404-auto-redirect-to-similar-post-104-reflected-cross-site-scripting-via-debug-mode-uri</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-629-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/m2-ce/m2-construction-and-tools-store-112-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-511-cross-site-request-forgery</loc>
<lastmod>2021-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-business-directory-pro/simple-business-directory-pro-1569-unauthenticated-privilege-escalation</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1211-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-visitor-counter/wps-visitor-counter-148-reflected-cross-site-scripting</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rj-quickcharts/rj-quickcharts-061-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooms/wooms-912-reflected-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-master/team-master-112-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:25:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms/constant-contact-forms-242-information-disclosure-via-log-files</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtual-moderator/virtual-moderator-14-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spoter-elementor/spoter-for-elementor-104-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobscout/jobscout-117-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-finder/shortcodes-finder-153-reflected-cross-site-scripting</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-storefront/vw-storefront-099-missing-authorization-to-authenticated-subscriber-settings-reset</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-leagues-by-anwppro/anwp-football-leagues-0167-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-23T18:14:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-737-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nite-shortcodes/nite-shortcodes-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-503-authenticated-contributor-sql-injection-via-filtersorderby_order-parameter</loc>
<lastmod>2026-03-23T12:12:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3861-unauthenticated-sql-injection-via-_cct_search-parameter</loc>
<lastmod>2026-04-13T12:57:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0213-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-widget/rss-feed-widget-302-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventr/eventr-1022-sql-injection</loc>
<lastmod>2017-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-063-missing-authorization-via-init</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-421-missing-authorization-to-authenticated-contributor-post-thumbnail-modification</loc>
<lastmod>2025-12-15T16:51:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/VirtualAssistant/virtual-assistant-30-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-1125-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ukuupeople-the-simple-crm/crm-contact-management-simplified-ukuupeople-163-cross-site-request-forgery-to-favorite-additiondeletion</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketing-performance/marketing-performance-200-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crony/crony-cronjob-manager-050-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-235-stored-cross-site-scripting</loc>
<lastmod>2015-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastdup/fastdup-fastest-wordpress-migration-duplicator-271-missing-authorization-to-authenticated-contributor-backup-creation-and-download</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenthumb/green-thumb-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-452-missing-authorization-in-startprocess-to-arbitrary-redirect-via-update_link_redirect-task</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2686-missing-authorization</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bg-biblie-references/bg-bible-references-3814-reflected-cross-site-scripting</loc>
<lastmod>2022-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1113-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homey-login-register/homey-login-register-240-unauthenticated-privilege-escalation</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/backpacktraveler/backpack-traveler-2102-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exact-links/url-shortener-plugin-for-wordpress-307-missing-authorization-to-authenticated-subscriber-link-manipulation</loc>
<lastmod>2025-10-23T20:11:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-ultimate-template-builder-for-elementor-215-authenticated-contributor-stored-cross-site-scripting-via-animation-title-widget-img-tag</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yoo-slider/yoo-slider-plugin-200-cross-site-request-forgery</loc>
<lastmod>2022-04-11T17:36:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1320-unauthenticated-stored-cross-site-scripting-via-double-html-entity-encoding-in-submission-form</loc>
<lastmod>2026-02-09T20:45:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-post/related-posts-inline-related-posts-contextual-related-posts-related-content-by-pickplugins-2059-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-06T21:30:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpp-slideshow/gpp-slideshow-135-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-content-mail-actions/privatecontent-mail-actions-232-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/echo/echo-1150-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-download-link/email-download-link-37-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsa-shipping-official/smsa-shippingofficial-23-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-12-20T18:45:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-64-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-cat/fatcat-apps-analytics-cat-109-cross-site-request-forgery</loc>
<lastmod>2022-03-08T21:49:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-progess-bar/awesome-progress-bar-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boat-rental-system/boat-rental-plugin-for-wordpress-101-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-a-tweets-widget-or-x-feed-widget-221-cross-site-request-forgery-to-plugin-options-update</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reflector-plugins/reflector-122-reflected-cross-site-scripting</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-by-supsystic/coming-soon-by-supsystic-1710-cross-site-request-forgery</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ajax-filters/advanced-ajax-product-filters-3196-authenticated-author-php-object-injection-via-live-composer-compatibility</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/outgrow/outgrow-21-authenticated-contributor-stored-cross-site-scripting-via-outgrow-shortcode-id-attribute</loc>
<lastmod>2026-03-20T15:08:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartboss/sms-abandoned-cart-recovery-cartboss-412-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solidres/solidres-hotel-booking-plugin-094-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-easy-automation-integration-webhooks-workflow-builder-plugin-62-authenticated-admin-server-side-request-forgery-via-webhook</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-request-manager/music-request-manager-13-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jma-youtube-playlists-with-schema/youtube-playlists-with-schema-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:29:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-store-locator/custom-wp-store-locator-147-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-232-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-toolkit-pro/uncanny-toolkit-pro-for-learndash-414-missing-authorization-to-arbitrary-pagepost-duplication</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lenix-elementor-leads-addon/lenix-elementor-leads-addon-182-unauthenticated-stored-cross-site-scripting-via-url-form-field</loc>
<lastmod>2025-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/morpheus-slider/responsive-3d-slider-12-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-comment-form-cst/ajax-comment-form-cst-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T18:32:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-cross-site-request-forgery-to-cross-site-scripting-via-render_dropdown</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-point-of-sale/woocommerce-point-of-sale-610-insecure-direct-object-reference-to-privilege-escalation-via-arbitrary-user-email-change</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jsmol2wp/jsmol2wp-107-server-side-request-forgery</loc>
<lastmod>2018-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-google-photos-album-easily/embed-google-photos-album-219-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tuturn/tuturn-36-unauthenticated-missing-authorization</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analyticator/google-analyticator-52-cross-site-scripting</loc>
<lastmod>2009-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-post-thumbnails/generate-post-thumbnails-08-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gm-woo-product-list-widget/product-list-widget-for-woocommerce-10-reflected-cross-site-scripting</loc>
<lastmod>2022-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1167-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1525-authenticated-author-php-object-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shop-assistant-for-woocommerce-jarvis/floating-buttons-for-woocommerce-288-missing-authorization</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onpay-io-for-woocommerce/onpayio-for-woocommerce-1047-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-manager-for-wordpress/sermon-manager-2300-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-3151-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rexcrawler/rexcrawler-1015-reflected-cross-site-scripting-via-url-and-regex-parameters</loc>
<lastmod>2026-03-20T15:17:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-author-box/simple-author-box-251-authenticated-contributor-insecure-direct-object-reference-to-arbitrary-user-sensitive-information-exposure</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extendons-registration-fields/woocommerce-registration-fields-plugin-custom-signup-fields-323-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unique/unique-030-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects/simple-301-redirects-200-203-authenticated-wildcard-activation-and-retrieval</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.5/wordpress-core-655-authenticated-contributor-stored-cross-site-scripting-via-template-part-block</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-feed-gallery-portfolio/social-feed-gallery-portfolio-13-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2025-12-05T17:48:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/garden-gnome-package/garden-gnome-package-229-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T13:46:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-click-ssl/one-click-ssl-146-cross-site-request-forgery</loc>
<lastmod>2019-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surecart/surecart-ecommerce-made-easy-for-selling-physical-products-digital-downloads-subscriptions-donations-payments-432-reflected-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-order-alert/order-listener-for-woocommerce-play-sounds-instantly-on-new-orders-321-unauthenticated-sql-injection</loc>
<lastmod>2022-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cluevo-lms/cluevo-lms-e-learning-platform-1132-cross-site-request-forgery-to-module-deletion</loc>
<lastmod>2024-12-05T19:35:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recaptcha-jetpack/recaptcha-jetpack-022-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-elementor/themesflat-elementor-101-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-medical-drawing-of-human-body/interactive-medical-drawing-of-human-body-24-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-modules-el/wp-post-modules-for-elementor-250-reflected-cross-site-scripting</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-cors/enable-cors-203-backdoor</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-fonts/persian-fonts-16-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-091-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lms-elementor-pro/lms-elementor-pro-104-unauthenticated-privilege-escalation</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3551-authenticated-contributor-sql-injection-via-order_by-shortcode-attribute</loc>
<lastmod>2026-03-03T18:17:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-multipurpose-woocommerce-theme-954-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-10-14T14:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/job-postings-2710-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-responsive-news-tickers-sliders-and-lists-3144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/quick-interest-slider-315-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listapp-mobile-manager/listapp-mobile-manager-177-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendor-marketplace-solution-for-woocommerce-wc-marketplace-38118-reflected-cross-site-scripting</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-portfolio/portfolio-gallery-responsive-image-gallery-145-missing-authorization-to-arbitrary-gallery-deletion</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-cpt-base/remove-cpt-base-58-cross-site-request-forgery-to-cpt-base-deletion</loc>
<lastmod>2022-05-06T13:29:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-303-cross-site-scripting</loc>
<lastmod>2010-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/card-flip-image-slideshow/card-flip-image-slideshow-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-4145-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edwiser-bridge/edwiser-bridge-307-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3speedster-wp/w3speedster-726-authenticated-administrator-remote-code-execution</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-stripe-free/wp-full-stripe-free-825-authenticated-administrator-sql-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sparkle-fse/sparkle-fse-109-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opening-hours/were-open-146-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjam-basic/wpjam-basic-621-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-443-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-buddy/shortcode-buddy-0195-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:27:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-table-of-content/cm-table-of-contents-123-cross-site-request-forgery</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-236-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-download-access</loc>
<lastmod>2026-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ridhi/ridhi-112-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-220-authenticated-student-sql-injection</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-automatic-links/seo-smart-links-301-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-0108-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1082-missing-authorization-to-appointment-time-alteration</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-salesforce-crmperks/wp-gravity-forms-salesforce-147-open-redirect</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-942-authenticated-admin-sql-injection</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blabber/blabber-170-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box/meta-box-wordpress-custom-fields-framework-592-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-169-unauthenticated-sql-injection</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-plugin/gallery-by-bestwebsoft-customizable-image-and-photo-galleries-for-wordpress-450-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-513-authenticated-editor-stored-cross-site-scripting-via-memo-parameter</loc>
<lastmod>2026-06-09T18:48:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-4518-authenticated-contributor-server-side-request-forgery-via-new_link-parameter</loc>
<lastmod>2026-06-23T16:46:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-security-932-user-enumeration-bypass-via-rest-api</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gaea/gaea-38-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-253-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode-from-acurax/under-construction-maintenance-mode-from-acurax-26-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-food-manager/wp-food-manager-103-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-252-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2111-authenticated-subscriber-stored-cross-site-scripting-via-dom-gadgets</loc>
<lastmod>2026-04-03T19:29:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2syslog/wp2syslog-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notice-board/notice-board-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crontrol/wp-crontrol-13-reflected-cross-site-scripting</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optin-wheel/wp-optin-wheel-142-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backup-mainwp/wpvivid-backup-for-mainwp-0932-reflected-cross-site-scripting</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-111126-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadin/hubspot-all-in-one-marketing-forms-popups-live-chat-11332-missing-authorization-to-authenticated-contributor-installed-plugin-disclosure</loc>
<lastmod>2026-04-23T19:19:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-5911-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-state-tags/post-state-tags-206-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/competition-form/competition-form-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-as-customer-or-user/login-as-user-or-customer-38-unauthenticated-limited-admin-account-compromise</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-free-templates-library-live-copy-animations-post-grid-post-carousel-particles-sliders-chart-blogs-262-missing-authorization-to-authenticated-subscriber-limited-arbitrary-options-update</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging-pro/wp-staging-pro-backup-duplicator-migration-560-cross-site-request-forgery-to-limited-local-file-inclusion</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediaburst-email-to-sms/clockwork-sms-notfications-242-cross-site-scripting</loc>
<lastmod>2017-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms/caldera-forms-154-cross-site-scripting</loc>
<lastmod>2017-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-chat/wise-chat-313-cross-site-request-forgery</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2403-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wphelpful/wphelpful-124-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-53-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T19:53:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/wp-booking-calendar-1021-authenticated-contributor-stored-cross-site-scripting-via-bookingform-shortcode</loc>
<lastmod>2024-07-23T18:49:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alojapro-widget/alojapro-widget-1115-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-541-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookr/appointment-booking-calendar-plugin-102-missing-authorization-to-unauthenticated-arbitrary-appointment-status-modification</loc>
<lastmod>2026-02-13T17:29:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-322-missing-authorization-via-get_form_fields</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-204-privilege-escalation</loc>
<lastmod>2006-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-plus-before-after-image-slider-free/ba-plus-103-reflected-cross-site-scripting</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-llms-txt/website-llmstxt-826-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2026-04-20T18:26:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-500-562-authenticated-backwpup-helper-privilege-escalation-via-arbitrary-options-update</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-wp-page-to-static-html/export-wordpress-pages-to-static-html-pdf-static-site-export-600-cross-site-request-forgery</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-70020-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-subscribe/ultimate-subscribe-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-20994-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bg-church-memos/bg-church-memos-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-5120-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amelia/booking-for-appointments-and-events-calendar-amelia-premium-77-and-lite-124-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-09-04T21:24:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groovy-menu-free/groovy-menu-143-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-156-unauthenticated-information-exposure</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixtypes/pixtypes-1414-cross-site-request-forgery</loc>
<lastmod>2023-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-323-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/process-steps-template-designer/process-steps-template-designer-121-cross-site-request-forgery</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progressive-wp/progressive-wordpress-pwa-2113-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-for-woocommerce/membership-for-woocommerce-216-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/GamesTheme/gamestheme-103-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asambleas/wp-asambleas-2850-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:49:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-zelle/checkout-with-zelle-on-woocommerce-31-missing-authorization</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.3/wordpress-core-232-sql-injection</loc>
<lastmod>2007-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaky-paywall/leaky-paywall-4165-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xinterio/xinterio-42-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-pro/ajax-search-pro-35-cross-site-request-forgery</loc>
<lastmod>2015-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/filmax/filmax-1111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arabic-webfonts/arabic-webfonts-146-missing-authorization</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-woocommerce-builder-edd-builder-elementor-store-builder-product-grid-product-table-woocommerce-slider-164-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-20T19:47:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-stock-manager/woocommerce-stock-manager-109-authorization-bypass</loc>
<lastmod>2016-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-register-profile-with-shortcode/wp-register-profile-with-shortcode-362-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anytrack-affiliate-link-manager/anytrack-affiliate-link-manager-104-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-estimation-form/wp-cost-estimation-payment-forms-builder-10175-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-telegram-for-wp/simple-telegram-093-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-3916-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-skrill-woocommerce/skrill-official-1066-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dirtysuds-embed-pdf/embed-pdf-106-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-security/siteground-security-130-authenticated-administrator-sql-injection</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-appointments-schedules/appointments-scheduler-15-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-stripe-free/wp-full-stripe-free-705-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-by-whitestudio-drag-drop-form-builder-406-unauthenticated-sql-injection</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medilazar-core/medilazar-core-147-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-11-arbitrary-file-upload</loc>
<lastmod>2016-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foliopress-wysiwyg/foliopress-wysiwyg-2616-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-0188-missing-authorization</loc>
<lastmod>2025-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress-post-topics/post-comments-as-bbpress-topics-223-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-switcha/theme-switcha-33-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/garden-gnome-package/garden-gnome-package-251-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mathjax-plus/wp-mathjax-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-pages-at-depth/list-pages-at-depth-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-cards-lite/ultimate-gift-cards-for-woocommerce-create-redeem-manage-digital-gift-certificates-with-personalized-templates-266-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcast-importer-secondline/podcast-importer-secondline-138-sql-injection</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/famous_grid_image_and_video_gallery/famous-responsive-image-and-video-grid-gallery-wordpress-14-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-customer-support-ticket-system-337-authentication-bypass-to-support-session-takeover</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-translate/my-wp-translate-103-reflected-cross-site-scripting</loc>
<lastmod>2017-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-types/custom-post-types-custom-fields-more-504-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickyelements/my-sticky-elements-208-authenticated-admin-sql-injection</loc>
<lastmod>2023-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bootstrap-shortcodes/bootstrap-shortcode-340-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openpgp-form-encryption/openpgp-form-encryption-for-wordpress-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gotowebinar/wp-gotowebinar-1446-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-460-reflected-cross-site-scripting-via-wp_lang</loc>
<lastmod>2023-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-move-topics/bbpress-move-topics-114-php-object-injection</loc>
<lastmod>2018-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pagelines/pagelines-theme-146-missing-authorization</loc>
<lastmod>2015-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rise-blocks/rise-blocks-a-complete-gutenberg-page-builder-31-cross-site-request-forgery</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-32-authenticated-contributor-stored-cross-site-scripting-via-shortcode_debug-parameter</loc>
<lastmod>2025-08-29T16:24:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guruwalk-affiliates/guruwalk-affiliates-100-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-2013-missing-authorization</loc>
<lastmod>2015-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/where-did-they-go-from-here/wz-followed-posts-display-what-visitors-are-reading-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-06T18:49:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1491-missing-authorization-to-authenticated-forminator-user-csv-export</loc>
<lastmod>2026-01-08T17:47:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-157-authenticated-contributor-stored-cross-site-scripting-via-heading-widget</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-01024-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/salient/salient-1740-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogroll-fun/blogroll-fun-show-last-post-and-last-update-time-085-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-471-information-disclosure</loc>
<lastmod>2017-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11527-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T23:14:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meteor/wp-meteor-page-speed-optimization-topping-314-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-security/simple-security-115-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-bookings/woocommerce-bookings-11578-insecure-direct-object-reference</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-generator/sage-ai-chatbots-openai-gpt-4-bulk-articles-dalle-3-image-generation-249-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envialosimple-email-marketing-y-newsletters-gratis/envalosimple-email-marketing-y-newsletters-23-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-17010-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-code-tag-for-wc-from-goaskle-com/qr-code-tag-for-wc-order-emails-1936-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-ai-powered-seo-71030-unauthenticated-privilege-escalation</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/copypress/copypress-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moneytigo/ovri-payment-170-malicious-htaccess-directive</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3232-missing-authorization-to-information-exposure</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-641-authenticated-author-path-traversal</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vehicle-parts-finder/woocommerce-vehicle-parts-finder-37-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33203-authenticated-custom-arbitrary-file-read-and-server-side-request-forgery</loc>
<lastmod>2025-12-16T18:43:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-690-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orange-form/orange-form-101-cross-site-request-forgery</loc>
<lastmod>2021-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-line-notify/line-notify-144-reflected-cross-site-scripting-via-uid</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libsyn-podcasting/libsyn-publisher-hub-144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoorum-comments/zoorum-comments-09-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-14T14:24:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-links-page/wp-links-page-495-missing-authorization-to-authenticated-subscriber-limited-image-update</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eyewear-prescription-form/eyewear-prescription-form-4018-missing-authorization-to-unauthenticated-arbitrary-options-update</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/phlox-pro/phlox-pro-5164-reflected-cross-site-scripting-via-search-parameters</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-no-bot-question/wp-no-bot-question-017-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-431-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-05-07T19:58:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-unauthenticted-stored-cross-site-scripting-via-nl_data</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-testimonial/gs-testimonial-slider-330-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-password-protection-3557-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce/premmerce-1319-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-gift-cards-premium/yith-woocommerce-gift-cards-premium-330-arbitrary-file-upload</loc>
<lastmod>2021-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-2125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-161-cross-site-request-forgery-in-multiple-functions-in-admincontrollerphp</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eonet-manual-user-approve/eonet-manual-user-approve-213-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migrate-db-pro/wp-migrate-pro-2610-unauthenticated-php-object-injection</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preview-link-generator/preview-link-generator-103-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-store/music-store-wordpress-ecommerce-1119-reflected-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-member-subscriptions-2168-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7314727-sensitive-data-exposure</loc>
<lastmod>2019-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wassup/wassup-real-time-analytics-191-cross-site-scripting</loc>
<lastmod>2016-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-255-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transbank-webpay-plus-rest/transbank-webpay-rest-166-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-library-lite/document-library-lite-116-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-10-31T13:31:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-3994-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/announce-from-the-dashboard/announce-from-the-dashboard-151-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-for-wordpress-by-funnelkit-customize-woocommerce-checkout-pages-create-sales-funnels-order-bumps-one-click-upsells-331-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-donations/donations-14-unauthenticated-arbitrary-options-change</loc>
<lastmod>2019-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-docs-rsvp-guestlist/google-docs-rsvp-201-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cozy-addons/cozy-blocks-2011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-11413-cross-site-request-forgery-leading-to-attachment-deletion-path-traversal</loc>
<lastmod>2019-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-invoice/easy-invoice-214-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-postratings/wp-postratings-161-sql-injection</loc>
<lastmod>2011-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/solar/solar-energy-35-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-views-count/page-view-count-255-cross-site-request-forgery</loc>
<lastmod>2022-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chgfontsize/wp-chgfontsize-18-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-event-post/themify-event-post-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hcv4-payment-gateway/hiecor-payment-gateway-plugin-1511-unauthenticated-sql-injection</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-locker-content/social-locker-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-517-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonus-for-woo/bonus-for-woo-582-reflected-cross-site-scripting</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/black-widgets/black-widgets-for-elementor-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connect-daily-web-calendar/wordpress-events-calendar-plugin-connectdaily-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-paymaster-gateway-019/paymaster-for-woocommerce-0431-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-07-03T12:22:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-116-reflected-cross-site-scripting-via-shortcode_id-parameter</loc>
<lastmod>2026-04-17T11:44:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/annuncifunebri-onoranza/annuncifunebri-impresa-470-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-options-deletion</loc>
<lastmod>2025-12-12T16:04:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-plugin-installer/multi-plugin-installer-120-arbitrary-file-read</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapifylite/mapifylite-and-mapifypro-33-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-framework/gutenberg-template-library-redux-framework-421-incorrect-authorization-leading-to-arbitrary-plugin-installation-and-post-deletion</loc>
<lastmod>2021-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-floating-button/blog-floating-button-1412-cross-site-request-forgery</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsa-shipping-official/smsa-shipping-23-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21519-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wetterwarner/wetterwarner-272-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-grab/grab-save-104-reflected-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-post-search/advanced-post-search-110-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-edit-delete-listing-for-member-module/add-edit-delete-listing-module-10-sql-injection</loc>
<lastmod>2017-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpify-woo/wpify-woo-czech-4010-reflected-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2299-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopper/shopper-325-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-334-authenticated-contributor-sql-injection</loc>
<lastmod>2026-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-63015-authenticated-subscriber-missing-authorization-via-multiple-functions</loc>
<lastmod>2025-03-25T21:29:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables-pro/ninja-tables-pro-5017-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-order-address-print/woocommerce-order-address-print-32-reflected-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tera-charts/tera-charts-10-reflected-cross-site-scripting</loc>
<lastmod>2016-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-ratings/comments-ratings-116-cross-site-request-forgery</loc>
<lastmod>2023-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-addons-and-templates-kit-for-elementor-171053-missing-authorization</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1250-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rife-elementor-extensions/rife-elementor-extensions-templates-121-authenticated-contributor-stored-cross-site-scripting-via-writing-effect-headline-widget</loc>
<lastmod>2024-07-01T19:26:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attach-gallery-posts/attach-gallery-posts-16-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-responsive-slideshow/slider-responsive-slideshow-image-slider-gallery-slideshow-154-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-webrtc-hls-rtsp-rtmp-624-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-street-view/wp-google-street-view-with-360-virtual-tour-google-maps-local-seo-118-authenticated-contributor-stored-cross-site-scripting-via-wpgsv_map-shortcode</loc>
<lastmod>2026-01-08T18:02:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player/spidervplayer-21-sql-injection</loc>
<lastmod>2013-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happyforms/happyforms-form-builder-for-wordpress-drag-drop-contact-forms-surveys-payments-multipurpose-forms-12613-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-countdown-widget/wordpress-countdown-widget-3191-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2692-authenticatedcontributor-stored-cross-site-scripting-via-post-grid</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-54-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2025-05-01T14:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-732-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inject/imageinject-115-cross-site-request-forgery</loc>
<lastmod>2018-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/ip2location-country-blocker-2269-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/behold/behold-15-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultra-addons-for-contact-form-7-3536-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-cross-site-scripting-via-media-uploads</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-106-authenticated-subscriber-stored-cross-site-scripting-via-wpbe_update_page_field</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/businext/businext-244-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-1814-authenticated-contributor-stored-cross-site-scripting-via-babe-search-form-shortcode</loc>
<lastmod>2025-12-18T18:15:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-1283-unauthenticated-sensitive-information-exposure-via-settings-backup</loc>
<lastmod>2026-03-05T10:58:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-forum/yellow-swordfish-simple-forum-111-sql-injection</loc>
<lastmod>2008-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4073-missing-authorization-to-authenticated-subscriber-event-attendees-export</loc>
<lastmod>2025-03-06T11:33:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rb-internal-links/rb-internal-links-2016-cross-site-request-forgery-to-settings-update-and-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-table-contact-form-db-wpforms-cf7-gravity-forminator-fluent-1132-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-023-unauthenticated-comment-creation</loc>
<lastmod>2019-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-lightbox/lightpress-lightbox-234-authenticated-contributor-stored-cross-site-scripting-via-group-shortcode-attribute</loc>
<lastmod>2026-04-07T13:33:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-memberships-for-paypal/subscriptions-memberships-for-paypal-116-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2025-02-25T19:40:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-status-notifier-lite/post-status-notifier-lite-1100-reflected-cross-site-scripting</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-styler/wow-styler-for-cf7-visual-styler-for-contact-form-7-forms-176-missing-authorization</loc>
<lastmod>2026-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-234-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-builder/testimonial-builder-161-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdfl-io/pdflio-105-authenticated-contributor-stored-cross-site-scripting-via-text-shortcode-attribute</loc>
<lastmod>2026-04-07T20:58:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/craftcoffee/craft-236-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbulky-wp-bulk-edit-post-types/wpbulky-1113-authenticated-author-sql-injection</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2333-cross-site-request-forgery-to-stripe-integration-deletion</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webauthn/wp-webauthn-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chronoforms/chronoforms-709-cross-site-request-forgery</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waitlist-woocommerce/waitlist-woocommerce-back-in-stock-notifier-251-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/wpbakery-page-builder-addons-by-livemesh-381-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-help/chat-help-313-missing-authorization</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert/mc-woocommerce-wishlist-189-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-factory/responsive-image-slider-photo-gallery-and-carousel-136-missing-authorization</loc>
<lastmod>2021-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19120-cross-site-request-forgery-to-account-disconnection</loc>
<lastmod>2025-11-26T17:29:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nexio/nexio-1100-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-pricing/wholesale-for-woocommerce-230-unauthenticated-information-exposure</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-whois-search/whois-1424-cross-site-scripting</loc>
<lastmod>2012-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-and-client-message-after-order-for-woocommerce/admin-and-customer-messages-after-order-for-woocommerce-orderconvo-14-missing-authorization-to-unauthenticated-user-impersonation-in-order-messages</loc>
<lastmod>2025-11-24T19:17:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-frontend/frontend-file-manager-40-n-media-post-front-end-form-11-arbitrary-file-upload</loc>
<lastmod>2016-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-business-directory/cm-business-directory-152-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-25T13:26:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-chat-support-by-social-intents/social-intents-1614-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmaps-for-visual-composer-free/gmaps-for-wpbakery-page-builder-free-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-login-history/user-login-history-170-sql-injection-via-order-by</loc>
<lastmod>2019-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_save_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-sharing/wp-social-sharing-22-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp/mainwp-dashboard-4601-cross-site-request-forgery-via-posting_bulk</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-calendar/timeline-calendar-12-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snsvicky/sns-vicky-37-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-admin/wordpress-database-administrator-103-authenticated-administrator-sql-injection</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-greeting-message/buddypress-greeting-message-103-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-428-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2026-02-26T06:37:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-171-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-17-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2025-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ean-for-woocommerce/ean-for-woocommerce-546-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-521-missing-authorization-to-unauthenticated-google-analytics-tracking-id-modification</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-roles-and-capabilities/user-roles-and-capabilities-126-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-multivendor-marketplace-solution-for-woocommerce-357-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getshop-ecommerce/getshop-ecommerce-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-395-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance/wp-maintenance-607-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-06-28T13:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-578-unauthenticated-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-external-attachments/import-external-attachments-1512-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-16811-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listen-shortcode/listen-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:26:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-business-directory-pro/simple-business-directory-pro-1551-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-header-footer-script-loader/cm-header-and-footer-124-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-offline/site-offline-157-missing-authorization</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration/event-registration-60202-php-object-injection</loc>
<lastmod>2016-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-268-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-417-improper-authorization-to-authenticated-author-arbitrary-attachment-change-via-background-replace</loc>
<lastmod>2026-03-03T18:17:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vodpod-video-gallery/vodpod-video-gallery-317-reflected-cross-site-scripting</loc>
<lastmod>2010-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dpt-oauth-client/oauth-client-by-digitialpixies-110-cross-site-request-forgery</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-253-sql-injection</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf/save-as-pdf-button-192-authenticated-contributor-stored-cross-site-scripting-via-restpackpdfbutton-shortcode</loc>
<lastmod>2025-11-12T20:24:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woohoo/woohoo-newspaper-magazine-theme-253-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-429-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-202-missing-authorization-to-unauthenticated-information-disclosure</loc>
<lastmod>2024-06-10T17:32:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crudlab-google-plus/crudlab-google-plus-button-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-profiles/wp-user-profiles-262-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-associate-filter/amazon-associate-filter-04-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-events/wooevents-417-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-simple-form/contact-us-simple-form-10-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-01-06T20:30:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-session-synchronizer/user-session-synchronizer-140-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2141-local-file-inclusion</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bang-tinh-lai-suat/bang-tinh-vay-101-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/note-press/note-press-0110-authenticated-admin-sql-injection-via-id-parameter</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/cp-polls-1071-unauthenticated-poll-limit-bypass</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandnews/grand-news-343-reflected-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-4027-directory-traversal-via-x-filename</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-performance-accelerator/aio-performance-profiler-monitor-optimize-compress-debug-12-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-4511-cross-site-scripting</loc>
<lastmod>2015-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hostel/goodlayers-hostel-312-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pocket-news-generator/pocket-news-generator-020-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revision-manager-tmc/revision-manager-tmc-2819-missing-authorization-to-authenticated-subscriber-arbitrary-email-sending</loc>
<lastmod>2024-09-06T01:25:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-optimize-web-vitals-automatically-242-missing-authorization-to-authenticated-subscriber-plugin-settings-modification-and-sql-injection</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-14-authenticated-administrator-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2025-02-19T21:10:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-22-unauthenticated-limited-arbitrary-option-update</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2443-authenticated-contributor-stored-cross-site-scripting-via-custom-attributes</loc>
<lastmod>2024-06-04T17:04:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberspace/memberspace-2113-reflected-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-rewards-gamification-ranks-badges-loyalty-plugin-22-subscriber-sql-injection</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4011-missing-authorization-to-settings-import</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-1184-cross-site-scripting</loc>
<lastmod>2020-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3118-authentication-bypass</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-title-splitter/page-title-splitter-259-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/child-themes-helper/child-themes-helper-227-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-intercom-slack/wp-intercom-slack-121-sensitive-information-disclosure</loc>
<lastmod>2019-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mpwizard/mpwizard-create-mercado-pago-payment-links-121-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2025-10-02T21:29:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode-from-acurax/under-construction-maintenance-mode-from-acurax-26-unauthenticated-ip-spoofing</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5358-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-search/e-search-10-reflected-cross-site-scripting-via-title_az-parameter</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-240-privilege-escalation</loc>
<lastmod>2016-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-linking-of-related-contents/internal-linking-of-related-contents-118-missing-authorization</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alone/alone-charity-multipurpose-non-profit-wordpress-theme-785-missing-authorization-to-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-14T15:24:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/meta-news/meta-news-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-324-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-19T12:29:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support_ticket/support-ticket-management-system-19-unauthenticated-privilege-escalation</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/website-builder-by-seedprod-615131-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-clear_page_cache</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-reflected-cross-site-scripting-via-lead-editing</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branded-social-images/branded-social-images-110-missing-authorization-leading-to-unauthenticated-plugin-settings-updates</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms/cforms-101-cross-site-scripting</loc>
<lastmod>2014-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-shortcodes/wpzoom-shortcodes-105-authenticated-contributor-stored-cross-site-scripting-via-box-shortcode</loc>
<lastmod>2024-09-24T12:23:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sailing/sailing-446-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trust-payments-gateway-3ds2/trust-payments-gateway-for-woocommerce-javascript-library-136-cross-site-request-forgery</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-image-gallery-with-pretty-photo-zoom/prettyphoto-library-multiple-plugins-and-themes-314-dom-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-shop-styling/wp-ecommerce-shop-styling-26-directory-traversal</loc>
<lastmod>2015-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-missing-authorization-to-settings-update</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5113-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T19:02:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goya/goya-1087-unauthenticated-reflected-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eggdrop/wp-eggdrop-01-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-connector/wp-forms-connector-18-unauthenticated-sql-injection-via-order-parameter</loc>
<lastmod>2026-06-23T16:39:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-123116-reflected-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-voting/tribulant-gallery-voting-121-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rock-convert/rock-convert-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmatic/newsmatic-131-missing-authorization</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-media/easy-social-13-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-user/final-user-125-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/etude/etude-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3124-authenticated-file-upload</loc>
<lastmod>2021-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41025-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-205-cross-site-request-forgery</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/donpeppe/don-peppe-pizza-and-fast-food-wordpress-theme-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-106-reflected-cross-site-scripting</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-3225-authenticated-author-server-side-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arcane/arcane-366-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-324-reflected-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-field-visibility-for-woocommerce/checkout-field-visibility-for-woocommerce-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-views-counter/post-views-counter-144-cross-site-request-forgery-via-save_bulk_post_views</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mmm-unity-loader/mmm-unity-loader-10-authenticated-contributor-stored-cross-site-scripting-via-attributes-parameter</loc>
<lastmod>2025-08-01T19:37:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kipso/kipso-134-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode/wp-maintenance-mode-206-remote-code-execution</loc>
<lastmod>2018-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-metadata-cruncher/image-metadata-cruncher-18-reflected-cross-site-scripting</loc>
<lastmod>2015-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-co-pilot-for-wp/ai-copilot-127-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-502-authenticated-subscriber-sql-injection-via-order-and-sort_by-parameters</loc>
<lastmod>2026-02-17T17:19:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/wordpress-landing-page-squeeze-page-responsive-landing-page-builder-free-wp-lead-plus-x-098-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-381-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2016-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5241-reflected-cross-site-scripting-via-section_id</loc>
<lastmod>2023-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/term-taxonomy-converter/term-taxonomy-converter-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaderboard-lite/leaderboard-plugin-124-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-table-editor/wp-db-table-editor-184-missing-authorization-to-authenticatedcontributor-database-access</loc>
<lastmod>2024-06-03T17:10:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-wordpress-poll/wordpress-poll-3406-sql-injection</loc>
<lastmod>2013-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-313-media-related-security-issue</loc>
<lastmod>2011-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/real-spaces/real-spaces-wordpress-properties-directory-theme-35-authenticated-subscriber-privilege-escalation-to-administrator-via-change_role_member</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-cross-site-request-forgery-to-plugin-data-removal-in-reinitialize</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-420-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-menu/wp-responsive-menu-317-missing-authorization-to-settings-update-stored-cross-site-scripting</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-203-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/pdf-invoices-packing-slips-for-woocommerce-380-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-missing-authorization-to-product-manipulation</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-shout-box/wordpress-shout-box-widget-202-sql-injection</loc>
<lastmod>2013-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-best-documentation-faq-knowledge-base-plugin-with-ai-support-instant-answer-for-elementor-gutenberg-342-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-3872-stored-cross-site-scripting</loc>
<lastmod>2011-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyfunnel-lite/surveyfunnel-survey-plugin-for-wordpress-115-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-12-04T16:27:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/headless-cms/headless-cms-203-missing-authorization</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-coupons-for-woocommerce-free/advanced-coupons-for-woocommerce-coupons-4711-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-loyalty-points-and-rewards-plugin-2752-authenticated-contributor-stored-cross-site-scripting-via-mycred_send-shortcode</loc>
<lastmod>2024-12-05T17:20:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenbee/gutenbee-2201-authenticated-author-arbitrary-file-upload-via-wp_check_filetype_and_ext-filter</loc>
<lastmod>2026-05-27T18:02:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/laurits/laurits-151-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpyog-documents/wpyog-documents-135-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-users-messenger/all-users-messenger-124-authenticated-subscriber-insecure-direct-object-reference-to-message-deletion</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-2010-open-redirect</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-164-unauthenticated-arbitrary-user-password-change</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-wp-query-search-filter/advance-wp-query-search-filter-1010-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-wp-rating-system-342-ip-address-spoofing</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ark-core/ark-theme-core-1700-unauthenticated-remote-code-execution</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-by-lightspeed-ecommerce-shopping-cart-707-authenticated-subscriber-privilege-escalation-via-ec_store_admin_access</loc>
<lastmod>2026-02-14T14:30:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5105-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-399-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-and-files-contest-gallery-2132-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5932-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T19:18:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-currency-switcher-professional-for-woocommerce-148-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-325-cross-site-request-forgery</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-6431-authenticated-editor-sql-injection</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jump-menu/wp-jump-menu-364-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-world-map/interactive-world-map-344-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5995-unauthenticated-privilege-escalation-via-email-overwrite</loc>
<lastmod>2026-06-29T16:51:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aardvark-plugin/aardvark-219-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/textp2p-texting-widget/textp2p-texting-widget-17-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-04-21T19:07:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-keys/page-keys-133-authenticated-administrator-stored-cross-site-scripting-via-page_key-parameter</loc>
<lastmod>2026-01-06T19:58:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-by-supsystic/pricing-table-by-supsystic-194-reflected-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-smart-bot-blocking-intrusion-prevention-security-19113-cross-site-request-forgery</loc>
<lastmod>2024-06-01T16:29:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-faqs/wp-easy-faqs-105-authenticated-author-stored-cross-site-scripting-via-wp_easy_faq-shortcode</loc>
<lastmod>2025-09-10T18:44:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themarketer/themarketer-147-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/estate/estate-134-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supervisor/supervisor-132-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-10-23T19:46:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171049-authenticated-contributor-stored-cross-site-scripting-via-rest-api-meta-bypass</loc>
<lastmod>2026-04-03T19:31:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-262-directory-traversal-to-authenticated-administrator-limited-arbitrary-file-deletion-via-admin_log_page-function</loc>
<lastmod>2025-03-21T23:18:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-21-modules-all-in-one-solution-324-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-24T15:45:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocustomizer/storecustomizer-a-plugin-to-customize-all-woocommerce-pages-263-missing-authorization</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antivirus/antivirus-11-full-path-disclosure</loc>
<lastmod>2013-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pollin/pollin-1011-authenticated-admin-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-019-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-6011-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-smtp/wp-mail-smtp-401-authenticated-admin-smtp-password-exposure</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-builder/app-builder-5510-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-user-avatar-modification-via-user_id-parameter</loc>
<lastmod>2026-05-01T15:33:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-live/wp-youtube-live-1721-reflected-cross-site-scripting</loc>
<lastmod>2022-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/livemesh-addons-for-wpbakery-page-builder-37-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rest-api-fns/wp-rest-api-fns-100-privilege-escalation</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3495-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T20:55:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-buffer-button/the-buffer-button-10-cross-site-scripting</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1337-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invition-print-ship/printeers-print-ship-1170-unauthenticated-path-traversal</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-registration-spam/stop-registration-spam-123-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-16T18:59:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/smart-post-show-300-authenticated-editor-stored-cross-site-scripting-via-pagination-color</loc>
<lastmod>2024-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-522-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-order-export/ni-woocommerce-order-export-316-cross-site-request-forgery-to-settings-update-via-ni_order_export_action-ajax-action</loc>
<lastmod>2026-04-21T19:05:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-and-gallery-plugin/cincopa-video-and-media-plug-in-1163-unauthenticated-stored-cross-site-scripting-via-cincopa-shortcode-in-post-comments</loc>
<lastmod>2026-06-23T16:37:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4265-unauthenticated-time-based-sql-injection</loc>
<lastmod>2024-05-09T19:40:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/werkstatt/werkstatt-creative-portfolio-wordpress-theme-472-cross-site-request-forgery</loc>
<lastmod>2026-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-affiliate-plugin-for-woocommerce-630-reflected-cross-site-scripting-via-commission_summary-parameter</loc>
<lastmod>2025-04-17T16:23:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-api/constant-contact-for-wordpress-411-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-woocommerce-multivendor-marketplace-3411-unauthenticated-sql-injection</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-font-awesome/better-font-awesome-201-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplyconvert/simplyconvert-10-authenticated-administrator-stored-cross-site-scripting-via-simplyconvert_hash-option</loc>
<lastmod>2025-12-11T14:21:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adaptive-images/adaptive-images-0668-reflected-cross-site-scripting</loc>
<lastmod>2022-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress/bbpress-2611-cross-site-request-forgery-to-limited-privilege-escalation</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-booking-system/course-booking-system-61-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dialogs/dialogs-103-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/photo-gallery-sliders-proofing-and-themes-nextgen-gallery-404-authenticated-author-local-file-inclusion</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-766-cross-site-request-forgery</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-3427-validation-bypass-via-email-field</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/evolve/evolve-127-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio5-html5-shoutcast-sticky/apollo-sticky-full-width-html5-audio-player-34-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-347-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2020-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.6/wordpress-core-461-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsensei-b30/adsmonetizer-312-reflected-cross-site-scripting</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-275-sensitive-credentials-stored-in-plaintext</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-opensearch/wp-opensearch-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/caulk/caulk-unknown-versions-full-path-disclosure</loc>
<lastmod>2013-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopengine/shopengine-elementor-woocommerce-builder-addon-all-in-one-woocommerce-solution-483-insufficient-authorization-to-authenticated-editor-settings-update</loc>
<lastmod>2025-09-25T14:25:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-buttons/social-share-buttons-for-wordpress-27-missing-authorization-to-unauthenticated-image-upload-path-traversal</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-archive-mapping/custom-query-blocks-550-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/token-of-trust/age-verification-identity-verification-by-token-of-trust-3323-unauthenticated-stored-cross-site-scripting-via-description-parameter</loc>
<lastmod>2026-04-14T11:34:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/att-youtube/att-youtube-widget-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ioncube-tester-plus/ioncube-tester-plus-13-unauthenticated-arbitrary-file-download</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-128-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-guestbook/comment-guestbook-080-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/studiozen/studiozen-16-multiple-vulnerabilities</loc>
<lastmod>2013-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-order-form-builder/stylish-order-form-builder-10-authenticated-subscriber-stored-cross-site-scripting-via-product_name-parameter</loc>
<lastmod>2026-01-06T20:08:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-slider-322-missing-authorization</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-robot/wp-video-robot-1200-authenticated-subscriber-privilege-escalation-via-user-meta-update</loc>
<lastmod>2024-11-15T15:08:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-363-authenticated-vendor-stored-cross-site-scripting</loc>
<lastmod>2022-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-ticker-widget-for-elementor/news-ticker-widget-for-elementor-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-spotlight/multiple-plugins-by-emarket-design-various-versions-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-cards-lite/ultimate-gift-cards-for-woocommerce-211-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-accessibility/accessibility-suite-419-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-141-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-event-calendar/spidercalendar-1664-reflected-cross-site-scripting</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-weather-plugin/local-weather-10-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-tools/lws-tools-231-cross-site-request-forgery</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc_clipboard/wpbakery-page-builder-clipboard-455-stored-cross-site-scripting</loc>
<lastmod>2021-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-addons-for-elementor-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-purolator-freight-edition/ltl-freight-quotes-purolator-edition-223-unauthenticated-sql-injection</loc>
<lastmod>2025-02-21T16:07:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/superlist/superlist-directory-wordpress-theme-directory-listings-292-stored-cross-site-scripting</loc>
<lastmod>2019-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-contact/map-contact-304-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-wordpress-event-ticketing-3548-unauthenticated-customer-data-exposure</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-488-authenticated-contributor-stored-cross-site-scripting-via-separator-element</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schedule/schedule-100-reflected-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-648-unauthenticated-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-12-11T18:11:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miwoftp/miwoftp-105-arbitrary-file-download</loc>
<lastmod>2015-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/academist/academist-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-511-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplms_plugin/wplms-19954-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-gsheetconnector/woocommerce-google-sheet-connector-1320-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-by-made-it/forms-290-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-taxonomy-meta/category-and-taxonomy-meta-fields-100-cross-site-request-forgery-to-taxonomy-meta-adddelete</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3130-insecure-direct-object-reference-to-authenticated-givewp-worker-arbitrary-post-actions</loc>
<lastmod>2024-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-stored-cross-site-scripting-via-plugin-names</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-676-stored-cross-site-scripting</loc>
<lastmod>2020-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-emails-for-woocommerce/additional-custom-emails-amp-recipients-for-woocommerce-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/replymail/replymail-120-cross-site-request-forgery</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-slider-carousel/post-sliders-post-grids-1020-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft/formcraft-unknown-versions-arbitrary-file-deletion</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ims-countdown/ims-countdown-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements-elementor/thegem-theme-elements-51211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-charts/wordpress-charts-070-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cssable-countdown/cssable-countdown-15-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-742-information-exposure</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-135-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-by-lord-linus/contact-us-by-lord-linus-26-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formbuilder/formbuilder-108-cross-site-request-forgery</loc>
<lastmod>2022-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bootstrap-shortcode/bootstrap-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-box-shortcode</loc>
<lastmod>2026-05-11T19:03:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1143-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-insert/wp-insert-242-arbitrary-file-upload</loc>
<lastmod>2018-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-hero/slider-hero-843-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1693-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emails-verification-for-woocommerce/email-verification-for-woocommerce-2810-unauthenticated-sql-injection</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/splendour/splendour-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1534-cross-site-scripting</loc>
<lastmod>2019-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5381-missing-authorization-via-cr_manual</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchwp-live-ajax-search/searchwp-live-ajax-search-162-directory-traversal-and-local-file-inclusion</loc>
<lastmod>2022-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3238-authenticated-contributor-stored-cross-site-scripting-via-titlefont-parameter</loc>
<lastmod>2024-06-13T19:34:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-easy-download-manager-and-file-sharing-plugin-with-frontend-file-upload-1656-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailshroud/emailshroud-221-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inet-webkit/inet-webkit-124-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/pdf-invoices-packing-slips-for-woocommerce-560-missing-authorization-to-authenticated-subscriber-peppol-identifier-modification</loc>
<lastmod>2026-02-17T17:18:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-browser/sermon-browser-04522-cross-site-request-forgery</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-to-action-popup/call-to-action-102-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lenxel-core/lenxel-core-for-lenxellnx-lms-123-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-08T14:02:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-411-unauthenticated-php-object-injection</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cww-companion/cww-companion-132-cross-site-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/validar-certificados-de-cursos/validatecertify-164-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/99fy-core/free-woocommerce-theme-99fy-extension-127-cross-site-request-forgery-leading-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fitflex/fitflex-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifeline-donation/lifeline-donation-126-authentication-bypass</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-153-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-server-side-request-forgery</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-8120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1381-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-01T16:23:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiled-gallery-carousel-without-jetpack/tiled-gallery-carousel-without-jetpack-31-authenticated-contributor-stored-cross-site-scripting-via-data-image-title</loc>
<lastmod>2026-06-01T19:48:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/matomo/matomo-4153-reflected-cross-site-scripting-via-idsite</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-267-authorization-bypass</loc>
<lastmod>2014-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-12214-to-1232-and-updraftplus-premium-22214-to-2232-privilege-escalation-via-updraft_central_ajax_handler</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-202310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-constant-contact/integration-for-contact-form-7-and-constant-contact-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-199-missing-authorization-to-authenticated-contributor-post-publication</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-add/testimonial-slider-3586-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-13-reflected-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-3815-unauthenticated-sql-injection</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-and-registration-582-improper-authorization-to-information-disclosure</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-728-reflected-cross-site-scripting</loc>
<lastmod>2021-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-427-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-255-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-228-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluentform-6111-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breezing-forms/breezing-forms-12811-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-multi-step/multi-step-for-contact-form-277-unauthenticated-sql-injection</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-to-page/posts-to-page-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-business-directory-and-classified-ad-listing-3626-unauthenticated-sql-injection-via-packages</loc>
<lastmod>2026-04-15T21:35:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar/calendar-1316-authenticated-contributor-stored-cross-site-scripting-via-event_desc</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-272-cross-site-request-forgery</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-and-understood/read-and-understood-22-cross-site-request-forgery</loc>
<lastmod>2018-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pressroom/pressroom-news-magazine-wordpress-theme-70-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdc-youtube-downloader/mdc-youtube-downloader-300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-144-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-bank/contact-bank-20225-reflected-cross-site-scripting</loc>
<lastmod>2015-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mailchimp-for-wp-417-cross-site-scripting</loc>
<lastmod>2017-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-social-network-membership-registration-user-profiles-6460-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-09-24T12:05:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mabel-shoppable-images-lite/shoppable-images-123-cross-site-request-forgery</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-editor/wp-smart-editor-133-reflected-cross-site-scripting</loc>
<lastmod>2024-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alone/alone-783-unauthenticated-remote-code-execution</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-marketplace-multivendor-marketplace-for-woocommerce-372-authenticated-store-vendor-sql-injection</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-facebook-like-widget/all-in-one-like-widget-227-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-elementor-addons-and-templates-library-362-authenticated-contributor-stored-cross-site-scripting-via-motion-text-and-table-widgets</loc>
<lastmod>2024-06-14T12:08:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-wp-toolbar/hide-wp-toolbar-27-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-for-create-and-sell-online-courses-436-reflected-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-remote-users-sync/wp-remote-users-sync-1212-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2023-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booter-bots-crawlers-manager/booter-157-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tournamatch/tournamatch-462-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexi/flexi-guest-submit-420-reflected-cross-site-scripting</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-118-authenticated-contributor-stored-cross-site-scripting-via-title_tag-widget-setting</loc>
<lastmod>2026-06-09T18:49:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppricing-builder-lite-responsive-pricing-table-builder/wppricing-builder-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/history-timeline/history-timeline-072-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-portfolio/wpzoom-portfolio-lite-filterable-portfolio-plugin-144-authenticated-contributor-stored-cross-site-scripting-via-align-attribute</loc>
<lastmod>2024-08-30T19:36:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-customizer/thank-you-page-customizer-for-woocommerce-increase-your-sales-112-missing-authorization-to-authenticated-subscriber-data-export</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-admin-stored-cross-site-scripting-via-notice-parameter</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-tooltips/tooltips-1083-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-comments/top-comments-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2696-authenticated-contributor-stored-cross-site-scripting-via-team-member-widget</loc>
<lastmod>2024-05-14T12:34:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-tracker/time-tracker-310-missing-authorization-to-authenticated-subscriber-arbitrary-options-update-and-limited-data-deletion</loc>
<lastmod>2025-09-10T22:20:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdvs-password-reset/password-reset-with-code-0016-unauthenticated-privilege-escalation-via-weak-otp-codes</loc>
<lastmod>2025-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-credit-for-woocommerce/store-credit-gift-cards-for-woocommerce-104946-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-remote-users-sync/wp-remote-users-sync-1211-missing-authorization-to-authenticated-subscriber-log-view</loc>
<lastmod>2023-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-reviews/ultimate-reviews-3015-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-34-sql-injection</loc>
<lastmod>2015-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-bar/master-bar-10-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/improved-user-search-in-backend/improved-user-search-in-backend-125-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hd-quiz/hd-quiz-209-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpml-string-translation/wpml-string-translation-325-authenticated-administrator-sql-injection-via-context</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-submission/easy-post-submission-frontend-posting-guest-publishing-submit-content-for-wordpress-240-missing-authorization</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hq-rental-software/hq-rental-software-1529-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2024-12-11T15:15:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-331-reflected-cross-site-scripting</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1247-missing-authorization</loc>
<lastmod>2025-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdesignkit/wdesignkit-elementor-gutenberg-starter-templates-patterns-cloud-workspace-widget-builder-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T17:47:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bs-shortcode-ultimate/bootstrap-shortcodes-ultimate-431-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-widget/image-widget-4411-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-update_profile_preference</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discussion-board/discussion-board-248-authenticated-subscriber-content-injection</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-860-authenticated-subscriber-blind-server-side-request-forgery-via-post_url</loc>
<lastmod>2025-11-05T17:30:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-sitemap-generator/google-xml-sitemaps-4122-missing-authorization</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-189-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vigilantor/vigilantor-1310-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-visibility-for-divi-builder/content-visibility-for-divi-builder-402-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-06-02T05:02:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-361-authenticated-contributor-server-side-request-forgery-via-endpoint-parameter</loc>
<lastmod>2026-02-17T17:38:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tnc-toolbox/tnc-toolbox-web-performance-142-unauthenticated-sensitive-information-exposure-to-privilege-escalationcpanel-account-takeover</loc>
<lastmod>2025-11-10T22:27:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-mp3-player-with-playlist/html5-mp3-player-with-playlist-free-300-authenticated-author-php-object-injecton</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-2925-insecure-direct-object-reference-to-order-manipulation</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-askai/my-askai-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:22:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-471-missing-authorization-to-unauthenticated-arbitrary-file-information-disclosure-via-view_file-function</loc>
<lastmod>2026-06-03T13:01:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-all-comments-in-one-page/show-all-comments-701-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timely-booking-button/timely-booking-button-202-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-plugin/beaver-builder-plugin-starter-version-291-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adirectory/adirectory-303-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starred-review/starred-review-142-reflected-cross-site-scripting-via-php_self-variable</loc>
<lastmod>2026-01-06T20:32:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rognone/rognone-062-reflected-cross-site-scripting-via-mode-parameter</loc>
<lastmod>2026-06-01T19:44:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-2943-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rise-blocks/rise-blocks-a-complete-gutenberg-page-builder-36-authenticated-contributor-stored-cross-site-scripting-via-titletag-parameter</loc>
<lastmod>2025-02-11T21:07:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-doctor-directory/hospital-doctor-directory-139-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-with-floating-bar/social-share-with-floating-bar-103-reflected-cross-site-scripting</loc>
<lastmod>2024-10-17T15:47:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-with-ticket-scanner/event-tickets-with-ticket-scanner-154-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daext-autolinks-manager/autolinks-manager-11004-cross-site-request-forgery</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bulk-delete/wp-bulk-delete-136-missing-authorization</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bible-text/bible-text-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fundraising-donation/fundengine-donation-and-crowdfunding-platform-170-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-07-31T15:16:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-farsi/font-farsi-166-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-pro/otter-blocks-pro-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-2611-authenticated-subscriber-information-exposure</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171056-missing-authorization-to-unauthenticated-form-action-meta-modification</loc>
<lastmod>2026-05-01T20:11:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vegadays/vegadays-vegetarian-food-festival-eco-event-wordpress-theme-120-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vipdrv-vip-test-drive/vipdrv-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-631-unauthorized-order-status-change</loc>
<lastmod>2022-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-link-preview/visual-link-preview-229-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prevent-direct-access/prevent-direct-access-286-2882-incorrect-authorization-to-authenticated-contributor-multiple-media-actions</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lu-radioplayer/luna-radio-player-6241107-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/black-widgets/black-widgets-for-elementor-138-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-364-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2019-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-chat-support/better-chat-support-for-messenger-1218-missing-authorization</loc>
<lastmod>2025-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/woolentor-woocommerce-elementor-addons-builder-185-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child-reports/mainwp-child-reports-211-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-5127-authenticated-subscriber-arbitrary-post-access-via-shortcode</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-free-template-library-grid-carousel-table-parallax-animation-register-form-twitter-grid-560-authenticated-contributor-stored-cross-site-scripting-via-price-list-widget</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convert-docx2post/convert-docx2post-14-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/digital-store/easy-digital-downloads-edd-digital-store-133-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-233-authenticated-arbitrary-plugin-installation</loc>
<lastmod>2021-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/theagency/theagency-all-versions-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memphis-documents-library/memphis-documents-library-2616-local-file-inclusion</loc>
<lastmod>2015-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/responsive-ready-sites-importer-226-unprotected-ajax-actions</loc>
<lastmod>2020-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1221-missing-authorization-on-load_hcaptcha_preview-ajax-function</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-embed-code/code-embed-236-authenticatedcontributor-denial-of-service</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-589-authenticated-subscriber-authorization-bypass-to-privilege-escalation</loc>
<lastmod>2024-07-09T15:34:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-334-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-hide/wp-post-hide-109-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-126-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/curtain/curtain-102-unauthenticated-maintenance-mode-enableddisable</loc>
<lastmod>2022-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-video-conference-integration/webcam-video-conference-4918-unrestricted-file-upload-leading-to-remote-code-execuction</loc>
<lastmod>2015-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-smart/mobile-smart-v1316-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-connector/post-connector-109-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-all-in-one-for-wp/dsgvo-all-in-one-for-wp-46-cross-site-request-forgery-to-account-deletion</loc>
<lastmod>2025-02-03T20:24:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-by-azexo/page-builder-by-azexo-127133-cross-site-request-forgery-to-stored-cross-site-scripting-via-azh_save</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-124-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-6181-authenticated-admin-stored-cross-site-scripting-via-product-title</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log-premium/wp-activity-log-premium-464-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-21914-authenticated-contributor-stored-cross-site-scripting-via-custom-css</loc>
<lastmod>2025-11-04T16:25:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vibebp/vibebp-19977-unauthenticated-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spostarbust/elis-related-posts-footer-links-and-widget-120420-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-notify/receive-notifications-after-form-submitting-form-notify-for-any-forms-1110-unauthenticated-authentication-bypass-via-line-oauth-callback</loc>
<lastmod>2026-05-14T18:59:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-264-authenticated-contributor-arbitrary-file-upload-via-storeuploads</loc>
<lastmod>2025-02-11T22:54:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-information-disclosure-multi-part-email-leak</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-1013-authenticated-csv-injection</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustist-reviewer/trustist-reviewer-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-designer/product-designer-1033-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2024-07-08T19:40:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campay-api/campay-woocommerce-payment-gateway-122-unauthenticated-payment-bypass</loc>
<lastmod>2025-12-11T14:34:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-bulk-editor-and-products-manager-professional-for-woocommerce-by-pluginusnet-1142-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-address-bar-changer/mobile-address-bar-changer-30-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/years-since/years-since-timeless-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-07T14:15:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-1342-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-projects/cost-calculator-18-authenticated-local-file-inclusion</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-ad-manager-adsense-ads-5822-authenticated-stored-cross-site-scripting-via-advert-names</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-random-anti-spam-image/peters-random-anti-spam-image-106-cross-site-scripting</loc>
<lastmod>2007-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gotowebinar/wp-gotowebinar-157-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-pack/news-blog-designer-pack-wordpress-blog-plugin-341-unauthenticated-remote-code-execution-via-local-file-inclusion</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatter/chatter-101-missing-authorization</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addfunc-head-footer-code/addfunc-head-footer-code-23-authenticated-contributor-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2026-04-09T14:51:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-forms-plugin-for-wordpress-9112-authenticated-administrator-sql-injection-via-table-parameter</loc>
<lastmod>2026-05-14T18:51:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whatshelp-chat-button/chat-button-1894-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-auto-save-images/dx-auto-save-images-140-cross-site-request-forgery</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-hubspot/integration-for-hubspot-and-contact-form-7-wpforms-elementor-ninja-forms-137-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payoneer-checkout/payoneer-checkout-340-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-instant-messenger/web-instant-messenger-112-and-localweb-in-one-164-stored-cross-site-scripting</loc>
<lastmod>2020-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-infos-to-the-events-calendar/add-infos-to-the-events-calendar-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-post-view-counter/kento-post-view-counter-28-stored-cross-site-scripting</loc>
<lastmod>2016-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-puzzle-captcha/wp-forms-puzzle-captcha-41-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subaccounts-for-woocommerce/subaccounts-for-woocommerce-160-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:47:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/doccure/doccure-150-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-09-08T05:35:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-1510-227-missing-authorization-to-authenticated-subscriber-account-takeoverprivilege-escalation-via-ajax_request-function</loc>
<lastmod>2025-05-12T17:49:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-customer/full-3112-unauthenticated-stored-cross-site-scripting-via-license-plan-parameter</loc>
<lastmod>2024-07-10T11:26:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inactive-user-deleter/inactive-user-deleter-159-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-wall/image-wall-30-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-411-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiwi-social-share/kiwi-social-share-2010-arbitrary-options-update</loc>
<lastmod>2018-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grey-opaque/grey-opaque-201-authenticated-contributor-stored-cross-site-scripting-via-download-button-shortcode</loc>
<lastmod>2024-06-21T15:09:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-payments/accept-stripe-payments-2079-unauthenticated-content-injection</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wassup/wassup-real-time-analytics-1831-cross-site-scripting</loc>
<lastmod>2012-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-630-author-stored-cross-site-scripting-via-preview-module</loc>
<lastmod>2021-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-waze/mywaze-16-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-add-ons/yith-woocommerce-product-add-ons-492-unauthenticated-content-injection</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms/piotnet-forms-plugin-1028-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc4bp/buddypress-woocommerce-my-account-integration-create-woocommerce-member-pages-3424-missing-authorization-to-authenticated-subscriber-limited-settings-update</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-14123-authenticated-sql-injection</loc>
<lastmod>2017-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-elementor/mega-addons-for-elementor-18-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-connector/post-connector-1011-reflected-cross-site-scripting</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hello-world/hello-world-211-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-backup-migration-09128-authenticated-admin-arbitrary-directory-deletion</loc>
<lastmod>2026-06-05T10:43:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-team-member/ht-team-member-114-authenticated-contributor-stored-cross-site-scripting-via-htteamember-shortcode</loc>
<lastmod>2024-10-29T18:09:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-blocks-builder/content-blocks-builder-276-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-bulk-stock-management/woocommerce-bulk-stock-management-2233-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-143-reflected-cross-site-scripting</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-planner/events-planner-1310-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-shortcode/google-map-shortcode-312-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-277-phar-deserialization</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotel-listing/hotel-listing-140-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-ads-builder-for-clickbank-products/affiliate-ads-for-clickbank-products-17-stored-cross-site-scripting</loc>
<lastmod>2017-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saan-world-clock/saan-world-clock-18-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-expirator/schedule-post-changes-with-publishpress-future-unpublish-delete-change-status-trash-change-categories-492-missing-authorization-to-authenticated-contributor-authors-emails-exposure</loc>
<lastmod>2025-12-15T22:49:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nautic-pages/nautic-pages-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-04-30T18:12:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nokaut-offers-box/nokaut-offers-box-140-cross-site-request-forgery-to-plugin-setting-reset</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-anti-fraud/woocommerce-anti-fraud-726-missing-authorization</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-4320-reflected-cross-site-scripting</loc>
<lastmod>2021-11-28T10:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-share-buttons-adder/simple-share-buttons-adder-44-cross-site-request-forgery</loc>
<lastmod>2014-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-booking-calendar/wp-simple-booking-calendar-2084-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tell-a-friend-popup-form/wp-tell-a-friend-popup-form-71-cross-site-request-forgery-via-tellafriend_admin</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-backup-migration-tool-414-authenticated-administrator-php-object-injection-via-wxr-xml-file-upload</loc>
<lastmod>2026-06-05T13:35:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transportersio/transportersio-211-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:07:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-files-upload-woocommerce/checkout-files-upload-for-woocommerce-212-cross-site-scripting</loc>
<lastmod>2022-05-04T06:49:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-jquery-image-gallery/slideshow-231-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yotpo-social-reviews-for-woocommerce/yotpo-product-photo-reviews-for-woocommerce-179-reflected-cross-site-scripting</loc>
<lastmod>2024-11-14T16:36:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aihub/ai-hub-startup-technology-wordpress-theme-137-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gi-media-library/gi-media-library-30-directory-traversal</loc>
<lastmod>2015-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-manager/wp-table-manager-352-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mhr-post-ticker/mhr-post-ticker-11-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptx/cryptx-405-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T20:35:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms-by-mailmunch/constant-contact-forms-by-mailmunch-2010-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-182-authentication-bypass</loc>
<lastmod>2016-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider/logo-slider-148-authenticated-admin-sql-injection</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-475-missing-authorization-to-unauthenticated-arbitrary-member-account-deactivation-via-forged-stripe-chargerefunded-webhook</loc>
<lastmod>2026-06-17T16:52:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-feature-box/wp-feature-box-013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mapbox-gl-js/wp-mapbox-gl-js-maps-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uninstall/wordpress-uninstall-121-cross-site-request-forgery-to-site-reset</loc>
<lastmod>2015-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-410-cross-site-request-forgery</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/electric-enquiries/electric-enquiries-11-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode-attribute</loc>
<lastmod>2026-02-26T20:48:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-exclude/simply-exclude-2066-reflected-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/instantva/instant-va-101-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suredash/suredash-103-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-easy-google-analytics/ht-easy-ga4-google-analytics-4-106-cross-site-request-forgery-via-plugin_activation</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worpit-admin-dashboard-plugin/icontrolwp-553-unauthenticated-privilege-escalation</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11318-unauthenticated-time-based-sql-injection-via-sort-parameter</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-coming-soon-maintenance-countdown-clock-232-cross-site-scripting</loc>
<lastmod>2022-04-28T11:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-wordpress-poll/wordpress-poll-36-sql-injection</loc>
<lastmod>2020-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-facebook-feed/smash-balloon-social-post-feed-415-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-251-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-27T16:22:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-your-number/get-your-number-113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder-pro/funnel-kit-funnel-builder-pro-345-authenticatedcontributor-stored-cross-site-scripting-via-allow_iframe_tag_in_post</loc>
<lastmod>2024-08-28T15:12:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fotomoto/fotomoto-128-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sapo-feed/sapo-feed-242-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsivevoice-text-to-speech/responsivevoice-text-to-speech-176-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-warfare/social-warfare-352-unauthenticated-arbitrary-settings-update</loc>
<lastmod>2019-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-plugin-13-multiple-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-229-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdw-file-browser/pdf-file-browser-13-remote-code-execution</loc>
<lastmod>2020-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-drag-drop-form-builder-for-wordpress-282-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/honeypot/wp-armour-honeypot-anti-spam-156-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beeteam368-extensions/beeteam368-extensions-194-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-files/secure-files-11-directory-traversal</loc>
<lastmod>2005-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-ffl-cockpit/g-ffl-cockpit-171-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2025-12-05T17:38:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwp-client/infinitewp-client-1123-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/wordpress-contact-forms-by-cimatti-157-missing-authorization</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listamester/listamester-236-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3108-authenticated-contributor-stored-cross-site-scripting-via-_id-parameter</loc>
<lastmod>2024-05-17T14:41:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-135-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgall-for-woocommerce/-514-authenticated-contributor-stored-cross-site-scripting-pafw_instant_payment-shortcode</loc>
<lastmod>2024-11-22T23:37:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-201-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/good-reviews-wp/five-star-restaurant-reviews-235-authenticated-contributor-stored-cross-site-scripting-via-review-url</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedesigntech-ultimate-booking-addon/wedesigntech-ultimate-booking-addon-101-authenticated-subscriber-authentication-bypass</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-integrations/bit-integrations-2410-open-redirect</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9320-authenticated-support-staff-sql-injection</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-elements/powerpack-pro-for-elementor-2923-reflected-cross-site-scripting</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahmeti-wp-timeline/ahmeti-wp-timeline-51-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ricerca-smart-search/ricerca-smart-and-advanced-search-1015-cross-site-request-forgery</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-posts-carousel-pro/responsive-posts-carousel-wordpress-plugin-151-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-268-authenticated-contributor-stored-cross-site-scripting-via-shortocde</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kbucket/kbucket-your-curated-content-in-wordpress-415-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-980-authenticated-admin-stored-cross-site-scripting-via-button-width</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3242-reflected-cross-site-scripting</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-me/copy-me-100-missing-authorization-cross-site-request-forgery</loc>
<lastmod>2016-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riaxe-product-customizer/riaxe-product-customizer-24-unauthenticated-sensitive-information-disclosure-via-orders-rest-api-endpoint</loc>
<lastmod>2026-04-07T17:37:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uix-shortcodes/uix-shortcodes-compatible-with-gutenberg-199-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-10-25T20:38:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3118-cross-site-request-forgery-via-save_campaign_preview</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-44-missing-authorization-via-getsiqpluginsettings</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daves-wordpress-live-search/daves-wordpress-live-search-45-reflected-cross-site-scripting</loc>
<lastmod>2017-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resume-builder/resume-builder-311-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/restaurt/restaurt-104-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10239-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-602-stored-cross-site-scripting-via-plugin-deactivation-and-deletion-errors</loc>
<lastmod>2022-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-12148-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2693-authenticated-contributor-stored-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nova-blocks/nova-blocks-by-pixelgrade-217-authenticated-contributor-stored-cross-site-scripting-via-align-attribute</loc>
<lastmod>2024-09-09T20:42:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-import-export-woocommerce/wordpress-comments-import-export-204-csv-injection</loc>
<lastmod>2018-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/softdiscover-db-file-manager/file-manager-code-editor-backup-by-managefy-161-unauthenticated-information-exposure</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1734-insecure-password-reset-mechanism</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-2115-admin-cross-site-scripting</loc>
<lastmod>2022-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dimension/dimension-unknown-versions-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2013-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popups-lite/wp-popups-2205-missing-authorization</loc>
<lastmod>2026-01-11T20:52:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-855-missing-authorization</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-honeypot/ap-honeypot-wordpress-plugin-14-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wolmart/wolmart-multi-vendor-marketplace-woocommerce-theme-196-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/localgrid/localgrid-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-language-switcher/easy-language-switcher-10-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-custom-registration-form-login-form-and-user-profile-421-insecure-direct-object-reference-to-unauthenticated-limited-user-deletion</loc>
<lastmod>2025-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pro-quiz/wp-pro-quiz-037-arbitrary-quiz-deletion-via-cross-site-request-forgery</loc>
<lastmod>2020-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-503-unauthenticated-information-exposure</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-login-page/lh-login-page-214-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-38101-unauthenticated-sql-injection</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cufon/wp-cufon-1610-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyrotator-for-wordpress/easyrotator-for-wordpress-1014-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-by-feedify/feedify-web-push-notifications-245-reflected-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-shortcode/tabs-shortcode-202-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediapress/mediapress-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yphplista/yphplista-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netreviews/verified-reviews-avis-vrifis-2314-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copypress-rest-api/copypress-rest-api-11-12-missing-configurable-jwt-secret-and-file-type-validation-to-unauthenticated-remote-code-execution</loc>
<lastmod>2025-09-29T15:26:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eds-responsive-menu/eds-responsive-menu-12-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fraudlabs-pro-sms-verification/fraudlabs-pro-sms-verification-1101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-disable-activation-reloaded/bp-disable-activation-reloaded-121-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjam-basic/wpjam-basic-692-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auth0/login-by-auth0-3113-csv-injection</loc>
<lastmod>2020-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-auto-tool/ai-auto-tool-content-writing-assistant-gemini-writer-chatgpt-all-in-one-227-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-541-authenticated-contributor-local-file-inclusion-via-team-member-listing</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-redsys-gateway-light/payment-gateway-for-redsys-woocommerce-lite-700-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/friendly-functions-for-welcart/friendly-functions-for-welcart-124-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:37:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-button-plugin/bestwebsofts-like-share-posts-pages-and-widget-social-extension-plugin-for-wordpress-254-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-remote-posts-block/display-remote-posts-block-110-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-475-cross-site-request-forgery-filesystem-credential-update</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-downloads/z-downloads-1113-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-gutenberg/gutenberg-blocks-331-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-article-uploader-extension/mainwp-various-extensions-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-443-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2024-05-21T18:36:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/querywall/querywall-111-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imgspider/imgspider-2310-authenticated-contributor-arbitrary-file-upload-via-upload_img_file</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-photo-gallery/simple-photo-gallery-180-stored-cross-site-scripting</loc>
<lastmod>2016-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-446-reflected-cross-site-scripting</loc>
<lastmod>2021-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-84-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-236-authenticated-contributor-protected-post-disclosure</loc>
<lastmod>2025-01-10T14:15:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-roles-per-user/multiple-roles-per-user-10-missing-authorization-to-authenticated-custom-privilege-escalation</loc>
<lastmod>2025-11-17T20:12:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-dj-manager/mdjm-event-management-1752-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-country-blocker/advanced-country-blocker-231-unauthenticated-authorization-bypass-via-insecure-default-secret-key</loc>
<lastmod>2026-02-06T20:24:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-to-display-post-and-user-data/display-custom-fields-in-the-frontend-post-and-user-profile-fields-121-authenticated-contributor-stored-cross-site-scripting-via-vg_display_data</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-489-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T14:52:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-scroll-recent-post/vertical-scroll-recent-post-140-cross-site-request-forgery-via-vsrp_admin_options</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-regenerate-select-crop/image-regenerate-select-crop-730-sensitive-information-exposure</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1115-missing-authorization</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-header/responsive-header-plugin-10-authenticated-administrator-stored-cross-site-scripting-via-settings-parameters</loc>
<lastmod>2026-01-23T20:34:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hm-cool-author-box-widget/cool-author-box-299-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-map/leaflet-map-330-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-845-missing-authorization</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spreadplugin/wp-spreadplugin-3862-cross-site-scripting</loc>
<lastmod>2015-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microkids-related-posts/related-posts-for-wordpress-403-cross-site-request-forgery</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-playground/quick-playground-131-missing-authorization-to-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-04-08T14:35:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-play-button-for-wordpress/sptify-play-button-for-wordpress-207-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rosebud/rosebud-14-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-mask/content-mask-1853-authenticated-author-insecure-direct-object-reference</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-plugin-by-blubrry-111510-authenticated-contributor-sql-injection</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-auto-post-thumbnail-413-authenticated-author-server-side-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/012-ps-multi-languages/012-ps-multi-languages-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T13:28:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wp-business-directory-plugin-and-classified-listings-directory-2897-unauthenticated-sql-injection</loc>
<lastmod>2025-01-29T22:00:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-frontend-submit/wp-frontend-submit-110-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sports-club-management/sports-club-management-1129-authenticated-contributor-stored-cross-site-scripting-via-before-attribute</loc>
<lastmod>2026-04-07T17:38:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-import-export-woocommerce/wordpress-comments-import-export-237-authenticated-author-arbitrary-file-read-via-directory-traversal</loc>
<lastmod>2024-10-10T19:55:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-13980-authenticated-author-external-entity-injection</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-401-unauthenticated-sql-injection</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protected/password-protected-2711-unauthenticated-authorization-bypass-via-ip-address-spoofing</loc>
<lastmod>2025-10-24T16:54:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finalist/finalist-all-versions-cross-site-scripting</loc>
<lastmod>2013-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-events-manager/wp-events-manager-221-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-by-woobewoo-149-missing-authorization</loc>
<lastmod>2021-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-432-cross-site-request-forgery</loc>
<lastmod>2016-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wati-chat-and-notification/wati-chat-and-notification-112-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/car-park-booking-system-for-wordpress/car-park-booking-system-for-wordpress-26-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squeeze/squeeze-16-authenticated-admin-full-path-disclosure</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ferma-ru-net-checkout/fermarunet-133-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-icons/menu-icons-by-themeisle-01320-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-03T09:50:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-wishlist/wpc-smart-wishlist-for-woocommerce-293-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-25102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-361-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-05T19:31:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-youtube-video-player/ultimate-youtube-video-shorts-player-with-vimeo-33-missing-authorization-to-authenticated-subscriber-arbitrary-playlistvideo-deletion</loc>
<lastmod>2024-11-20T13:45:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-7611-authenticated-contributor-stored-cross-site-scripting-via-link-library-shortcode</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider-shortcode/testimonial-slider-shortcode-118-authenticated-contributor-cross-site-scripting-vulnerability-via-shortcode</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-css/instant-css-121-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/webba-booking-621-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himer/himer-social-questions-and-answers-210-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmapsmania/gmapsmania-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-05-01T13:11:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugmatter-optin-feature-box-lite/plugmatter-optin-feature-box-2014-sql-injection</loc>
<lastmod>2015-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-meet-the-team/wp-responsive-meet-the-team-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:22:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-400-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vipergb/wp-vipergb-1310-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compress-then-upload/compress-then-upload-104-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wired-impact-volunteer-management/wired-impact-volunteer-management-28-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-630-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-statcounter-plugin-for-wordpress/statcounter-211-authenticated-author-stored-cross-site-scripting-via-author-nickname</loc>
<lastmod>2026-05-28T17:02:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-2012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-freshdesk/gravity-forms-freshdesk-135-unauthenticated-open-redirect</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-cost-calculator/stylish-cost-calculator-703-stored-cross-site-scripting</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-from-files/gallery-from-files-160-arbitrary-file-upload</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovic-import-demo/ovic-importer-163-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-34-cross-site-request-forgery</loc>
<lastmod>2015-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link-lite/pretty-link-lite-154-cross-site-scripting</loc>
<lastmod>2011-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-364-authenticated-doctorreceptionist-sql-injection</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-user-notes/frontend-user-notes-210-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-note-modification</loc>
<lastmod>2026-02-17T16:31:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-all-in-one-for-wp/dsgvo-all-in-one-for-wp-45-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fp-rss-category-excluder/fp-rss-category-excluder-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yada-wiki/yada-wiki-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-engage-3131-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/learnify/learnify-online-courses-education-wordpress-theme-1150-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plms/property-lot-management-system-10-authenticated-salesman-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitcoin-faucet/bitcoin-altcoin-faucet-160-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/burst-statistics/burst-statistics-privacy-friendly-analytics-for-wordpress-140-to-1461-unauthenticated-sql-injection</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-381-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-42415-unauthenticated-remote-code-execution-arbitrary-file-read-and-arbitrary-file-deletion</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-custom-styles/tinymce-custom-styles-112-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-pdf-viewer/embed-pdf-viewer-231-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/viala/viala-131-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cs-framework/cs-framework-70-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-customizer/thank-you-page-customizer-for-woocommerce-increase-your-sales-112-missing-authorization-to-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-tube/fast-tube-231-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-addons-by-bit14/web-and-woocommerce-addons-for-wpbakery-builder-147-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-188-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prostore/prostore-113-open-redirect</loc>
<lastmod>2014-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-product-sharing/ocean-product-sharing-222-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopp-arrange/cgd-arrange-terms-113-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-484-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolementor/codesigner-woocommerce-builder-for-elementor-customize-checkout-shop-email-products-more-441-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-06-11T15:24:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-rosters/team-rosters-482-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-641-unauthenticated-sensitive-information-exposure-via-log-files</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-storymap/storymap-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-173-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-rss-import-news-feeds-feed-to-post-and-autoblogging-5011-unauthenticated-dom-based-reflected-cross-site-scripting-via-postmessage</loc>
<lastmod>2026-03-06T19:00:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-option_id</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formularios-de-contacto-salesup/formulario-de-contacto-salesup-1014-reflected-cross-site-scripting</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-azure-offload/wp-azure-offload-20-reflected-cross-site-scripting</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-650-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dpe-ges/wp-dpe-ges-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-for-seo/ai-for-seo-129-missing-authorization</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/questionpro-surveys/questionpro-surveys-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-13T18:26:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-master/wp-security-master-102-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-inquiry/woo-inquiry-01-unauthenticated-sql-injection</loc>
<lastmod>2024-08-20T17:18:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-zoooom/wp-image-zoom-123-cross-site-request-forgery-to-denial-of-service</loc>
<lastmod>2018-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-38-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hermit/hermit-316-unauthenticated-sql-injection</loc>
<lastmod>2022-04-28T12:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-profiles-content-restriction-3848-missing-authorization-to-unauthenticated-registration-form-status-modification</loc>
<lastmod>2026-04-03T13:05:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/polls-cp-105-cross-site-scripting</loc>
<lastmod>2015-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-meta/wp-social-meta-101-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-02-25T12:49:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm/wp-crm-customer-relations-management-for-wordpress-121-csv-injection</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-0187-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1253-cross-site-request-forgery</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-short/ad-short-201-authenticated-contributor-stored-cross-site-scripting-via-client-shortcode-attribute</loc>
<lastmod>2026-03-20T15:06:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migrate-db/wp-migrate-lite-migration-made-easy-278-cross-site-request-forgery</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/wp-ultimate-review-236-ip-spoofing</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp3d-model-import-block/wp3d-model-import-viewer-107-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-12-12T16:19:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-100-free-open-source-file-manager-and-code-editor-for-wordpress-657-authenticated-subscriber-limited-javascript-file-upload</loc>
<lastmod>2024-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-59-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-42415-missing-authorization-to-authenticated-subscriber-limited-path-traversal</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googleanalytics/sharethis-dashboard-for-google-analytics-321-missing-authorization-to-unauthenticated-feature-deactivation</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-by-wp-academy/clone-237-cross-site-request-forgery-via-wp_ajax_tifm_save_decision</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/topscorer/topscorer-sports-wordpress-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-activity-plus-reloaded/activity-plus-reloaded-for-buddypress-112-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-the-ultimate-help-desk-support-plugin-286-unauthenticated-php-code-injection-to-remote-code-execution</loc>
<lastmod>2024-08-12T14:17:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-peach-payments-gateway/peach-payments-gateway-319-missing-authorization-via-peach_core_version_rollback</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bitly/bitlys-wordpress-plugin-271-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rareradio/rare-radio-10151-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-1412-reflected-cross-site-scripting</loc>
<lastmod>2018-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elastik-page-builder/elastik-page-builder-0274-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T19:24:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1545-multiple-cross-site-scripting-issues</loc>
<lastmod>2020-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-codes/add-custom-codes-480-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-tools/lws-tools-241-cross-site-request-forgery</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-structured-data-schema/wp-seo-structured-data-schema-281-authenticated-contributor-stored-cross-site-scripting-via-_kcseo_ative_tab-parameter</loc>
<lastmod>2026-05-11T19:10:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-collation-fix/database-collation-fix-127-cross-site-request-forgery-via-admin_page</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-builder/skt-page-builder-41-missing-authorization-to-authenticatedsubscriber-content-injection</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-721-insufficient-privilege-de-escalation</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-product/woocommerce-gifts-product-100-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-243-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wprequal/mortgage-lead-capture-system-8211-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2025-02-17T15:45:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/askka/askka-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-dashboard-page/custom-dashboard-page-10-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-core/salient-core-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-documentation/simple-documentation-128-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-1316-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-zoom-meetings-webinar-138-cross-site-request-forgery</loc>
<lastmod>2022-04-11T18:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hostel/goodlayers-hostel-312-reflected-cross-site-scripting</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-photo-contest-plugin-for-wordpress-13105-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pico/hype-105-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reservit-hotel/reservit-hotel-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translit-it/translit-it-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vehica-core/vehica-core-10100-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-sharing-toolkit/social-sharing-toolkit-211-cross-site-request-forgery</loc>
<lastmod>2013-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-order-numbers-for-woocommerce/custom-order-numbers-for-woocommerce-1110-missing-authorization</loc>
<lastmod>2025-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brickscore/brickscore-1425-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/art-direction/art-direction-024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-bank/mail-bank-1-mail-smtp-plugin-for-wordpress-4014-missing-authorization</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orion-login-with-sms/orion-login-with-sms-105-authentication-bypass-via-weak-otp</loc>
<lastmod>2025-07-21T20:51:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-219-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-watermark/image-watermark-173-missing-authorization-to-authenticated-subscriber-watermark-modification</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-builder-for-wpforms/pdf-builder-for-wpforms-12116-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-sendinblue-3124-reflected-cross-site-scripting</loc>
<lastmod>2021-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobcareer/jobcareer-34-multiple-cross-site-scripting</loc>
<lastmod>2020-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bstone-demo-importer/bstone-demo-importer-101-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shuttle/shuttle-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personal-dictionary/personal-dictionary-133-unauthenticated-sql-injection</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms/wpforms-pro-184-1853-unauthenticated-stored-cross-site-scripting-via-form-submission</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insertify/insertify-114-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medicenter/medicenter-health-medical-clinic-151-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5972-missing-authorization-to-authenticated-subscriber-arbitrary-user-suspension</loc>
<lastmod>2026-02-04T20:24:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/softlab-core/softlab-core-1211-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-922-cross-site-scripting</loc>
<lastmod>2019-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-for-sports-team-league-football-hockey-more-34-sql-injection</loc>
<lastmod>2019-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/maia/maia-1115-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-470-missing-authorization-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/square-thumbnails/square-thumbnails-110-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vcaching/varnishnginx-proxy-caching-183-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-site/hide-my-site-22-unauthenticated-information-exposure</loc>
<lastmod>2024-08-20T17:27:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flowpaper-lite-pdf-flipbook/flowpaper-203-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-app-builder-by-wappress/mobile-app-builder-by-wappress-105-arbitrary-file-upload</loc>
<lastmod>2017-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-1177-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-1963-and-updraftplus-paid-2963-cross-site-scripting</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/simple-calendar-google-calendar-plugin-204-reflected-cross-site-scripting</loc>
<lastmod>2014-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-365-authenticated-author-privilege-escalation</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-761-missing-authorization-to-authenticated-contributor-post-duplication</loc>
<lastmod>2024-08-21T12:05:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-card-block/business-card-block-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemapper/imagemapper-126-missing-authorization-to-authenticated-subscriber-arbitrary-pagepost-deletion-via-imgmap_delete_area_ajax</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fixed-html-toolbar/fixed-html-toolbar-107-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-10-226-missing-authorization-to-unauthenticated-privilege-escalation-via-fed_wp_ajax_fed_login_form_post-function</loc>
<lastmod>2025-05-06T20:38:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11319-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-addons-for-elementor-page-templates-widgets-mega-menu-woocommerce-6411-authenticated-contributor-stored-cross-site-scripting-via-navigation-menu-lite-widget</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-views-stats/post-views-stats-13-reflected-cross-site-scripting-via-from-and-to</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabgarb/tabgarb-pro-26-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-message-filter/message-filter-for-contact-form-7-1611-reflected-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-3517-unauthenticated-sql-injection</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ohio-extra/ohio-extra-360-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-access-control/wordpress-access-control-4013-improper-access-control-to-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-wound/the-wound-001-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-328-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-white-label-wordpress-custom-login-page-customizer-3417-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-code-snippets/easy-code-snippets-102-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T21:33:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-293-local-file-inclusion</loc>
<lastmod>2022-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heureka/heureka-108-cross-site-request-forgery</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-show-core/wpb-show-core-25-reflected-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkoi-templates-for-elementor/wpkoi-templates-for-elementor-256-authenticated-contributor-stored-cross-site-scripting-via-advanced-heading-widget</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-652-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-408-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-855-reflected-cross-site-scripting-via-customer-search</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fooddy/fooddy-1310-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-for-woocommerce/meta-for-woocommerce-370-unauthenticated-open-redirect</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1395-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-03-05T06:23:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-dashboard-widgets/custom-dashboard-widgets-131-cross-site-request-forgery-to-stored-cross-site-scripting-via-cdw_dashboardwidgets</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-slider/wonder-slider-lite-wonder-slider-144-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kraken-image-optimizer/krakenio-image-optimizer-265-cross-site-request-forgery</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0989-authenticated-stored-cross-site-scripting</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdowner-elementor/countdowner-for-elementor-104-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8115-cross-site-request-forgery-via-display_results</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exportfeed-list-woocommerce-products-on-ebay-store/exportfeed-2010-sql-injection</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-block-extend/advance-block-extend-104-authenticated-contributor-stored-cross-site-scripting-via-titlecolor-block-attribute</loc>
<lastmod>2026-02-18T15:53:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-212-authenticated-subscriber-arbitrary-post-access</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basic-interactive-world-map/basic-interactive-world-map-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-en-mantenimiento/web-en-mantenimiento-106-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-183-object-injection</loc>
<lastmod>2016-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-228-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-seo-tool/smart-seo-tool-305-reflected-cross-site-scripting</loc>
<lastmod>2021-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide/slides-presentations-0039-missing-authorization-to-content-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/college/multiple-themes-various-versions-reflected-cross-site-scripting-via-search-field</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quickcab/quickcab-133-missing-authorization</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post/yoast-duplicate-post-323-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2019-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontis-blocks/frontis-blocks-116-unauthenticated-server-side-request-forgery-via-url-parameter</loc>
<lastmod>2026-01-23T19:20:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-380-missing-authorization-to-authenticated-subscriber-office-365-oauth-configuration-overwrite</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3123-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webpushr-web-push-notifications/webpushr-4350-reflected-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sponsors/sponsors-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-banner/random-banner-4211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-397-cross-site-scripting</loc>
<lastmod>2015-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flashy/flashy-121-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf24-post-to-pdf/pdf24-article-to-pdf-422-cross-site-request-forgery</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uberSlider_mouseinteraction/uberslider-mouseinteraction-23-reflected-cross-site-scripting</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/delicious-recipes-wordpress-recipe-plugin-167-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress/sportspress-278-reflected-cross-site-scripting</loc>
<lastmod>2021-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/webtoffee-wp-backup-and-migration-153-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-482-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mangboard/mang-board-wp-184-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-262-authenticated-contributor-stored-cross-site-scripting-via-tutor_instructor_list-shortcode</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wechat-broadcast/-wechat-broadcast-120-directory-traversal</loc>
<lastmod>2018-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-post-slider-lite/real-post-slider-lite-24-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-01-13T16:48:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-436-missing-authorization</loc>
<lastmod>2025-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/wordpress-meta-data-and-taxonomies-filter-mdtf-1331-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3111-reflected-cross-site-scripting</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-code/ninjateam-header-footer-custom-code-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-32020-unauthenticated-content-injection-vulnerability</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-mobile-pack/wordpress-mobile-pack-mobile-plugin-for-progressive-web-apps-hybrid-mobile-apps-213-sensitive-information-exposure</loc>
<lastmod>2015-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-keywords/seo-keywords-113-reflected-cross-site-scripting-via-google_error-parameter</loc>
<lastmod>2025-01-06T16:06:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2552-authenticated-stored-cross-site-scripting-via-caption-on-hover</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-excerpt-everywhere/auto-excerpt-everywhere-15-cross-site-request-forgery</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unyson/unyson-2726-cross-site-scripting</loc>
<lastmod>2022-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-column-tag-map/multi-column-tag-map-17024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-mollie/mollie-for-contact-form-7-500-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-grid/essential-grid-3018-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opencart-product-in-wp/opencart-product-in-wp-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hr-management-lite/hr-management-lite-37-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-114-authenticated-shop-manager-stored-cross-site-scripting-via-plugin-options</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-556-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-2080-insecure-direct-object-reference</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12416-missing-authorization-to-authenticated-contributor-privileged-cloud-api-operations</loc>
<lastmod>2026-06-05T14:31:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-821-insecure-direct-object-reference-to-address-modification</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-20250324-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mission/mission-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-elementor-kit/thim-elementor-kit-119-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-05-10T18:41:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeloom-widgets/themeloom-widgets-185-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T18:53:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-zagg/zagg-electronics-accessories-woocommerce-wordpress-theme-141-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-13T19:48:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wappointment/wappointment-269-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horizontal-scrolling-announcements/horizontal-scrolling-announcements-24-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gum-elementor-addon/gum-elementor-addon-1310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/empik-for-woocommerce/empikplace-for-woocommerce-143-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-27-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-messages/user-messages-124-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto/crypto-tool-222-missing-authentication-to-unauthenticated-limited-file-deletion</loc>
<lastmod>2025-11-10T15:07:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dw-question-answer-pro/dw-question-answer-pro-136-cross-site-request-forgery</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/wp-front-user-submit-front-editor-494-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-import-export-for-woocommerce/order-export-order-import-for-woocommerce-260-authenticated-administrator-server-side-request-forgery-via-validate_file-function</loc>
<lastmod>2025-03-19T22:24:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-623-authorization-bypass</loc>
<lastmod>2021-11-24T14:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-8111-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-only-login/password-only-login-02-reflected-cross-site-scripting</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-coupons-for-woocommerce-free/advanced-coupons-for-woocommerce-coupons-468-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-467-missing-authorization-to-unauthenticated-zoom-sdk-credential-exposure-via-get_auth-ajax-action</loc>
<lastmod>2026-06-15T14:43:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evangtermine/evangelische-termine-33-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-unlock/subscribe-to-unlock-115-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team/team-showcase-12225-reflected-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1522-authenticated-subscriber-private-post-meta-disclosure-via-get_sponsored_meta</loc>
<lastmod>2026-05-20T13:15:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/discount-and-dynamic-pricing/dynamic-pricing-and-discount-rules-229-cross-site-request-forgery</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-6502-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-carousel-free/logo-carousel-341-unauthorised-private-post-access</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-by-wbw-279-unauthenticated-sql-injection-via-filtersdatabackend-parameter</loc>
<lastmod>2025-04-03T16:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-281-missing-authorization-to-unauthenticated-plugin-deactivation-and-extensions-activationdeactivation</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-sticky-footer/simple-sticky-footer-132-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/hubbub-lite-1351-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-old-orders/delete-old-order-02-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-616-subscriber-category-add-leading-to-stored-cross-site-scripting</loc>
<lastmod>2021-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-1173-reflected-cross-site-scripting</loc>
<lastmod>2020-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-groups/peepso-core-groups-6460-authenticated-subscriber-stored-cross-site-scripting-via-group-description</loc>
<lastmod>2025-07-02T18:17:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-elementor-forms/pdf-for-elementor-forms-drag-and-drop-template-builder-631-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wireless-butler/wireless-butler-1011-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-renamer/media-file-renamer-577-authenticatedadministrator-remote-code-execution</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements/thegem-theme-elements-for-wpbakery-5110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-roles/multiple-roles-137-privilege-escalation</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/radcliffe-2/radcliffe-2-2017-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-4618-authenticated-contributor-sql-injection-via-rtmedia_gallery-shortcode</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elements/easy-elements-for-elementor-144-unauthenticated-privilege-escalation-via-easyel_handle_register</loc>
<lastmod>2026-05-19T13:10:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-281-authenticatedcontributor-stored-cross-site-scripting-via-banner-link</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-slider/seo-slider-110-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-599-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T19:54:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livechat-elementor/livechat-elementor-1013-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemelandco-woo-report/woocommerce-report-145-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-962-unauthenticated-stored-cross-site-scripting-via-sms_prefix</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse-news/gutenverse-news-advanced-news-magazine-blog-gutenberg-blocks-addons-302-missing-authorization</loc>
<lastmod>2025-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ec-authorizenet/ec-authorizenet-033-reflected-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fundraising-donation/fundengine-174-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-custom-auto-excerpt/easy-custom-auto-excerpt-247-stored-cross-site-scripting</loc>
<lastmod>2018-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor-pro/piotnet-addons-for-elementor-pro-7117-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chatbot/wp-chatbot-for-messenger-49-missing-authorization-to-unauthenticated-chatbot-configuration-takeover</loc>
<lastmod>2026-03-20T14:38:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/website-builder-by-seedprod-theme-builder-landing-page-builder-coming-soon-page-maintenance-mode-6198-missing-authorization</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-531-insecure-backuplogfile-generation</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-343-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nota-fiscal-eletronica-woocommerce/nota-fiscal-eletrnica-woocommerce-3409-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-2117-reflected-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foursquare-checkins/foursquare-checkins-13-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2013-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitebuilder-dynamic-components/sitebuilder-dynamic-components-10-php-object-injection</loc>
<lastmod>2017-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-widget-for-elementor-page-builder-gutenberg-blocks-form-builder-221-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-14T15:58:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-320-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photospace/photospace-gallery-235-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gaspard/gaspard-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gradient-text-widget-for-elementor/gradient-text-widget-for-elementor-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themefuse-maintenance-mode/themefuse-maintenance-mode-113-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodigs/geodigs-341-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-post-and-buddypress/push-notification-for-post-and-buddypress-193-unauthenticated-sql-injection</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lunna/lunna-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshop/wpshop-2-e-commerce-1396-arbitrary-file-upload</loc>
<lastmod>2015-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-auto-publish/wp2social-auto-publish-247-reflected-cross-site-scripting-via-postmessage</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-expert/quiz-expert-easy-quiz-maker-exam-and-test-manager-150-cross-site-request-forgery</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-388-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-550-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3265-unauthenticated-sql-injection</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-csv-exporter/wp-csv-exporter-136-authenticated-admin-sql-injection</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-diaries/travel-diaries-124-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-2515-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-rotator/favicon-rotator-1211-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-count/quick-count-300-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-tidy-tags/xili-tidy-tags-11203-cross-site-request-forgery</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycurator/mycurator-content-curation-374-cross-site-request-forgery</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32517-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-news-feed/twitter-news-feed-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-211-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveforms/contact-form-drag-and-drop-form-builder-plugin-485-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-pages/legal-pages-145-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-slider-and-carousel-with-lightbox/meta-slider-and-carousel-with-lightbox-201-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-payment/simple-payment-246-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/national-weather-service-alerts/national-weather-service-alerts-135-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-search/wordpress-wp-advanced-search-336-sql-injection</loc>
<lastmod>2020-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-coder/wp-coder-code-snippets-html-css-js-and-php-injection-360-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-google-maps-short-code/simple-shortcode-for-google-maps-154-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-07T17:29:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-email/check-log-email-051-reflected-cross-site-scripting</loc>
<lastmod>2016-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-404-auto-redirect-to-similar-post/wp-404-auto-redirect-to-similar-post-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomdev-wp-pros-cons/mighty-classic-pros-and-cons-209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-duplicator/theme-duplicator-11-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-update-notify/browser-update-notify-021-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/network-summary/network-summary-2011-unauthenticated-sql-injection</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft-official-opt-in-forms/keap-official-opt-in-forms-1011-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-580-reflected-cross-site-scripting</loc>
<lastmod>2017-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-937-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-like-dislike/comments-like-dislike-122-ip-spoofing</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4247-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-library-lite/document-library-lite-117-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3253-reflected-cross-site-scripting</loc>
<lastmod>2022-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-736-insecure-direct-object-reference</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-12-cross-site-request-forgery</loc>
<lastmod>2022-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts/limit-login-attempts-171-authenticatedsubscriber-stored-cross-site-scripting</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-by-supsystic/pricing-table-by-supsystic-1912-authenticated-admin-content-injection</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftnav-responsive-mobile-menu/shiftnav-responsive-mobile-menu-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apollo13-framework-extensions/apollo13-framework-extensions-192-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artplacer-widget/artplacer-widget-2232-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1085-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-contracts/wpsmartcontracts-2010-unauthenticated-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-33241-cross-site-request-forgery</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spoiler-block/spoiler-block-17-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bellows-accordion-menu/bellows-accordion-menu-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beepress/beepress-698-cross-site-request-forgery-via-beepress-prophp</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-manager/checkout-field-manager-checkout-manager-for-woocommerce-785-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2026-02-18T16:06:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-1044-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-attribute</loc>
<lastmod>2026-04-07T15:35:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-openings/wp-job-openings-342-information-exposure</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post/simple-post-11-stored-cross-site-scripting</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-map/wp-ultimate-map-11-cross-site-request-forgery-to-stored-cross-site-scripting-via-zoom-level-parameter</loc>
<lastmod>2026-06-08T15:05:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-10353-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-38-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-376-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membees-member-login-widget/membee-login-236-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coblocks/page-builder-gutenberg-blocks-coblocks-3111-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-337-cross-site-request-forgery</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher-woocommerce/currency-switcher-for-woocommerce-2162-reflected-cross-site-scripting</loc>
<lastmod>2025-02-28T15:26:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-addons-for-elementor/creative-addons-for-elementor-1512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6461-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-rss-import-news-feeds-feed-to-post-and-autoblogging-4238-reflected-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-galleria/wordpress-galleria-14-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-shipping/table-rate-shipping-method-for-woocommerce-by-flexible-shipping-4118-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-login-log/simple-login-log-112-sql-injection</loc>
<lastmod>2017-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-scan/acunetix-wp-security-404-cross-site-request-forgery</loc>
<lastmod>2014-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-110-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-online-food-ordering-restaurant-menu-delivery-and-reservations-for-woocommerce-2224-authenticated-contributor-stored-cross-site-scripting-via-reservation-form-shortcode</loc>
<lastmod>2024-05-30T18:20:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-and-replace-all/find-and-replace-all-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-372-unauthenticated-information-exposure</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-392-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/webinarpress-13328-missing-authorization</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer/blog-designer-1810-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgets-reset/widgets-reset-01-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebecas/ebecas-313-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melascrivi/melascrivi-plugin-14-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.4/wordpress-core-541-authenticated-author-cross-site-scripting-via-file-uploads</loc>
<lastmod>2020-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13971-authenticated-contributor-stored-cross-site-scripting-via-flip-carousel-flip-box-post-grid-and-taxonomy-list-widget-attributes</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletin-announcements/announcement-notification-banner-bulletin-351-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenium/gutenium-blocks-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-273-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-434-cross-site-request-forgery</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eshop/eshop-6313-cross-site-forgery-request-and-reflected-cross-site-scripting</loc>
<lastmod>2015-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/giardino/giardino-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-favorites/easy-digital-downloads-favorites-106-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader/element-invader-template-kits-for-elementor-124-missing-authorization</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meow-gallery/meow-gallery-544-missing-authorization-to-authenticated-author-shortcode-creation</loc>
<lastmod>2026-06-12T19:54:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yogi/yogi-293-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/milat-jquery-automatic-popup/milat-jquery-automatic-popup-131-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glossy/glossy-235-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninjateam-telegram/ninjateam-chat-for-telegram-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-live-sales-notification-woocommerce-sales-popup-fomo-social-proof-announcement-banner-floating-notification-top-bar-293-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahachat-messenger-marketing/ahachat-messenger-marketing-11-authentication-bypass</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math-pro/rank-math-seo-pro-3096-missing-authorization</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-380-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-08T10:43:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amerisale-re/amerisale-re-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/wordpress-backup-migration-148-missing-authorization-to-directory-traversal</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-post-grid-elementor-addon/dynamic-post-grid-elementor-addon-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/encrypted-blog/encrypted-blog-0062-open-redirect</loc>
<lastmod>2013-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-post-creative/featured-post-creative-127-cross-site-request-forgery-via-wpfp_update_featured_post</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-221-missing-authorization</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wt-smart-coupons-for-woocommerce/smart-coupons-for-woocommerce-coupons-230-missing-authorization</loc>
<lastmod>2026-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-smtp/fluentsmtp-2280-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-1911-authorization-bypass</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-cafe-addon-for-elementor/restaurant-cafe-addon-for-elementor-155-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-244-missing-autorization-to-authenticated-subscriber-plugin-status-dashboard-view</loc>
<lastmod>2025-06-02T14:22:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-voting/bbpress-voting-21110-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-addons-for-visual-composer/mega-addons-for-wpbakery-page-builder-427-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-249-authenticated-contributor-stored-cross-site-scripting-via-image-grid-widget</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-slider-with-lightbox/thumbnail-slider-with-lightbox-1017-reflected-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listar-directory-listing/listar-directory-listing-classifieds-wordpress-plugin-300-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2025-12-05T17:35:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33102-reflected-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4999-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-custom-product-tabs-lite/custom-product-tabs-lite-for-woocommerce-190-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vault/wp-vault-0866-local-file-inclusion</loc>
<lastmod>2016-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-counters/animated-counters-17-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.4/wordpress-core-25-full-path-disclosure</loc>
<lastmod>2007-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-513-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyjobs/easyjobs-246-missing-authorization-to-settings-update</loc>
<lastmod>2024-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-discount-rules/discount-rules-for-woocommerce-202-missing-authorization</loc>
<lastmod>2020-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gotowebinar/wp-gotowebinar-157-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zen-social-sticky/zen-sticky-social-03-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:44:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defend-wp-firewall/defendwp-firewall-110-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-5110-cross-site-request-forgery-to-download-path-deletion-and-disabling</loc>
<lastmod>2026-04-07T11:17:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11212-authenticated-contributor-stored-cross-site-scripting-via-dual-button-widget</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bible-embed/bible-embed-004-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mark-posts/mark-posts-200-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thinkresponsive/think-responsive-10-arbitrary-file-upload</loc>
<lastmod>2013-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ellipsis-human-presence-technology/human-presence-stop-form-spam-without-recaptcha-209-reflected-cross-site-scripting</loc>
<lastmod>2019-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jlayer-parallax-slider-wp/jlayer-parallax-slider-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-wordpress-blocks-plugin-308-authenticatedcontributor-stored-cross-site-scripting-via-metabox</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-261-cryptographic-weakness</loc>
<lastmod>2008-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stout-google-calendar/stout-google-calendar-123-cross-site-request-forgery-via-sgc_plugin_options</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-265-cross-site-request-forgery</loc>
<lastmod>2019-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greek-multi-tool/greek-multi-tool-231-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4152-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazonify/amazonify-081-cross-site-request-forgery-to-amazon-tracking-id-update</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squelch-tabs-and-accordions-shortcodes/squelch-tabs-and-accordions-shortcodes-048-authenticated-contributor-stored-cross-site-scripting-via-tab-shortcode</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fl3r-accessibility-suite/fl3r-accessibility-suite-14-authenticated-contributor-stored-cross-site-scripting-via-fl3raccessibilitysuite-shortcode</loc>
<lastmod>2025-06-26T19:05:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sweetdate/sweet-date-401-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-6528-reusable-captcha-via-validateimage</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gloria-assistant-by-webtronic-labs/i-am-gloria-114-cross-site-request-forgery</loc>
<lastmod>2025-03-04T19:18:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcp-contact-form/wcp-contact-form-310-reflected-cross-site-scripting-via-tab-parameter</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/customer-area-827-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailkit/emailkit-160-missing-authorization-to-authenticated-author-arbitrary-content-deletion</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-wordpress-help-desk-112-cross-site-request-forgery</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rehub-theme/rehub-19991-unauthenticated-information-exposure</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-lockdown/login-lockdown-protect-login-form-208-missing-authorization</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/api-info-themes-plugins-wp-org/api-info-for-plugins-themes-from-wporg-104-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-ffl-cockpit/g-ffl-cockpit-171-improper-authorization-to-unauthenticated-product-deletion</loc>
<lastmod>2025-12-05T17:38:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-14103-missing-authorization-to-authenticated-subscriber-payment-bypass-via-stm_payment_status-parameter</loc>
<lastmod>2026-05-11T19:56:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-825-unauthenticated-post-disclosure</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-41522-cross-site-scripting</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wte-elementor-widgets/wp-travel-engine-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-sms/persian-woocommerce-sms-7010-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3audible-amazon-s3-music-player/s3bubble-amazon-s3-media-streaming-354-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1122-unauthenticated-file-export-download</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2761-authenticated-contributor-stored-cross-site-scripting-via-custom-js</loc>
<lastmod>2025-01-20T21:55:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srbtranslatin/srbtranslatin-146-cross-site-request-forgery</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fabrica/fabrica-181-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/predictive-search/predictive-search-122-missing-authorization</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/domain-theme/domain-theme-13-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-41732-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-poster/pdf-poster-pdf-embedder-plugin-for-wordpress-2117-reflected-cross-site-scripting</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hover-image/hover-image-141-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-5913-authenticated-author-php-object-injection-via-error_resetpassword</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.4/wordpress-core-342-missing-authorization-checks</loc>
<lastmod>2012-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-by-made-it/forms-1122-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-7-200-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moneyflow/moneyflow-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-4811-unauthenticated-php-object-injection-via-phar</loc>
<lastmod>2025-04-25T17:04:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beam-me-up-scotty/beam-me-up-scotty-back-to-top-button-1021-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-400-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-premium-11461-sql-injection</loc>
<lastmod>2016-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-food-and-drink-menu/responsive-food-and-drink-menu-23-authenticated-contributor-stored-cross-site-scripting-via-display_pdf_menus-shortcode</loc>
<lastmod>2025-06-25T13:45:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-383-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpful/helpful-4514-authorization-bypass-to-repeat-voting</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpdesk-contact-form/helpdesk-contact-form-plugin-115-cross-site-request-forgery-to-settings-update-via-handle_query_args</loc>
<lastmod>2026-01-06T18:33:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-15-reflected-cross-site-scripting</loc>
<lastmod>2015-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-show-core/wpb-show-core-26-reflected-cross-site-scripting-via-file</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphicsly/graphicsly-the-ultimate-graphics-plugin-for-wordpress-website-builder-gutenberg-elementor-beaver-builder-wpbakery-102-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-24T12:17:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraft-plus-12224-information-disclosure-via-updraft_ajaxrestore</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-woocommerce-customizer/easy-woocommerce-customizer-102-reflected-cross-site-scripting</loc>
<lastmod>2025-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/logtik/logtik-23-reflected-cross-site-scripting</loc>
<lastmod>2025-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/risk-warning-bar/risk-warning-bar-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-list/newsticker-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-314-improper-authorization-to-unauthenticated-purchase-verification-bypass-via-forged-cookie</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-151-unauthenticated-arbitrary-file-upload-via-uploadfile</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-251-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-organizer/font-organizer-211-reflected-cross-site-scripting</loc>
<lastmod>2019-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/educenter/educenter-157-missing-authorization-via-activate_plugin</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/wordpress-crm-email-marketing-automation-for-wordpress-award-winner-groundhogg-135-remote-code-execution</loc>
<lastmod>2019-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-480-missing-authorization</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-267-authenticated-admin-sql-injection</loc>
<lastmod>2015-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datatable/wp-datatable-027-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-countdown/the-countdown-201-authenticated-contributor-stored-cross-site-scripting-via-clientid-parameter</loc>
<lastmod>2025-06-25T14:06:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-checkout/wp-checkout-unknown-versions-arbitrary-file-upload</loc>
<lastmod>2013-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-871-missing-authorization-to-board-term-deletion</loc>
<lastmod>2024-12-02T20:21:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-341-missing-authorization-to-authenticated-subscriber-arbitrary-email-sending</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosa-ai-for-woocommerce/integration-opvius-ai-for-woocommerce-130-unauthenticated-arbitrary-file-deletionread-via-path-traversal</loc>
<lastmod>2026-01-13T17:20:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exploit-scanner/exploit-scanner-133-full-path-disclosure</loc>
<lastmod>2013-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosidebars-sbm-converter/woosidebars-sidebar-manager-converter-111-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stetic/stetic-106-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cta/wordpress-calls-to-action-228-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2015-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-61513-missing-authorization-to-authenticated-subscriber-data-migration-control</loc>
<lastmod>2026-01-20T01:45:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-multi-uploader/multi-uploader-for-gravity-forms-117-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-12-11T15:06:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-3138-authenticated-contributor-stored-cross-site-scripting-via-user_meta-and-compare-shortcodes</loc>
<lastmod>2025-06-02T21:31:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/paramount/paramount-all-versions-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-projects-portfolio/wp-projects-portfolio-with-client-testimonials-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-25-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dolcino/dolcino-pastry-and-cake-shop-wordpress-theme-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bird-feeder/bird-feeder-123-cross-site-request-forgery</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce-style-email/wp-e-commerce-style-email-062-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doofinder/doofinder-054-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-tables-for-wpbakery-page-builder/pricing-tables-for-wpbakery-page-builder-formerly-visual-composer-20-authenticated-subscriber-local-file-inclusion-via-shortcode</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6090-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg-lite-interactive-vector-maps/mapsvg-8723-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-link-preview/visual-link-preview-230-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-123-missing-authorization-to-plugin-settings-reset</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trust-payments-hosted-payment-pages-integration/trust-payments-gateway-for-woocommerce-114-unauthenticated-sql-injection</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listinghub/listinghub-126-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-284-authenticated-contributor-arbitrary-file-deletion-via-mfn-icon-upload</loc>
<lastmod>2026-05-04T21:38:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelfic-toolkit/travelfic-toolkit-133-missing-authorization</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-css/custom-css-js-php-230-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T18:17:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-2013-authenticated-administrator-php-object-injection-via-import</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-stripe-checkout/simple-stripe-checkout-1128-reflected-cross-site-scripting</loc>
<lastmod>2025-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51162-authenticated-subscriber-stored-cross-site-scripting-via-form_page_id-parameter</loc>
<lastmod>2026-06-15T17:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-custom-login/admin-custom-login-327-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T06:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bello/directory-listing-160-reflected-cross-site-scripting</loc>
<lastmod>2021-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reveal-template/reveal-template-37-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T20:35:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-263-authenticated-contributor-stored-cross-site-scripting-via-image-box</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-recount-earnings/easy-digital-downloads-recount-earnings-237-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmr-strava-activities/nmr-strava-activities-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-redirector/geo-redirector-101-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2671-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-matomo-tracking-code/simple-matomo-tracking-code-110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid-megamenu/mega-menu-block-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/js-paper/js-paper-257-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2100-unauthenticated-sql-injection-via-search-parameter</loc>
<lastmod>2025-03-04T21:53:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilepro/profilepro-13-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemeland-bulk-posts-editing-lite/bulk-posts-editing-for-wordpress-423-cross-site-request-forgery</loc>
<lastmod>2024-05-16T07:33:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-future/slider-future-105-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-02-18T15:54:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-534-missing-authorization-via-openai_file_upload_callback</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-calendar/appointment-calendar-274-multiple-reflected-cross-site-scripting</loc>
<lastmod>2016-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-pet-shop/vw-pet-shop-147-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-322-cross-site-request-forgery-via-create_view</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tips-shortcode/tips-shortcode-021-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:18:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1433-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-22T18:30:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5992-authenticated-subscriber-stored-cross-site-scripting-via-message-content</loc>
<lastmod>2026-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-meta-data/debug-meta-data-112-stored-cross-site-scripting</loc>
<lastmod>2020-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-client-reports/wp-client-reports-1016-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nirvana/nirvana-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-predictive-search/woocommerce-predictive-search-601-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-addon-templates-widgets-kits-woocommerce-builders-609-authenticated-author-sensitive-information-exposure-to-privilege-escalation</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-visual-composer-75-authenticated-contributor-stored-cross-site-scripting-via-post-title-tag-attribute</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mts-url-shortener/url-shortener-by-mythemeshop-1016-missing-authorization</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bbe/bbe-153-authorization-bypass</loc>
<lastmod>2018-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3157-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fyrebox-shortcode/fyrebox-quizzes-30-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-153-sql-injection</loc>
<lastmod>2014-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-dj-manager/mdjm-event-management-176-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rduplicator/quick-post-duplicator-20-authenticated-contributor-sql-injection-via-post_id</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-images/popup-images-unknown-version-cross-site-scripting</loc>
<lastmod>2014-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shayanweb-admin-fontchanger/shayanweb-admin-fontchanger-191-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-sync/post-sync-11-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-309-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-vouchers/woocommerce-pdf-vouchers-494-missing-authorization</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-sensitive-data-exposure</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-calendar-pro/the-events-calendar-pro-702-authenticated-administrator-php-object-injection-to-remote-code-execution</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asambleas/wp-asambleas-2850-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-edit-templates/edit-woocommerce-templates-111-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multicarousel/multiple-carousel-20-unauthenticated-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categories-images/categories-images-331-authenticated-contributor-stored-cross-site-scripting-via-z_taxonomy_image-shortcode</loc>
<lastmod>2026-04-17T21:16:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oxygen/oxygen-44-cross-site-request-forgery</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-8314-missing-authorization-to-plugin-version-downgrade</loc>
<lastmod>2023-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-6012-authentication-bypass</loc>
<lastmod>2026-02-11T12:46:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-chat/wise-chat-334-unauthenticated-stored-cross-site-scripting-via-x-forwarded-for-header</loc>
<lastmod>2025-06-16T13:03:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extended-evaluation-for-statify/statify-extended-evaluation-263-authenticated-admin-csv-injection</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplite/wplite-131-cross-site-request-forgery</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-coccoc-pht-blog/call-now-pht-blog-241-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-237-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-for-current-date/shortcode-for-current-date-214-stored-cross-site-scripting</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nano-ad/wp-nano-ad-131-authenticated-administrator-stored-cross-site-scripting-via-blogrole_link-parameter</loc>
<lastmod>2026-06-01T19:44:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rating-bws/rating-by-bestwebsoft-15-rating-denial-of-service</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-137-unauthenticated-remote-code-execution</loc>
<lastmod>2023-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/export-all-posts-products-orders-refunds-users-219-cross-site-request-forgery-to-sensitive-information-exposure</loc>
<lastmod>2025-12-01T16:23:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-comfort-database/ts-comfort-db-207-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/resido/resido-real-estate-wordpress-theme-36-missing-authorization-to-unauthenticated-server-side-request-forgery-and-api-key-settings-update</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-3343-cross-site-request-forgery-to-password-reset</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-2912-authenticated-contributor-stored-cross-site-scripting-via-global-badge-module</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-342-missing-authorization-to-arbitrary-post-overwrite</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geeky-bot/geekybot-ai-copilot-chatbot-woocommerce-lead-gen-zero-prompt-content-120-unauthenticated-sql-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-marketing-for-wp/smart-marketing-sms-and-newsletters-forms-200-cross-site-scripting</loc>
<lastmod>2017-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/meals-wheels/meals-wheels-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-523-authenticated-administrator-sql-injection</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kontur-admin-style/kontur-admin-style-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-148-reflected-cross-site-scripting</loc>
<lastmod>2018-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-discount-rules/discount-rules-for-woocommerce-create-smart-woocommerce-coupons-discounts-bulk-discount-bogo-coupons-265-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T12:23:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-wp-security-backup-speed-growth-42-reflected-cross-site-scripting</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-412-captcha-bypass</loc>
<lastmod>2016-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytm-payments/paytm-payment-gateway-270-unauthenticated-server-side-request-forgery</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-3308-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-sweet-alert-popup/popup-for-cf7-with-sweet-alert-165-cross-site-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2292-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/albo-pretorio-on-line/albo-pretorio-online-466-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/auto-repair/auto-repair-226-reflected-cross-site-scripting</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-143-cross-site-scripting</loc>
<lastmod>2015-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-system/banner-system-100-privilege-escalation</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-elementor-271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-forms/mollie-forms-263-missing-authorization</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thrive-theme/thrive-theme-builder-3242-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-supreme/team-member-44-authenticated-editor-stored-cross-site-scripting-via-new_style_name</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-332-authenticated-contributor-privilege-escalation-via-eh_crm_edit_agent-ajax-action</loc>
<lastmod>2025-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unyson/unyson-2728-missing-authorization</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-905-cross-site-request-forgery-via-delete_database</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapme/mapme-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mesmerize-companion/mesmerize-companion-16133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thirstyaffiliates/thirstyaffiliates-3119-cross-site-request-forgery</loc>
<lastmod>2026-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-262-arbitrary-user-password-reset</loc>
<lastmod>2008-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-266-reflected-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-widget/image-widget-4410-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked-pro/cooked-pro-1755-reflected-cross-site-scripting</loc>
<lastmod>2021-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sparkle-elementor-kit/sparkle-elementor-kit-209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-android-and-ios-mobile-application-1118-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legull/legull-122-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spideranalyse/spideranalyse-001-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-addons-for-elementor/easy-addons-for-elementor-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/q-and-a/q-and-a-1062-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipanorama-360-virtual-tour-builder-lite/ipanorama-360-wordpress-virtual-tour-builder-180-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-slider/smooth-slider-27-authenticated-sql-injection</loc>
<lastmod>2015-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-347-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf_first_name-shortcode</loc>
<lastmod>2023-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-sms/sms-for-woocommerce-281-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-12-16T19:02:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spike/spike-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-slider/smooth-slider-287-authenticated-sql-injection</loc>
<lastmod>2018-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-post-plus-extension/mainwp-post-plus-extension-403-missing-authorization-to-arbitrary-pagepost-deletion</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-table/product-table-for-woocommerce-508-reflected-cross-site-scripting</loc>
<lastmod>2025-12-20T14:43:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emoji-shortcode/emoji-shortcode-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-cf7-database/peprodev-cf7-database-200-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-2942-missing-authorization</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-of-contents/easy-table-of-contents-2065-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-email-marketer/wp-ultimate-email-marketer-120-authentication-bypass</loc>
<lastmod>2013-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fitline/fitline-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-sticky-sidebar/wordpress-cta-170-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/crius/crius-all-known-versions-cross-site-scripting</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-maintenance-mode/yith-maintenance-mode-138-multiple-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/productive-style/productive-style-1123-authenticated-contributor-stored-cross-site-scripting-via-display_productive_breadcrumb-shortcode</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-445-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-widget/wp-social-widget-226-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fonto/fonto-custom-web-fonts-manager-121-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-16T20:46:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolleo/portfolleo-12-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-301-authenticated-subscriber-php-object-injection</loc>
<lastmod>2023-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyrecipe/easyrecipe-353251-cross-site-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-request-a-quote/elex-woocommerce-request-a-quote-235-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/back-button-widget/back-button-widget-168-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams/visual-sound-old-106-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-347-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-online-food-ordering-system-300-321-unauthenticated-information-exposure-to-authentication-bypass-via-forged-jwt</loc>
<lastmod>2025-10-02T22:17:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beauty-contact-popup-form/beauty-contact-popup-form-60-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-22-missing-authorization</loc>
<lastmod>2026-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-featured-images-from-videos/automatic-featured-images-from-videos-124-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/customizable-wordpress-gallery-plugin-modula-image-gallery-269-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode-from-acurax/under-construction-maintenance-mode-from-acurax-26-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-763-authenticatedauthor-insecure-direct-object-reference</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-185-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shamsi/wp-shamsi-411-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-for-features/icons-for-features-100-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-76-authenticated-contributor-stored-cross-site-scripting-via-vc-single-image-link-attribute</loc>
<lastmod>2024-06-12T18:40:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-802-unauthenticated-information-epxosure</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-internal-links-for-seo/internal-linking-for-seo-traffic-ranking-auto-internal-links-100-automatic-121-authenticated-administrator-sql-injection-via-post_id-parameter</loc>
<lastmod>2024-11-26T23:25:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/megamenu/max-mega-menu-33-missing-authorization</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-refund-and-exchange/woocommerce-refund-and-exchange-with-rma-warranty-management-refund-policy-manage-user-wallet-326-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyindex/easyindex-111704-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/product-table-and-list-builder-for-woocommerce-lite-463-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-1512-cross-site-scripting</loc>
<lastmod>2005-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scw-seat-reservation/advance-seat-reservation-management-for-woocommerce-33-unauthenticated-sql-injection</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders/folders-292-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5p-css-editor/h5p-css-editor-10-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-customer-product-report/ni-woocommerce-customer-product-report-124-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-08-22T15:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tier-management-petfinder/pet-manager-petfinder-361-authenticated-contributor-stored-cross-site-scripting-via-kwm-petfinder-shortcode</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-crm/fluent-crm-2844-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leopard-wordpress-offload-media/leopard-wordpress-offload-media-2036-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/fusion-builder-3111-missing-authorization</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-605-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtm-server-side/gtm-server-side-111-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ms-registration/custom-login-and-registration-100-missing-authorization</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-8027-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-218-reflected-cross-site-scripting-via-wpforo_debug</loc>
<lastmod>2023-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-gallery-transformation/wordpress-gallery-transforation-07-sql-injection</loc>
<lastmod>2017-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-verification/user-verification-by-pickplugins-2046-unauthenticated-authentication-bypass-via-otp-verification-rest-api-endpoint</loc>
<lastmod>2026-05-01T15:46:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-471-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yarpp-yet-another-related-posts-plugin-5303-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rename-wp-login/rename-wp-loginphp-260-cross-site-request-forgery-unauthenticated-settings-change</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixabay-images/pixabay-images-23-directory-traversal</loc>
<lastmod>2015-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myagileprivacy/my-agile-privacy-217-authenticated-contributor-stored-cross-site-scripting-vis-shortcode</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-179270-cross-site-request-forgery</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-custom-taxonomy-widget/list-custom-taxonomy-widget-41-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazing-neo-icon-font-for-elementor/amazing-neo-icon-font-for-elementor-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weaver-for-bbpress/turnkey-bbpress-by-weavertheme-163-reflected-cross-site-scripting-via-_wpnonce-parameter</loc>
<lastmod>2025-01-03T21:19:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-recargo-de-equivalencia/woocommerce-recargo-de-equivalencia-1624-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4045-open-redirect</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsv-360-view/rsv-360-view-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1105-sensitive-data-exposure</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-blocks/cp-blocks-1020-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-157-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-count-plus/social-count-plus-533-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-gallery-pro/easy-media-gallery-pro-1259-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2014-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tailpress/tailpress-044-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3speedster-wp/w3speedster-725-cross-site-request-forgery</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2821-authenticatedlevel_5-sql-injection-via-get_logs</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callrail-phone-call-tracking/callrail-phone-call-tracking-052-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-captcha/recaptcha-by-bestwebsoft-112-captcha-bypass</loc>
<lastmod>2015-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optin-forms/optin-forms-136-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-5101-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2021-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-booking/jetbooking-403-unauthenticated-sql-injection-via-check_in_date-parameter</loc>
<lastmod>2026-03-10T17:33:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3910-authenticated-contributor-stored-cross-site-scripting-via-ms_layer-shortcode</loc>
<lastmod>2024-06-17T14:11:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-html-bodyhead/wordpress-html-051-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-ultimate-hotel-booking-travel-booking-apartment-booking-wordpress-plugin-woocommerce-booking-2153-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-bio-box/author-bio-box-331-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-perfect-plugin/w3p-seo-185-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nabz-image-gallery/nabz-image-gallery-v100-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-twitter-button/wp-twitter-button-141-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4011-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-fields-account-registration-for-woocommerce/custom-fields-account-registration-for-woocommerce-12-authenticated-author-privilege-escalation</loc>
<lastmod>2025-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-review/penci-review-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8800002-reflected-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-226-reflected-cross-site-scripting</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-via-ajax_delete_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyappointments/easyappointments-140-authenticatedsubscriber-arbitrary-file-deletion-via-disconnect</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-3522-missing-authorization</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75447212-authenticated-contributor-arbitrary-redirect</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-47-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9310-authenticated-subscriber-local-file-inclusion-to-privilege-escalation-via-password-update</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uber-classic/uberslider-26-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-563-authenticated-editor-sql-injection</loc>
<lastmod>2024-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superfly-menu/wordpress-menu-plugin-superfly-responsive-menu-5029-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2024-08-01T17:45:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-redirection/all-in-one-redirection-210-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-6526-race-condition-to-vote-manipulation</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unnamed/unnamed-12171-and-unnamed-se-103-cross-site-scripting</loc>
<lastmod>2007-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-attachments/wp-attachments-504-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-photo-reviews/woocommerce-photo-reviews-review-reminders-review-for-discounts-1313-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traffic-manager/traffic-manager-145-missing-authorization</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadster-marketing-conversacional/leadster-112-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navigation-menu-as-dropdown-widget/navigation-menu-as-dropdown-widget-134-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-221-improper-input-validation-to-authenticated-subscriber-rating-manipulation</loc>
<lastmod>2025-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-special-characters/async-263-and-3-322-prototype-pollution</loc>
<lastmod>2022-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-sandwich/page-builder-sandwich-front-end-page-builder-510-missing-authorization</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/chaty-312-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-212-cross-site-request-forgery-to-file-upload</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-14610-sql-injection</loc>
<lastmod>2015-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-external-links/wp-external-links-181-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-finder/internal-link-optimiser-512-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funkitools/funkitools-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-10-14T19:45:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leads-for-amo-crm/the-integration-of-the-amocrm-101-cross-site-request-forgery</loc>
<lastmod>2025-09-10T19:04:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/wp-simple-html-sitemap-35-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-debugging/wp-debugging-2117-cross-site-request-forgery</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blackfyre/blackfyre-254-cross-site-request-forgery</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-246-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/redline/redline-166-reflected-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-gate/age-gate-2170-cross-site-scripting-via-data-import</loc>
<lastmod>2022-06-10T08:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-export-pdf-tool-for-wordpress-13217-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-05-07T20:45:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobcareer/jobcareer-73-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultra-companion/ultra-companion-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-coming-soon/custom-coming-soon-22-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inventory-manager/wp-inventory-manager-21011-reflected-cross-site-scripting-via-message</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-customer-relationship-management-by-vcita/crm-and-lead-management-by-vcita-275-authenticated-contributor-stored-cross-site-scripting-via-type-parameter</loc>
<lastmod>2025-07-21T11:35:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-941-authenticated-blind-sql-injection</loc>
<lastmod>2015-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-320-reflected-cross-site-scripting</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reality/reality-estate-multipurpose-wordpress-theme-253-reflected-cross-site-scripting</loc>
<lastmod>2020-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-header-on-scroll/sticky-header-on-scroll-10-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-167-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sh-contextual-help/sh-contextual-help-321-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:38:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/cp-polls-1081-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-446-unauthenticated-php-object-injection-via-cookies</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-order-export/ni-woocommerce-order-export-316-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1240-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kanban/kanban-boards-for-wordpress-2521-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-recent-purchases/woocommerce-recent-purchases-101-authenticated-admin-local-file-inclusion</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-27122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T05:20:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-manager/contact-form-manager-143-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-auction/ultimate-auction-432-missing-authorization</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doctor-appointment-booking/doctor-appointment-booking-100-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-252-missing-authorization-to-unauthenticated-database-backup-interception</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-438-reflected-cross-site-scripting-vulnerability-via-environment_mode</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/triply/triply-247-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-page-shipping-calculator-for-woocommerce/product-page-shipping-calculator-for-woocommerce-1325-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-105-missing-authorization</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-302-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T22:24:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-content-spoofing</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/update-urls/update-urls-quick-and-easy-way-to-search-old-links-and-replace-them-with-new-links-in-wordpress-141-unauthenticated-open-redirect</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-channel/my-youtube-channel-3233-cross-site-request-forgery-to-cache-deletion</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-club-lite/genesis-club-lite-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-852-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/chaty-309-reflected-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libro-de-reclamaciones-y-quejas/libro-de-reclamaciones-y-quejas-09-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-519-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-versus-polls-anonymous-polls-image-polls-589-unauthenticated-basic-information-exposure</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome/font-awesome-431-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-form-email-subscribers-newsletters-1043-unauthenticated-stored-cross-site-scripting-via-ip-parameter</loc>
<lastmod>2025-02-18T15:02:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gum-elementor-addon/gum-elementor-addon-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-google-maps/responsive-google-maps-by-imbaa-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-shortcodes/lana-shortcodes-111-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-plus-wpml/mf-plus-wpml-11-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-poll-afo/wp-easy-poll-229-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-203-unauthenticated-php-object-injection</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-point-of-salepos/woocommerce-point-of-sale-pos-14-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xsmart/xsmart-1294-missing-authorization</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultra-addons-for-wpforms/ultra-addons-for-wpforms-1011-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-208-authenticated-subscriber-privilege-escalation-via-multisite-capability-meta-fields</loc>
<lastmod>2026-05-01T16:14:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appexperts/appexperts-143-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-menu-edit/bulk-menu-edit-130-missing-authorization</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress-frontend/directorypress-frontend-279-cross-site-request-forgery-to-listing-status-update</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postaffiliatepro/post-affiliate-pro-1280-authenticated-administrator-server-side-request-forgery-via-post-affiliate-pro-url-field</loc>
<lastmod>2026-03-20T15:20:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hb-audio-gallery/hb-audio-gallery-30-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/points-and-rewards-for-woocommerce/points-and-rewards-for-woocommerce-150-cross-site-request-forgery-to-settings-change</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-elements/master-elements-80-unauthenticated-sql-injection</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solidres/solidres-094-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-296-open-redirect</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-bar/top-bar-304-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-stream-quiz/ari-stream-quiz-130-authenticated-contributor-php-object-injection</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-240-reflected-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-messenger-customer-chat/facebook-chat-plugin-15-missing-capabilities-check</loc>
<lastmod>2020-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-4295-cross-site-scripting</loc>
<lastmod>2014-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-station/radio-station-2409-reflected-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-missing-authorization-via-multiple-functions</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-portfolio/easy-portfolio-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftnav-responsive-mobile-menu/shiftnav-responsive-mobile-menu-171-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-383-cross-site-request-forgery</loc>
<lastmod>2023-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baw-post-views-count/post-views-count-302-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-responsive-image-gallery-443-authenticated-blind-sql-injections</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandphotography/grand-photography-578-cross-site-request-forgery</loc>
<lastmod>2026-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-add-to-cart-custom-redirect/woocommerce-add-to-cart-custom-redirect-1213-authenticatedcontributor-missing-authorization-to-limited-arbitrary-options-update</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/consultaid/consult-aid-143-unauthenticated-php-object-injection</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-code-snippets-extension/mainwp-code-snippets-extension-402-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-manager-for-woocommerce/license-manager-for-woocommerce-3015-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-blog-card/simple-blog-card-131-sensitive-information-exposure</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avcp/anac-xml-bandi-di-gara-75-cross-site-request-forgery-via-settingsphp</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dvs-custom-notification/dvs-custom-notification-101-cross-site-request-forgery</loc>
<lastmod>2012-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-of-contents/easy-table-of-contents-20671-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshdesk-support/freshdesk-official-236-open-redirect</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-577-author-stored-cross-site-scripting</loc>
<lastmod>2018-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wsm-downloader/wsm-downloader-140-arbitrary-file-download</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliatex/affiliatex-100-1393-authenticated-subscriber-missing-authorization-to-stored-cross-site-scripting-via-save_customization_settings</loc>
<lastmod>2026-01-15T00:30:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-generator-addon-for-elementor-page-builder/pdf-generator-addon-for-elementor-page-builder-200-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-11-15T15:00:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/partners/partners-020-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uber-grid/wordpress-portfolio-builder-portfolio-gallery-117-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-18T19:35:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustmate-io-integration-for-woocommerce/trustmateio-woocommerce-integration-1140-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-2311-sql-injection</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hkdev-maintenance-mode/maintenance-mode-301-information-exposure</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-counter-up/counter-up-animated-number-counter-milestone-showcase-240-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-26T18:29:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-1513-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-privilege-escalation-via-xml-rpc</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-dynamic-blocks-form-builder-361-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiprocket/shiprocket-208-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mindmeister-shortcode/mindmeister-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homerunner-smartcheckout/homerunner-1030-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-25T14:07:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-3381-reflected-cross-site-scripting</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-268-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-amazon/wp-lister-lite-for-amazon-2611-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-instagram-portfolio/gs-insever-portfolio-145-missing-authorization-to-authenticated-subscriber-css-injection</loc>
<lastmod>2025-01-08T21:59:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securimage-wp/securimage-wp-3616-cross-site-request-forgery</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tidio-gallery/tidio-gallery-11-reflected-cross-site-scripting</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentlock/contentlock-103-cross-site-request-forgery-to-email-adding</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wha-puzzle/wha-puzzle-109-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-excel-import/import-excel-to-gravity-forms-118-reflected-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-giftxtore/giftxtore-175-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appy-pie-connect-for-woocommerce/appy-pie-connect-for-woocommerce-112-missing-authorization-to-unauthenticated-privilege-escalation-via-reset_user_password</loc>
<lastmod>2025-10-02T22:31:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-htpasswd/wp-htpasswd-17-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-buttons-by-supsystic/social-share-buttons-by-supsystic-223-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-edit-templates/edit-woocommerce-templates-112-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-10-17T15:41:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-414-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-newsletter/email-newsletter-80-sensitive-information-disclosure</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2157-authenticated-contributor-stored-cross-site-scripting-via-aux_gmaps-shortcode</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe/iframe-46-authenticated-contributor-stored-cross-site-scripting-via-iframe-shortcode</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connector-civicrm-mcrestface/connector-to-civicrm-with-civimcrestface-108-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-4317-missing-authorization</loc>
<lastmod>2020-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-484-cross-site-request-forgery</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fapi-member/fapi-member-2229-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-208-insufficient-authorization-to-unauthorized-post-deletion</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-flow-dashboard/fast-flow-1211-reflected-cross-site-scripting</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yvora/yvora-premium-wordpress-theme-portfolio-unspecified-version-arbitrary-file-upload</loc>
<lastmod>2012-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-860-incorrect-authorization-to-video-file-upload</loc>
<lastmod>2025-11-05T16:35:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-clock/time-clock-a-wordpress-employee-volunteer-time-clock-plugin-131-authenticated-custom-stored-cross-site-scripting</loc>
<lastmod>2025-10-23T19:44:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/revo/revo-4026-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripetto/tripetto-8011-unauthentiated-stored-cross-site-scripting-via-form-file-upload</loc>
<lastmod>2024-11-14T16:36:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-finder/link-fixer-34-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T16:50:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-542-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rps-include-content/rps-include-content-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1355-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-when-you-need-more-than-just-a-contact-form-2995-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-template-171001-authenticated-contributor-dom-based-stored-cross-site-scripting-via-google-maps-widget</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directory-pro/directory-pro-255-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.3/wordpress-core-232-cross-site-scripting</loc>
<lastmod>2008-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-insurance/wp-insurance-wordpress-insurance-service-plugin-213-cross-site-request-forgery-leading-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-kit-elementor-addons/news-kit-elementor-addons-134-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-broken-link-checker/url-shortener-conversion-tracking-ab-testing-woocommerce-902-cross-site-request-forgery</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-095-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-launcher/site-launcher-094-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-block-leaflet/map-block-leaflet-321-authenticated-contributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2025-05-28T19:38:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-40-reflected-cross-site-scripting-via-td_video_url</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluet-keywords-tooltip-generator/tooltipy-559-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-total-hacks/wp-total-hacks-472-authenticated-subscriber-plugin-options-update-to-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-wall/news-wall-110-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3620-authenticated-instructor-sensitive-information-exposure</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-user-meta-editor/simple-user-meta-editor-100-authenticated-administrator-stored-cross-site-scripting-via-user-meta-value-field</loc>
<lastmod>2026-01-06T18:33:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-wishlist/yith-woocommerce-wishlist-212-sql-injection</loc>
<lastmod>2018-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anthology/anthology-145-arbitrary-file-upload</loc>
<lastmod>2013-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-pilot/wp-content-pilot-autoblogging-affiliate-marketing-plugin-133-authenticated-contributor-content-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-282-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-font-loader/icons-font-loader-114-authenticatedadministrator-arbitrary-file-upload</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cakifo/cakifo-10-161-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-booking/fluent-booking-2001-unauthenticated-stored-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-by-publishers/wp-rss-by-publishers-01-authenticated-admin-sql-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-geo-posts-free/my-geo-posts-free-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshare247-elementor-addons/wpshare247-elementor-addons-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-036-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-36-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookies-enabler/wp-cookies-enabler-101-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workio/workio-102-reflected-cross-site-scripting</loc>
<lastmod>2020-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-membership/wcfm-membership-2910-cross-site-request-forgery</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooexim/wooexim-woocommerce-export-import-plugin-500-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-embed-code/code-embed-251-authenticated-contributor-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-0514-sql-injection</loc>
<lastmod>2015-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-421-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flipclock/wp-flipclock-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/malmo/malm-22-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-wp-rating-system-334-race-condition</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-viber/appsero-200-missing-authorization-via-handle_optin_optout</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feeds-for-youtube/feeds-for-youtube-21-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-stock-manager/woocommerce-stock-manager-257-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1825-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-job-board/ninja-job-board-ultimate-wordpress-job-board-plugin-132-cross-site-scripting</loc>
<lastmod>2022-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cits-support-svg-webp-media-upload/cits-support-svg-webp-media-and-ttfotf-file-upload-use-custom-fonts-42-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-21T18:04:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-1092-authenticated-contributor-dom-based-stored-cross-site-scripting-via-booking-shortcode</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugin/download-plugin-228-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-07-03T13:38:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-elementor-forms/pdf-for-elementor-forms-drag-and-drop-template-builder-650-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shalom-world-media-gallery/sw-plus-21-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-restaurant-menu-online-food-ordering-and-reservation-booking-solution-307-missing-authorization</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-shipos-delivery/deliver-via-shipos-for-woocommerce-217-reflected-cross-site-scripting-via-dvsfw_bulk_label_url-parameter</loc>
<lastmod>2025-01-08T22:09:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kapee/kapee-170-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms/caldera-forms-more-than-contact-forms-140-sensitive-information-disclosure</loc>
<lastmod>2016-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-migration-for-learndash/course-migration-for-learndash-102-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-addons-for-beaver-builder/beaver-builder-addons-by-wpzoom-135-authenticated-editor-local-file-inclusion</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-273-unauthenticated-authentication-bypass</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workscout-core/workscout-job-board-wordpress-theme-2031-stored-cross-site-scripting</loc>
<lastmod>2021-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-slider/carousel-slider-2213-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coronavirus-data-widgets/coronavirus-covid-19-outbreak-data-widgets-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-289-reflected-cross-site-scripting</loc>
<lastmod>2014-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-button/call-now-button-154-authenticated-subscriber-missing-authorization-to-multiple-functions</loc>
<lastmod>2025-10-29T00:01:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ki-live-video-conferences/ki-live-video-conferences-5515-unauthenticated-information-disclosure</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-4117-authenticated-contributor-stored-cross-site-scripting-via-meta-text</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-279-reflected-cross-site-scripting</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stepbyteservice-openstreetmap/various-plugins-various-version-use-of-polyfillio</loc>
<lastmod>2024-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-432-missing-authorization</loc>
<lastmod>2026-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rearrange-woocommerce-products/rearrange-woocommerce-products-307-subscriber-sql-injection</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcasa/wpcasa-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-3120-cross-site-request-forgery</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode-site-under-construction/woocommerce-conditional-marketing-mailer-151-improper-authorization</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gigpress/gigpress-2327-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snow-monkey-forms/snow-monkey-forms-1203-unauthenticated-arbitrary-file-deletion-via-path-traversal</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-price-list/stylish-price-list-690-missing-authorization</loc>
<lastmod>2021-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-bar-dashboard-control/admin-bar-dashboard-control-128-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/owl-carousel/owl-carousel-053-missing-authorization-via-save_paramterphp</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockstrap-page-builder-blocks/blockstrap-page-builder-bootstrap-blocks-0136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-manager/media-file-manager-142-directory-traversal-to-arbitrary-file-read</loc>
<lastmod>2018-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloasso/helloasso-1111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oceanwp/oceanwp-409-authenticated-contributor-stored-cross-site-scripting-via-select-html-tag</loc>
<lastmod>2025-06-18T16:22:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-331-missing-authorization-in-crp_ajax_clearcache</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thesis-openhook/openhook-430-authenticated-subscriber-remote-code-execution-via-shortcode</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-320-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-product-feed-manager/woocommerce-google-feed-manager-242-authenticated-admin-sql-injection-to-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer/error-log-viewer-111-arbitrary-file-deletion</loc>
<lastmod>2021-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-273-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-blacklist-cloud/ip-blacklist-cloud-341-sql-injections</loc>
<lastmod>2015-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eight-day-week-print-workflow/eight-day-week-print-workflow-125-authenticated-custom-information-exposure</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-blocks/smart-blocks-24-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addify-product-stock-manager/product-stock-manager-105-missing-authorization-and-cross-site-request-forgery</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/artificial-intelligence/artificial-intelligence-124-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-cse/google-cse-107-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-manager/woocommerce-checkout-manager-426-unauthenticated-arbitrary-media-deletion</loc>
<lastmod>2019-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-galerie-4/acf-galerie-4-142-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-smart-messages/wpc-smart-messages-for-woocommerce-428-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-4025-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-compliance/gdpr-cookie-compliance-4156-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadcenter/wp-adcenter-258-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-180-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-140-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-free-paid-memberships-subscriptions-content-restriction-user-profile-custom-user-registration-login-builder-449-unauthenticated-remote-code-execution</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-property-listing-and-agent-management-73-captcha-bypass</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-google-analytics-for-wordpress/easy-google-analytics-for-wordpress-160-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-design/woocommerce-product-design-100-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/billingo/official-integration-for-billingo-339-reflected-cross-site-scripting</loc>
<lastmod>2022-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-467-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pta-member-directory/member-directory-and-contact-form-170-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovation-elements/ovation-elements-112-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-5026-missing-authorization</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-294-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-21T16:05:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-plugin-1325-cross-site-scripting-and-cross-frame-scripting</loc>
<lastmod>2020-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-313-authenticated-contributor-stored-cross-site-scripting-via-title_size</loc>
<lastmod>2021-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/imevent/imevent-340-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dailydeal/dailydeal-by-templatic-3010-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2013-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-livephp/wp-livephp-121-cross-site-scripting</loc>
<lastmod>2012-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-205-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2007-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gntt-post-title-ticker/gntt-post-title-ticker-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:21:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wordpress-1210-unauthenticated-sql-injection-via-uwp_sort_by</loc>
<lastmod>2024-06-28T16:33:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-default-feature-image/wp-default-feature-image-1011-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-reflected-cross-site-scripting</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tiger/tiger-20-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-that/wp-hidethat-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-121-authenticated-contributor-stored-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-form-registration-form-profile-form-for-user-profiles-frontend-content-forms-for-user-submissions-ugc-287-missing-authorization-to-unauthenticated-media-deletion</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-your-sites-with-xcloner-486-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/UNKNOWN-CVE-2023-5509-1/my-sticky-bar-267-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-235-unauthenticated-stored-cross-site-scripting-via-edit_doc_one_page</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-260-authenticated-administrator-sql-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-miniaudioplayer/mbminiaudioplayer-176-multiple-vulnerabilities</loc>
<lastmod>2016-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsexo/newsexo-71-cross-site-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-clock-228-reflected-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-142-reflected-cross-site-scripting</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendarista/calendarista-1557-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-26100-missing-authorization-to-authenticated-subscriber-campaign-data-exposure</loc>
<lastmod>2026-02-13T18:31:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-2041-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-text-field-for-contact-form-7/dynamic-text-field-for-contact-form-7-2022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/echoza/echoza-011-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-605-order-replay-vulnerability</loc>
<lastmod>2025-04-15T16:56:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4997-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-backup-and-migration-09106-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-tour-booking-plugin-tour-operator-software-6710-missing-authorization</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-xpro-addons-for-elementor-free-146-authenticated-contributor-sensitive-information-exposure-via-elementor-template</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plausible-analytics/plausible-analytics-123-missing-authorization</loc>
<lastmod>2022-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pdf-restaurant-menu-upload/easy-restaurant-menu-manager-201-authenticated-contributot-stored-cross-site-scripting-via-nsc_eprm_menu_link-shortcode</loc>
<lastmod>2025-07-03T19:04:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-manager-light/blog-manager-light-120-cross-site-request-forgery-via-bml_settings</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3148-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-18T16:29:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-tools/woocommerce-tools-129-missing-authorization-to-authenticated-subscriber-plugin-module-deactivation</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-specifications/product-specifications-for-woocommerce-089-missing-authorization-to-authenticated-subscriber-arbitrary-attributegroup-creation-modification-and-deletion-via-dwps_modify_groups-and-dwps_modify_attributes-ajax-actions</loc>
<lastmod>2026-06-26T17:56:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1402-missing-authorization-to-authenticated-contributor-sensitive-information-disclosure</loc>
<lastmod>2026-06-30T16:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spirit-framework/spirit-framework-1213-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-domain-changer/automatic-domain-changer-202-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-475-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycurator/mycurator-content-curation-378-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-2125-missing-authorization-via-api</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label/white-label-290-cross-site-request-forgery-via-white_label_reset_wl_admins</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegant-themes-icons/elegant-themes-icons-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghost/ghost-140-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/signup-page/signup-page-10-unauthenticated-arbitrary-options-update</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watchtowerhq/watchtowerhq-3615-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prosolution-wp-client/prosolution-wp-client-199-unauthenticated-arbitrary-file-upload-via-prosol_fileuploadprocess</loc>
<lastmod>2026-04-08T05:07:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neon-product-designer-for-woocommerce/neon-product-designer-211-unauthenticated-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-form/adfo-custom-data-in-admin-dashboard-191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-putler-connector/putler-connector-for-woocommerce-2120-missing-authorization-via-send_resync_request</loc>
<lastmod>2023-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vango/vango-133-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gerryworks-post-by-mail/gerryworks-post-by-mail-10-contributor-privilege-escalation</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-210-authenticated-seo-manager-stored-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveys/surveys-1018-sql-injection</loc>
<lastmod>2017-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-saveconfig-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/clean-retina/clean-retina-306-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-private-store-for-woocommerce/build-private-store-for-woocommerce-10-cross-site-request-forgery</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-41-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-carousel-ultimate/post-grid-slider-carousel-ultimate-with-shortcode-gutenberg-block-elementor-widget-1610-authenticated-contributor-local-file-inclusion-via-post_type_ajax_handler</loc>
<lastmod>2025-01-23T21:41:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointmind/appointmind-400-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58013-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_roknewspager/roknewspager-117-denial-of-service</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-2115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-213-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ss-downloads/ss-downloads-1441-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-refund-and-exchange-lite/return-refund-and-exchange-for-woocommerce-408-arbitrary-file-upload</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatter/chatter-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-events-tickets/easy-paypal-events-116-reflected-cross-site-scripting-via-page</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ashe/ashe-2233-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lovetravel/love-travel-20-37-reflected-cross-site-scripting</loc>
<lastmod>2020-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-next-post-navi/wp-next-post-navi-183-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-316-authenticated-contributor-stored-cross-site-scripting-via-advanced-heading</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-age-verify/easy-age-verify-182-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-google-adwords-conversion-tracking-tag/pixel-manager-for-woocommerce-1511-unauthenticated-information-exposure</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-309-unauthenticated-sql-injection</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1510-reflected-cross-site-scripting</loc>
<lastmod>2021-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-login-woocommerce/otp-login-woocommerce-gravity-forms-20-cross-site-scripting</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-feedly/sync-feedly-101-cross-site-request-forgery-to-sync-trigger</loc>
<lastmod>2025-09-26T18:34:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doctor-appointment-booking/doctor-appointment-booking-100-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-community/fluentcommunity-200-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/accept-donations-with-paypal-stripe-144-reflected-cross-site-scripting</loc>
<lastmod>2025-02-22T16:23:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-745-missing-authorization-to-unauthenticated-private-post-content-disclosure-via-consent-area-rest-endpoint</loc>
<lastmod>2026-04-28T19:52:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-shortcodes/best-wordpress-shortcode-plugin-in-2025-aio-shortcodes-130-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-423-missing-authorization</loc>
<lastmod>2023-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt18-extensions/rt-theme-18-extensions-25-unauthenticated-information-exposure</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/control-listings/control-listings-1041-reflected-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/irm-newsroom/irm-newsroom-1219-authenticated-contributor-stored-cross-site-scripting-via-irmeventlist-shortcode</loc>
<lastmod>2025-06-12T13:12:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-authenticated-admin-stored-cross-site-scripting-via-customizer</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-woo-builder/jetwoobuilder-2120-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsmarker/leaflet-maps-marker-pro-158-cross-site-scripting</loc>
<lastmod>2014-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-310-authenticated-admin-sql-injection-via-filtertext-parameter</loc>
<lastmod>2025-12-12T15:01:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms-pro/everest-forms-pro-1912-unauthenticated-remote-code-execution-via-calculation-field</loc>
<lastmod>2026-03-30T12:00:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-svg-images/wp-svg-images-43-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-401-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-prices/wholesale-suite-2242-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-557-authenticated-contributor-stored-cross-site-scripting-via-bt_bb_accordion_item-shortcode</loc>
<lastmod>2026-02-06T17:29:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-visual-slidebox-builder/visual-slide-box-builder-329-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-ultimate-addon/ultimate-addons-for-beaver-builder-13513-authenticatedcontributor-directory-traversal-to-arbitrary-file-download</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favorites/favorites-233-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-plus-for-woocommerce-712-missing-authorization-to-order-information-disclosure</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-booking-and-rentals-wordpress-theme-244-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-user-deletion</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/simple-calendar-324-cross-site-request-forgery-via-duplicate_feed</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/gallery-blocks-with-lightbox-325-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.5/wordpress-core-233-directory-traversal</loc>
<lastmod>2008-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-booking-system/course-booking-system-615-missing-authorization-to-unauthenticated-booking-data-export</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lovestory/love-story-1312-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-locator/simple-locator-204-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-470-631-sensitive-information-exposure-via-user-search-rest-endpoint</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stateless/wp-stateless-google-cloud-storage-311-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sosh-share-buttons/sosh-share-buttons-110-cross-site-request-forgery</loc>
<lastmod>2026-01-13T17:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipages-flipbook/ipages-flipbook-151-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-file-ajax-upload-free/gravity-upload-ajax-11-unrestricted-file-upload</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-protect-email-addresses-and-phone-numbers-234-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-auto-update/companion-auto-update-320-cross-site-request-forgery</loc>
<lastmod>2018-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-1044-missing-authorization</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hiweb-export-posts/hiweb-export-posts-0900-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2025-07-23T20:47:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/short-tax-post/reales-wp-stpt-212-authenticated-subscriber-privilege-escalation-via-password-update</loc>
<lastmod>2025-05-05T13:03:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-locator/simple-locator-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-missing-authorization-checks-leading-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-19217-unauthenticated-csv-injection</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/togo/togo-104-reflected-cross-site-scripting</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-facebook-feed/10websocial-1126-authenticated-admin-sql-injection</loc>
<lastmod>2020-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-carousel-slider-for-elementor/product-carousel-slider-for-elementor-213-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-369-authenticated-admin-cross-site-scripting-via-label</loc>
<lastmod>2022-06-07T13:46:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-contact-form-plugin-21310-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/granola/granola-113-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-booking-manager-for-woocommerce-514-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1114-missing-authorization-to-authenticated-contributor-arbitrary-modification-via-qsm_insert_quiz_template-ajax-action</loc>
<lastmod>2026-06-26T17:57:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-450-authenticated-stored-cross-site-scripting-via-text-block</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-125-reflected-cross-site-scripting</loc>
<lastmod>2018-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/contact-form-entries-116-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/stopbadbots-731-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wueen/wueen-020-authenticated-contributor-stored-cross-site-scripting-via-plugins-shortcode</loc>
<lastmod>2026-03-06T18:40:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datepicker/wp-datepicker-211-missing-authorization</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-basic-contact-form/simple-basic-contact-form-20220207-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-324-authenticated-subscriber-privilege-escalation-via-menu-editor-module</loc>
<lastmod>2026-03-21T14:34:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/valeska/valeska-122-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10335-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T15:37:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatesnext-toolkit/templatesnext-toolkit-328-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4152-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getgenie/getgenie-ai-content-writer-with-keyword-research-seo-tracking-tools-430-missing-authorization-to-authenticated-author-arbitrary-post-deletion</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-1145-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/control-block-patterns/build-control-block-patterns-boost-up-gutenberg-editor-1354-missing-authorization</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/accept-donations-with-paypal-13-reflected-cross-site-scripting-via-page</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-837-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/products-stock-manager-with-excel/phpspreadsheet-library-230-xxe-injection</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1397-unauthenticated-arbitrary-file-upload-via-non-ascii-filename-blacklist-bypass</loc>
<lastmod>2026-04-17T04:37:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/livemesh-addons-for-wpbakery-page-builder-39-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/downloadmanager/download-manager-3282-password-protected-file-bypass</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board/job-board-by-bestwebsoft-114-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgetapi/wpgetapi-210-221-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1098-missing-authorization</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-add/form-builder-1983-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-3107-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpr-addons-pro/royal-elementor-addons-171041-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foliopress-wysiwyg/foliopress-wysiwyg-2685-cross-site-scripting</loc>
<lastmod>2014-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-98701-reflected-cross-site-scripting-via-request_uri</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-users/wp-email-users-144-sql-injection</loc>
<lastmod>2017-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer-wp/error-log-viewer-105-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telsender/telsender-11411-missing-authorization</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-and-drink-menu/five-star-restaurant-menu-and-food-ordering-252-missing-authorization</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-205-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bng-gateway-for-woocommerce/bng-gateway-for-woocommerce-1610-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-video-inserter/youtube-video-inserter-1210-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-lesson-booking-system/online-lesson-booking-086-cross-site-request-forgery</loc>
<lastmod>2019-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/easy-drag-and-drop-all-import-wp-ultimate-csv-importer-641-missing-authorization-checks</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conveythis-translate/language-translate-widget-for-wordpress-conveythis-2691-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codesnips/codesnips-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/import-export-suite-for-csv-and-xml-datafeed-719-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-capture/wp-email-capture-393-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bug-library/bug-library-21-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fb-autoconnect/wp-social-autoconnect-462-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T21:49:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickbank-niche-storefronts/clickbank-wordpress-plugin-niche-storefront-135-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/widgetkit-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-transition/simple-page-transition-141-stored-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microblog-poster/microblog-poster-216-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swatchly/swatchly-woocommerce-variation-swatches-for-products-product-attributes-image-swatch-color-swatches-label-swatches-128-140-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-04-09T18:09:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm-system/wp-crm-system-342-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-multi-step-form-calculation-contact-form-payment-contact-form-custom-contact-form-builder-20-2139-authenticated-administrator-arbitrary-javascript-file-uploads</loc>
<lastmod>2024-08-19T15:11:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zita-site-library/zita-site-library-for-elementor-166-cross-site-request-forgery</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobify/jobify-job-board-wordpress-theme-427-missing-authorization-to-unauthenticated-server-side-request-forgery-arbitrary-image-upload-and-image-generation</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-product-options-for-woocommerce/extra-product-options-for-woocommerce-41-authenticated-shop-manager-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-free/seo-free-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-blocks/timeline-blocks-for-gutenberg-1110-authenticated-contributor-stored-cross-site-scripting-via-titletag-block-attribute</loc>
<lastmod>2026-04-27T15:59:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stm-gallery/stm-gallery-19-09-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-06T20:34:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-320-sensitive-information-exposure</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5811-improper-authentication</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evenium/evenium-1311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T18:45:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3116-reflected-cross-site-scripting</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-any-api/contact-form-to-any-api-124-unauthenticated-stored-cross-site-scripting-via-contact-form</loc>
<lastmod>2024-09-24T12:15:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-social-sharing-for-everyone-620-cross-site-request-forgery</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-idpay-gateway/idpay-payment-gateway-for-woocommerce-225-unauthenticated-information-exposure</loc>
<lastmod>2026-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/easync-1319-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-piwik/wp-matomo-integration-wp-piwik-1011-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2016-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-for-woocommerce/subscriptions-for-woocommerce-195-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leira-roles/roles-capabilities-119-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T21:14:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reroute-email/wp-reroute-email-146-authenticated-administrator-sql-injection</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yet-another-stars-rating-343-missing-authorization-via-init</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/esplanade/esplanade-115-cross-site-scripting</loc>
<lastmod>2015-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-helpdesk-support-ticket-system/happy-helpdesk-support-ticket-system-109-missing-authorization-to-authenticated-subscriber-arbitrary-ticket-reply</loc>
<lastmod>2025-12-12T14:47:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-for-wordpress-3326-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/localize-my-post/localize-my-post-10-directory-traversal</loc>
<lastmod>2018-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-629-unauthenticated-sql-injection</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery-2/slideshow-gallery-114-cross-site-scripting</loc>
<lastmod>2012-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hoteller/hoteller-689-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-addons-for-elementor-202-authenticated-author-local-file-inclusion-via-path</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memsource-connector/phrase-tms-integration-for-wordpress-475-missing-authorization-to-authenticated-subscriber-log-deletion</loc>
<lastmod>2026-01-16T15:33:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweetscribe/tweetscribe-11-cross-site-request-forgery</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-payment-gateway-per-category/woocommerce-payment-gateway-per-category-2010-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optin-forms/optin-forms-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-ssl/really-simple-ssl-723-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-booking-invites-to-friends/send-to-a-friend-addon-141-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4998-authenticated-contributor-sql-injection-orderby-parameter</loc>
<lastmod>2025-05-12T17:35:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-buddypress-groups/wbcom-designs-buddypress-group-reviews-283-unauthorized-ajax-actions-due-to-nonce-bypass</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yottie-lite/elfsight-yottie-lite-133-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aweber-web-form-widget/aweber-739-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bet-sport-free/bet-sport-free-100-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xin/xin-1081-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vipergb/viper-guestbook-1315-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-image-to-post/add-image-to-post-06-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vzaar-media-management/vzaar-media-management-12-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-27T21:49:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxypress/foxypress-049-cross-site-request-forgery</loc>
<lastmod>2012-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ct-commerce/ct-commerce-201-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-234-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-for-wordpress/instagram-for-wordpress-216-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyan-backup/cyan-backup-254-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2025-11-07T20:49:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-315-reflected-cross-site-scripting-via-event_id</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3013-unrestricted-svg-uploads</loc>
<lastmod>2020-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-brw/brw-186-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-media/external-media-1036-authenticatedauthor-file-upload-to-stored-cross-site-scripting-via-svg</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-builder-ays/faq-builder-ays-173-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/real-estate-directory/real-estate-directory-105-cross-site-request-forgery-via-rdm_activate_plugin</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/salient/salient-5553-dom-cross-site-scripting</loc>
<lastmod>2015-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-accordion-block/easy-accordion-gutenberg-block-123-missing-authorization</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-player/wp-player-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-4411-unauthenticated-full-path-disclosure</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-playlist-player/youtube-playlist-player-464-cross-site-request-forgery-in-ytpp_settings</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-lite-addons-for-elementor-51014-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-729-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-07T18:57:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-2927-csv-injection</loc>
<lastmod>2015-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-dynamics-crm/wp-gravity-forms-dynamics-crm-114-open-redirect</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canvasio3d-light/download-canvasio3d-light-250-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-274-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4247-authenticated-contributor-directory-traversal</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-flow-dashboard/fast-flow-1210-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-mail-by-constant-contact/creative-mail-easier-wordpress-woocommerce-email-marketing-169-unauthenticated-sql-injection-via-checkout_uuid-parameter</loc>
<lastmod>2026-05-19T12:14:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-wpbakery/ht-mega-absolute-addons-for-wpbakery-page-builder-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-134-cross-site-request-forgery</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ct-real-estate-core/contempo-real-estate-core-363-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-countdowner/easy-countdowner-108-cross-site-request-forgery</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-554-authenticated-contributor-stored-cross-site-scripting-via-heading-title-widget</loc>
<lastmod>2024-05-29T17:11:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-quick-view/products-quick-view-for-woocommerce-220-missing-authorization</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dorzki-notifications-to-slack/slack-notifications-by-dorzki-207-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sexy-contact-form/creative-contact-form-100-arbitrary-file-upload</loc>
<lastmod>2014-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-3221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-and-conditions-per-product/terms-conditions-per-product-1215-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4125-authenticated-admin-stored-cross-site-scripting-via-feed-name</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-easy-google-analytics/ht-easy-ga4-google-analytics-4-117-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-341-missing-authorization-to-authenticated-subscriber-event-export</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-tools/media-library-tools-1615-authenticated-author-sql-injection</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-556-sensitive-information-exposure-via-element_pack_ajax_search</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-theme-options/easy-theme-options-10-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-terms-shortcode/display-terms-shortcode-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-quiz/very-simple-quiz-100-cross-site-scripting</loc>
<lastmod>2020-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-450-authenticated-givewp-worker-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T19:18:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-tabs/wp-responsive-tabs-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-notcaptcha/wp-notcaptcha-131-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/monalisa/mona-lisa-212-reflected-cross-site-scripting</loc>
<lastmod>2020-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debounce-io-email-validator/debounce-email-validator-565-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T15:20:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-yadisk-files/yadisk-files-125-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-product-viewer/smart-product-viewer-154-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-core-features/designthemes-core-features-48-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a3-user-importer/simple-user-import-export-117-authenticated-admin-csv-injection</loc>
<lastmod>2025-11-17T20:52:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-free/event-expresso-free-313711l-authenticated-sql-injection</loc>
<lastmod>2017-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-user-data/export-user-data-226-authenticated-subscriber-php-object-injection-to-arbitrary-file-deletion-via-display_name-field</loc>
<lastmod>2026-06-29T18:15:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-pdf-using-contact-form-7/generate-pdf-using-contact-form-7-35-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-grid-gallery/grid-gallery-photo-image-grid-gallery-143-authenticated-contributor-php-object-injection-via-shortcode</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-3591-authenticated-contributor-stored-dom-based-cross-site-scripting-via-sina-image-differ</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-2251-information-disclosure</loc>
<lastmod>2015-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/freemius-sdk-242-missing-authorization-checks</loc>
<lastmod>2022-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-webfonts-local/omgf-453-subscriber-arbitrary-filefolder-deletion</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-600-6755-and-700-7014-missing-authorization-to-authenticated-contributor-arbitrary-plugin-deactivation</loc>
<lastmod>2026-06-01T10:46:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-1043-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-2214-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10262-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-775-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-cod-fee-for-woocommerce/simple-cod-fees-for-woocommerce-202-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slim-seo/slim-seo-a-fast-automated-seo-plugin-for-wordpress-462-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-177-cross-site-request-forgery-via-pagelayer_load_plugin</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-4342-reflected-cross-site-scripting</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-261-authenticated-contributor-sensitive-information-exposure-via-content-switcher-widget-elementor-template</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-file-uploader-extension/mainwp-file-uploader-extension-41-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-press/comment-press-271-cross-frame-scripting</loc>
<lastmod>2020-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superb-slideshow-gallery/superb-slideshow-gallery-131-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contexto/contexto-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-cloner/post-cloner-100-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-192-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightview-plus/lightview-plus-313-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-55-authenticated-blind-sql-injection</loc>
<lastmod>2021-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpo365-msgraphmailer/wpo365-microsoft-365-graph-mailer-32-open-redirect-via-redirect_to-parameter</loc>
<lastmod>2025-02-23T22:53:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-444-multiple-sql-injections</loc>
<lastmod>2015-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadbi/leadbi-plugin-for-wordpress-17-authenticated-contributor-stored-cross-site-scripting-via-form_id-shortcode-attribute</loc>
<lastmod>2026-01-23T20:32:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-580-unauthenticated-price-manipulation</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-user-capabilities/simple-user-capabilities-10-missing-authorization-to-unauthenticated-capability-reset</loc>
<lastmod>2025-11-03T15:33:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-block/pdf-block-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multicons/multicons-multiple-favicons-20-cross-site-request-forgery</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-151-stored-cross-site-scripting</loc>
<lastmod>2020-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-eu/captchaeu-1060-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cleanfix/wp-cleanfix-plugin-500-remote-code-execution</loc>
<lastmod>2013-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-facebook-feed/smash-balloon-social-post-feed-2191-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bunnycdn/bunnynet-wordpress-cdn-plugin-201-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfaqblock/wpfaqblock-faq-accordion-plugin-for-gutenberg-121-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-attribute</loc>
<lastmod>2026-03-20T15:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sixtees/sixtees-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7314727-sensitive-information-exposure</loc>
<lastmod>2019-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-199-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator-le/store-locator-plus-23111701-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swiss-toolkit-for-wp/swiss-toolkit-for-wp-141-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webhotelier/webhotelier-192-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1819-directory-traversal-to-arbitrary-file-rename</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsyncsheets-elementor/wpsyncsheets-lite-for-elementor-elementor-pro-form-google-spreadsheet-addon-14-running-vulnerable-dependencies</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1065-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-9027-unauthenticated-stored-cross-site-scripting-via-rest-api</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-subscriptions/zoho-billing-embed-payment-form-40-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-designer-pro/woocommerce-designer-pro-1928-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-10-30T19:12:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appreview/appreview-029-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-digital-wallet-buy-now-pay-later-bnpl-instant-cashback-referral-program-partial-subscription-payments-275-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-portfolio/visual-portfolio-photo-gallery-post-grid-351-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smushit/smush-lazy-load-images-optimize-compress-images-275-directory-traversal</loc>
<lastmod>2017-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wordpress-photo-album-plus-8805003-reflected-cross-site-scripting</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ttisbdir/wp-business-directory-102-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/press-grid/pressgrid-frontend-publish-reaction-multimedia-theme-131-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/backup-guard-169-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-lock-double-opt-in-manager/g-lock-double-opt-in-manager-265-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sliding-door/sliding-door-36-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-231-missing-authorization</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ect-homepage-products/ect-home-page-products-19-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paymob-for-woocommerce/paymob-for-woocommerce-412-missing-authorization</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rest-cache/wp-rest-cache-202610-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more/read-more-by-adam-118-cross-site-request-forgery</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate-visual-composer/flipbox-awesomes-flip-boxes-image-overlay-260-authenticated-admin-arbitrary-options-update</loc>
<lastmod>2022-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/printo/printo-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobi2go/mobi2go-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-cat/analytics-cat-112-reflected-cross-site-scripting</loc>
<lastmod>2024-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/polls-cp-1076-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magee-shortcodes/magee-shortcodes-209-cross-site-scripting</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess/htaccess-by-bestwebsoft-wordpress-website-access-control-plugin-175-reflected-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailto-links/wp-mailto-links-314-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usercentrics-consent-management-platform/usercentrics-cmp-109-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-563-form-submission-admin-email-bypass</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-pdf-paged/wp-jquery-pager-140-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2025-10-14T19:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.3/wordpress-core-431-authorization-bypass-to-information-disclosure</loc>
<lastmod>2015-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-poly-integration/hyyan-woocommerce-polylang-integration-150-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkoi-templates-for-elementor/wpkoi-templates-for-elementor-344-missing-authorization</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-forms-for-wp/wordpress-forms-by-pie-forms-1493-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-5430-reflected-cross-site-scripting</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-urls/export-all-urls-41-reflected-cross-site-scripting</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/findus/findus-directory-listing-wordpress-theme-1115-cross-site-scripting</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpackcrm-ext-woo-connect/jetpackcrm-ext-woo-connect-213-sensitive-information-exposure</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/gpt3-ai-content-writer-1914-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1098-reflected-cross-site-scripting</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-5130-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-icons-283-reflected-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1230-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/free-booking-plugin-for-hotels-restaurants-and-car-rentals-easync-booking-1314-cross-site-request-forgery</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediabay-lite/mediabay-16-missing-authorization-via-ajac-actions</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-affiliate-link-localizer/amazon-affiliate-link-localizer-182-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luzuk-team/luzuk-team-010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-load-videos-and-sticky-control/lazy-load-videos-and-sticky-control-300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:38:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-specific-plugin-updates/block-plugin-update-331-cross-site-request-forgery-via-bspu_plugin_selectphp</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debounce-io-email-validator/debounce-email-validator-57-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-1563-cross-site-request-forgery</loc>
<lastmod>2015-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/seafood-company/seafood-company-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stops-core-theme-and-plugin-updates/stops-core-theme-and-plugin-updates-804-insufficient-restrictions-on-option-changes</loc>
<lastmod>2019-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelpayouts/travelpayouts-1113-reflected-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-unused-images/find-unused-images-107-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2025-11-10T15:16:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookies-by-jm/cookies-by-jm-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart-link-for-woocommerce/cart-link-for-woocommerce-202-cross-site-request-forgery</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-141-reflected-cross-site-scripting-via-x1-parameter</loc>
<lastmod>2024-12-10T20:19:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basepress/knowledge-base-documentation-wiki-plugin-basepress-docs-21633-missing-authorization-to-authenticated-subscriber-database-update</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shabat-keeper/shabat-keeper-044-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-08T21:55:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chauffeur-booking-system/chauffeur-taxi-booking-system-for-wordpress-69-authentication-bypass</loc>
<lastmod>2024-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartpay/download-manager-and-payment-form-wordpress-plugin-wp-smartpay-110-2713-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-05-06T13:25:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-user-profile-builder-membership-2911-missing-authorization-to-carbon-fields-custom-sidebar-additionremoval</loc>
<lastmod>2024-11-22T15:18:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-wpforms/wpforms-google-sheet-connector-401-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whizz/whizz-111-cross-site-request-forgery</loc>
<lastmod>2017-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/members-import/members-import-142-self-cross-site-scripting</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-251-cross-site-request-forgery-via-admin_notices</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-gallery-grid/responsive-gallery-grid-2313-cross-site-request-forgery</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2684-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-for-elementor-forms-pro/elementor-forms-google-sheet-connector-106-reflected-cross-site-scripting-via-code</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propovoice/propovoice-1767-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-09-10T19:05:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstickybar-sticky-bar-sticky-header/wpstickybar-sticky-bar-sticky-header-210-unauthenticated-sql-injection</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smoothscroller/smoothscroller-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1706-missing-authorization</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-509-missing-authorization-to-authenticated-subscriber-shop-enable</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-for-woocommerce-free-566-premium-564-cross-site-request-forgery-to-file-deletion</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-page-widget/wp-page-widget-27-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-android-and-ios-mobile-application-1152-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lumise/lumise-product-designer-209-unauthenticated-sql-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-4031-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/world-prayer-time/world-prayer-time-20-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_edit_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atp-call-now/atp-call-now-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/wordpress-online-booking-and-scheduling-plugin-bookly-232-authenticated-subscriber-stored-cross-site-scripting-via-color-profile-parameter</loc>
<lastmod>2024-06-10T20:39:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kanban/kanban-boards-2521-authenticated-administrator-remote-code-execution</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-plugin/gallery-by-bestwebsoft-customizable-image-and-photo-galleries-for-wordpress-469-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-162614-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailchef/emailchef-351-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-deletion</loc>
<lastmod>2026-04-21T20:35:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgenealogy/wp-genealogy-your-family-history-website-019-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-imdb/shortcode-imdb-608-authenticated-administrator-sql-injection</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-bookmark-follow/penci-bookmark-follow-24-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/gallery-plugin-for-wordpress-envira-photo-gallery-1846-reflected-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-wordpress-help-desk-155-multiple-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-04-15T13:36:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-210-cross-site-request-forgery</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-creator/testimonials-creator-16-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2026-01-13T16:43:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-bootstrap-elements-for-elementor/ultimate-bootstrap-elements-for-elementor-146-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultra-addons-for-contact-form-7-3533-missing-authorization-to-authenticated-subscriber-to-generate-form-submission-pdf</loc>
<lastmod>2025-12-11T17:40:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3292-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-light/jobboard-job-listing-126-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdes-responsive-popup/wdes-responsive-popup-136-authenticated-contributor-stored-cross-site-scripting-via-attr-shortcode-attribute</loc>
<lastmod>2026-02-10T20:09:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sliding-door/multiple-themes-various-versions-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-twitter-connect/nextend-twitter-connect-151-reflected-cross-site-scripting</loc>
<lastmod>2015-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-pagelike-widget/widget-for-social-page-feeds-63-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tcbd-popover/tcbd-popover-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T16:02:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/df-draggable/df-draggable-1132-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-1042-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_multiple_files_for_post</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-423-subscriber-arbitrary-file-upload</loc>
<lastmod>2021-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-add/testimonials-slider-3583-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2022-04-04T11:06:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-wordpress/praison-seo-wordpress-4015-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hotel/goodlayers-hotel-314-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table/wp-table-143-remote-file-inclusion</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-268-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-02-12T00:09:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-email-marketing-lead-generation-optins-popups-785-missing-authorization-to-unauthorized-form-submission</loc>
<lastmod>2024-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dimage-360/dimage-360-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-on-publish/email-on-publish-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thrive-theme/thrive-theme-builder-3240-privilege-escalation</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-bulk-product-editing/yit-plugin-framework-338-authenticated-settings-change</loc>
<lastmod>2019-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-shortcode/svg-shortcode-101-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwl-kb-manager/bwl-knowledge-base-manager-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-4296-cross-site-scripting</loc>
<lastmod>2014-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-seo-slideshow/simple-seo-slideshow-128-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-05T10:52:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-addon-for-ninja-forms/popup-addon-for-ninja-forms-351-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-2089-authenticated-author-local-file-inclusion</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editorial-calendar/editorial-calendar-390-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-button-shortcode/print-button-shortcode-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:23:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mfolio-lite/mfolio-lite-121-missing-authorization-to-authenticated-author-file-upload-via-exe-and-svg-files</loc>
<lastmod>2024-11-05T18:14:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-maps-by-supsystic/ultimate-maps-by-supsystic-1216-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dummy-content-generator/wp-dummy-content-generator-312-missing-authorization</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12221-authenticated-administrator-php-object-injection</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-741-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-06-10T18:21:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-806-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-318-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2025-11-18T00:28:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-attachment-by-order-status-products/email-attachment-by-order-status-products-101-reflected-cross-site-scripting</loc>
<lastmod>2025-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-arbitrary-file-upload</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-446-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2021-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/points-management-system-for-gamification-ranks-badges-and-loyalty-rewards-program-mycred-303-missing-authorization</loc>
<lastmod>2026-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-shortcodes/salient-shortcodes-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/benchmark-email-lite/benchmark-email-lite-41-cross-site-request-forgery-via-page_settings</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kirki/kirki-600-606-unauthenticated-privilege-escalation-via-handle_forgot_password</loc>
<lastmod>2026-06-01T15:03:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speed-booster-pack/speed-booster-pack-433-admin-sql-injection</loc>
<lastmod>2021-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/online-scheduling-and-appointment-booking-system-bookly-267-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-login-history/user-login-history-plugin-152-cross-site-scripting</loc>
<lastmod>2017-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-list-designer/posts-list-designer-by-category-list-category-posts-or-recent-posts-332-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-and-tips/quotes-and-tips-by-bestwebsoft-144-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-menu/if-menu-0163-missing-authorization-to-admin-settings-modification</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-84-authenticated-contributor-stored-cross-site-scripting-via-height-shortcode-attribute</loc>
<lastmod>2026-04-07T20:50:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-total-branding/wp-total-branding-12-authenticated-administrator-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2024-07-11T18:51:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2331-missing-authorization-via-handlebeforegateway</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ekc-tournament-manager/ekc-tournament-manager-221-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kama-clic-counter/kama-click-counter-349-cross-site-scripting</loc>
<lastmod>2017-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essay-wizard-wpcres/essay-wizard-wpcres-1064-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recent-posts-widget-extended/recent-posts-widget-extended-202-authenticated-contributor-stored-cross-site-scripting-via-rpwe-shortcode</loc>
<lastmod>2025-09-05T15:37:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-express/webp-express-01410-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/noo-jobmonster-484-unauthenticated-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-283-cross-site-request-forgery</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazytasks-project-task-management/lazytasks-1237-unauthenticated-privilege-escalation</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/fastbook-11-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2leads/wp2leads-342-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/0mk-shortener/0mk-shortener-02-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-1290-cross-site-request-forgery-to-custom-field-creation</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/power-ups-for-elementor/power-ups-for-elementor-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:45:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-news-ticker/jquery-news-ticker-30-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-459-server-side-request-forgery</loc>
<lastmod>2016-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-lister/wp-plugin-lister-210-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0941-cross-site-scripting-via-request_id</loc>
<lastmod>2016-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-and-follow/share-and-follow-1803-cross-site-scripting</loc>
<lastmod>2012-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/screets-lcx/live-chat-unlimited-283-stored-cross-site-scripting</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/make-email-customizer-for-woocommerce/make-email-customizer-for-woocommerce-106-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ops-robots-txt/on-page-seo-whatsapp-chat-button-200-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopmagic-for-woocommerce/free-follow-up-emails-marketing-automation-for-woocommerce-shopmagic-456-unauthenticated-information-exposure</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-inline-form-woocommerce-21-reflected-cross-site-scripting</loc>
<lastmod>2021-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-242-unauthenticated-privilege-escalation-in-homey_save_profile</loc>
<lastmod>2025-03-04T21:24:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-50-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-1033-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-8313-cross-site-request-forgery</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-listings/impress-listings-201-reflected-cross-site-scripting</loc>
<lastmod>2016-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/torod/torod-the-smart-shipping-and-delivery-portal-for-e-shops-and-retailers-17-missing-authorization-to-unauthenticated-plugin-settings-update</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-688-broken-access-control</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hrm/wp-human-resource-management-200-2217-missing-authorization-to-authenticated-employee-privilege-escalation-via-wp_ajax_hrm_insert_employee-ajax-action</loc>
<lastmod>2025-07-03T12:17:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1380-missing-authorization-to-privatepassword-protected-post-read</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/charity-zone/charity-zone-111-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-rest-api/wp-rest-api-wp-api-121-sensitive-information-disclosure</loc>
<lastmod>2015-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-316-authenticated-contributor-sql-injection-via-order-parameter</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/truemag/truemag-43142-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-seo-author-snippets/google-seo-pressor-for-rich-snippets-122-cross-site-scripting</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clyp/clyp-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-menu/openmenu-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/chaty-309-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel/carousel-ultimate-18-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-facebook-connect/nextend-social-login-and-register-3112-reflected-self-based-cross-site-scripting-via-error_description</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pubydoc-data-tables-and-charts/pubydoc-206-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boxed-content/boxed-content-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2028-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-icons/file-icons-21-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmash/newsmash-1071-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modalier-elementor/modalier-for-elementor-106-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vospari-forms/vospari-forms-14-reflected-cross-site-scripting</loc>
<lastmod>2016-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/indeed-membership-pro-127-unauthenticated-privilege-escalation</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20230809-unauthenticated-stored-cross-site-scripting-via-user-submitted-content</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-social_icon_1-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elegant-pink/elegant-pink-130-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-banner/simple-banner-2110-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp/wp-chat-app-362-authenticatedcontributor-stored-cross-site-scripting-via-block-image-attribute</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-pro-4912-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-102-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-106-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-277-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-fancy-lightbox/ari-fancy-lightbox-138-reflected-cross-site-scripting</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1238-authenticated-employee-privilege-escalation</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progressmatify-blocks/progress-bar-blocks-for-gutenberg-100-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2025-11-10T15:28:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aitasi-coming-soon/aitasi-coming-soon-202-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photospace-responsive/photospace-responsive-211-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-488-unauthenticated-sql-injection</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extend-link/extend-link-200-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fwdmsp/mp3-sticky-player-80-unauthenticated-arbitrary-file-readdownload</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-video-for-everybody/external-video-for-everybody-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2328-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-228-cross-site-request-forgery-via-logout</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery/imagepress-image-gallery-122-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion-and-post-title-update</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-search/premmerce-product-search-for-woocommerce-224-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-compare/wpc-smart-compare-for-woocommerce-646-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-10T18:58:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myshopkit-popup-smartbar-slidein/woocommerce-coupon-popup-smartbar-slide-in-myshopkit-109-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/diet-calorie-calculator/diet-calorie-calculator-111-missing-authorization</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontmeister/fontmeister-108-reflected-cross-site-scripting</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-392-cross-site-request-forgery-protection-bypass</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-6419-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-album-gallery/my-album-gallery-104-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webcake/webcake-landing-page-builder-11-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-12-04T16:38:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greeklish-permalink/greeklish-permalink-33-missing-authorization-via-cyrtrans_ajax_old-ajax-action</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-to-csv/post-to-csv-by-bestwebsoft-138-authenticated-author-csv-injection</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1207-authenticated-sql-injection</loc>
<lastmod>2017-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/felan-framework/felan-framework-113-reflected-cross-site-scripting</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-on-demand-search-and-replace/cm-on-demand-search-and-replace-130-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-20241014-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recentcomments/wp-recentcomments-227-unauthenticated-information-exposure</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erident-custom-login-and-dashboard/erident-custom-login-dashboard-341-cross-site-request-forgery</loc>
<lastmod>2015-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-165-cross-site-request-forgery</loc>
<lastmod>2020-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-coming-soon/ultimate-coming-soon-maintenance-109-missing-authorization-to-authenticated-subscriber-template-name-update</loc>
<lastmod>2024-12-05T19:35:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-salesiq/zoho-salesiq-108-cross-site-request-forgery</loc>
<lastmod>2019-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastfm-recent-album-artwork/lastfm-recent-album-artwork-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T14:46:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lava-directory-manager/lava-directory-manager-1134-unauthenticated-stored-cross-site-scripting-via-new-listing</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-provider/wp-oauth-server-423-cross-site-request-forgery-to-arbitrary-post-deletion-wo_ajax_remove_client</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kaswara/kaswara-modern-vc-addons-301-missing-authorization</loc>
<lastmod>2021-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-weather/awesome-weather-widget-302-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/preschool-and-kindergarten/preschool-and-kindergarten-125-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-by-funnelkit-3111-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-contact-line/mobile-contact-line-240-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-614-unauthenticated-blind-sql-injection-via-time-parameter</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doneren-met-mollie/doneren-met-mollie-2107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beds24-online-booking/beds24-online-booking-2029-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider-and-showcase/testimonial-slider-236-missing-authorization-to-authenticated-author-settings-update</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-categories-to-pages/map-categories-to-pages-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-forms/advanced-forms-for-acf-168-insecure-direct-object-reference</loc>
<lastmod>2020-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/g5plus-april/g5plus-april-68-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ifeature-slider/ifeature-slider-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailrelay/mailrelay-211-cross-site-request-forgery-via-render_admin_page</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-20260217-unauthenticated-stored-cross-site-scripting-via-c</loc>
<lastmod>2026-03-12T00:21:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird-pro/filebird-pro-651-missing-authorization</loc>
<lastmod>2025-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-compliance/cookie-information-free-gdpr-consent-solution-207-reflected-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-child-theme-generator/wps-child-theme-generator-12-directory-traversal</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-362-unvalidated-redirect-in-password-reset-flow-via-edd_redirect</loc>
<lastmod>2025-12-30T17:50:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-1910-cross-site-request-forgery</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leartes-try-exchange-rates/leartes-try-exchange-rates-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alipay/wordpressalipaytenpaypaypal-370-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-composer/header-footer-composer-for-elementor-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-508-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mingle-forum/mingle-forum-1033-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-payphone-gateway/woocommerce-payphone-gateway-320-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-739-missing-authorization</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alttext-ai/alt-text-ai-automatically-generate-image-alt-text-for-seo-and-accessibility-149-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-05-14T11:58:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2097-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-users/wordpress-users-14-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-real-estate-plugin/firestorm-professional-real-estate-2711-authenticated-administrator-sql-injection</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/savory/savory-25-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ekc-tournament-manager/ekc-tournament-manager-221-cross-site-request-forgery-to-tournament-and-team-creation</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-file-uploads-wc-pro/drag-and-drop-multiple-file-upload-pro-woocommerce-171-and-50-505-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-01T14:29:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/puzzles/puzzles-wp-magazine-review-with-store-wordpress-theme-rtl-424-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ns-ie-compatibility-fixer/ns-ie-compatibility-fixer-215-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-06T18:32:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsupp-live-chat/smartsupp-live-chat-ai-shopping-assistant-and-chatbots-391-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dancepress-trwa/dancepress-trwa-3111-cross-site-request-forgery</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multi-currency/curcy-237-missing-authorization-to-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11359-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dbmanager/wp-db-manager-272-arbitrary-file-read</loc>
<lastmod>2014-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-6411-authenticated-contributor-stored-cross-site-scripting-via-button-widget-custom-attributes</loc>
<lastmod>2026-05-21T19:17:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-272-authenticated-contributor-stored-stored-cross-site-scripting</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-nav-archives/simple-nav-archives-213-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-3510-unauthenticated-sql-injection</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-context/widget-context-133-cross-site-request-forgery-to-settings-update-via-wl-parameter</loc>
<lastmod>2026-05-21T19:25:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-3114-sql-injection</loc>
<lastmod>2016-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1193-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-279-reflected-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-membership-profile-registration-post-submission-plugin-for-wordpress-3525-authenticated-admin-sql-injection</loc>
<lastmod>2021-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-connector/post-connector-104-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-reader/rss-feed-reader-01-cross-site-scripting</loc>
<lastmod>2011-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-learning-pro/ultimate-learning-pro-39-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/semrush-contentshake/semrush-content-toolkit-1132-cross-site-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-322-missing-authorization-via-save_view</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crazy-call-to-action-box/crazy-call-to-action-box-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-custom-anti-spam-image/peters-custom-anti-spam-323-cross-site-request-forgery-via-cas_register_post-function</loc>
<lastmod>2024-12-17T20:49:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jemployee/job-board-manager-for-wordpress-10-unauthenticated-privilege-escalation</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11411-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suevafree-essential-kit/suevafree-essential-kit-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:44:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-store-location/map-store-locator-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-menu-image/wp-menu-image-22-missing-authorization-to-unauthenticated-menu-image-deletion</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41035-regular-expressions-denial-of-service</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-missing-authorization-to-non-arbitrary-file-upload</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wholesale-pricing/premmerce-wholesale-pricing-for-woocommerce-1110-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1g-music-share/1g-music-share-151-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrestaurants/vikrestaurants-table-reservations-and-take-away-152-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixobe-cartography/pixobe-cartography-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-woo-dynamic-pricing/dynamic-pricing-with-discount-rules-for-woocommerce-459-authenticated-shop-manager-arbitrary-code-execution</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-in/stock-in-out-104-reflected-cross-site-scripting</loc>
<lastmod>2021-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counters-block/counters-block-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whydonate/whydonate-free-donate-button-crowdfunding-fundraising-4015-missing-authorization-to-unauthenticated-wp_wdplugin_style-rww-deletion</loc>
<lastmod>2025-10-14T19:46:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ashtanga/ashtanga-12-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1366-cross-site-scripting</loc>
<lastmod>2017-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-base-booking-of-appointments-services-and-events/wp-base-booking-of-appointments-services-and-events-492-reflected-cross-site-scripting</loc>
<lastmod>2025-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shop-as-a-customer-for-woocommerce/shop-as-a-customer-for-woocommerce-123-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-cloak-affiliate-links/woocommerce-cloak-affiliate-links-1033-missing-authorization-to-unauthenticated-permalink-modification</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bauernregeln/bauernregeln-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analyticator/google-analyticator-6495-cross-site-scripting</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonanza-woocommerce-free-gifts-lite/bonanza-woocommerce-free-gifts-lite-100-missing-authorization-to-authenticated-subscriber-opt-in-success</loc>
<lastmod>2025-07-28T20:26:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-logo-slider/logo-slider-373-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-odfl-edition/ltl-freight-quotes-old-dominion-edition-4210-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-2413-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-kuantokusta-for-woocommerce/feed-kuantokusta-for-woocommerce-free-53-unauthenticated-sql-injection</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-4010-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/urvanov-syntax-highlighter/urvanov-syntax-highlighter-2833-cross-site-request-forgery-via-init_ajax</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-donation-platform/donation-platform-for-woocommerce-fundraising-donation-management-129-cross-site-request-forgery-to-survey-submission</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ghostwriter/ghostwriter-14-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spam-stopper/spam-stopper-313-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-154-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql-woocommerce/wpgraphql-woocommerce-0123-information-disclosure</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshopgermany-it-recht-kanzlei/wpshopgermany-it-recht-kanzlei-20-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-post/wp-hide-post-2010-cross-site-request-forgery-via-save_bulk_edit_data</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitcoin-donate-button/bitcoin-donate-button-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-27T21:49:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/wp-delicious-recipe-plugin-for-food-bloggers-formerly-delicious-recipes-169-improper-path-validation-to-authenticated-subscriber-arbitrary-file-move-and-read</loc>
<lastmod>2024-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/free-booking-plugin-for-hotels-restaurants-and-car-rentals-easync-booking-1321-insecure-direct-object-reference-to-sensitive-information-exposure</loc>
<lastmod>2025-05-30T21:32:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-446-missing-authorization-to-settings-update-and-arbitrary-file-upload</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-youtube/dsgvo-youtube-145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1303-unauthenticated-stored-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2026-01-13T17:22:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flap/flap-business-wordpress-theme-15-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-database-reset/wp-database-reset-31-privilege-escalation</loc>
<lastmod>2020-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-add/form-builder-create-responsive-contact-forms-1984-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adventure-bucket-list/adventure-bucket-list-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-ajax-filter/category-ajax-filter-282-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twchat/twchat-send-or-receive-messages-from-users-404-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T21:18:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/role-scoper/role-scoper-obsolete-please-install-publishpress-permissions-1367-reflected-cross-site-scripting</loc>
<lastmod>2015-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-371-unauthenticated-second-order-sql-injection</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketking-multivendor-marketplace-for-woocommerce/marketking-ultimate-woocommerce-multivendor-marketplace-solution-2000-missing-authorization</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3346-reflected-cross-site-scripting-via-redirect_to-parameter</loc>
<lastmod>2026-02-17T17:51:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-missing-authorization-to-plugin-data-removal-in-reinitialize</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-539-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-addons-beaver-builder-elementor/xpro-addons-for-beaver-builder-lite-156-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-elementor-contact-form-db/formsdb-save-elementor-forms-to-google-sheets-post-type-213-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/invetex/invetex-218-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-499-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-14T18:55:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-processing-embed/wordpress-processing-embed-051-cross-site-scripting</loc>
<lastmod>2010-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-finance/wp-finance-136-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy-pro/academy-lms-pro-352-authenticated-custom-arbitrary-file-upload</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-ptb/post-type-builder-214-missing-authorization-to-arbitrary-postpage-creation</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-a-quote-button-for-woocommerce/request-a-quote-for-woocommerce-and-elementor-get-a-quote-button-product-enquiry-form-popup-product-quotation-14-unauthenticated-arbitrary-shortcode-execution-via-fire_contact_form</loc>
<lastmod>2024-11-22T21:43:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notices/notices-61-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inboundio-marketing/inboundio-marketing-201-arbitrary-file-upload</loc>
<lastmod>2015-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-a-better-search-4146-relevanssi-a-better-search-pro-2165-missing-authorization</loc>
<lastmod>2022-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-255-missing-authorization</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-709-unauthenticated-sensitive-information-exposure-via-slidersstream</loc>
<lastmod>2026-05-19T20:43:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rewardsystem/sumo-reward-points-3070-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-lite-for-elementor-294-authenticated-contributor-stored-cross-site-scripting-via-cursor_url</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-menu/wp-mobile-menu-2844-missing-authorization-to-_mobmenu_icon-post-meta-modification</loc>
<lastmod>2024-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webcamconsult/webcamconsult-150-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T18:53:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-language/xili-language-2212-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dream-gallery/dream-gallery-10-cross-site-request-forgery-to-stored-cross-site-scripting-via-dreampluginsmain-ajax-action</loc>
<lastmod>2025-12-04T17:28:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/throws-spam-away/throws-spam-away-33-cross-site-request-forgery-to-comment-modification</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/case-theme-user/case-theme-user-103-authentication-bypass-via-social-login</loc>
<lastmod>2025-08-22T18:31:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prider/prider-1131-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filter-gallery/wordpress-filter-gallery-plugin-015-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2039-directory-traversal</loc>
<lastmod>2018-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-40-missing-session-cookie-expiration</loc>
<lastmod>2012-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-371-authenticated-administrator-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-social-sharing-icons-281-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-2136-authenticated-admin-sql-injection-via-material_text</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syndicate-out/syndicate-out-09-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-log/email-log-222-stored-cross-site-scripting</loc>
<lastmod>2017-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-conditional-fields/conditional-fields-for-contact-form-7-241-missing-authorization</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cimy-header-image-rotator/cimy-header-image-rotator-611-cross-site-request-forgery</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-express-for-google/photo-express-for-google-032-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bloom/bloom-email-opt-in-111-sensitive-information-disclosure</loc>
<lastmod>2016-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks-pro/kadence-blocks-pro-237-authenticated-contributor-information-exposure</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-cart-button-labels-for-woocommerce/change-add-to-cart-button-text-for-woocommerce-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/social-sharing-plugin-sassy-social-share-3369-reflected-cross-site-scripting-via-heateor_mastodon_share-parameter</loc>
<lastmod>2024-11-29T16:31:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-visual-whmcs-element/wpbakery-visual-composer-whmcs-elements-1043-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-nmi-three-step/nmi-gateway-for-woocommerce-1611-cross-site-request-forgery</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seguro-viagem/real-seguro-viagem-205-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-354-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-invitation-codes/cm-registration-and-invitation-codes-255-missing-authorization</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-notify/site-notify-10-missing-authorization</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jwp-a11y/jwp-a11y-417-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podiant/podiant-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-scss-compiler/happy-scss-compiler-compile-scss-to-css-automatically-1310-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-audio-player/meks-smart-social-widget-16-cross-site-request-forgery-via-meks_remove_notification</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/efence/efence-132-multiple-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmention/webmention-408-reflected-cross-site-scripting-via-replytocom</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyazon/easyazon-amazon-associates-affiliate-plugin-510-reflected-cross-site-scripting-via-easyazon-cloaking-locale</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contribuinte-checkout/contribuinte-checkout-2003-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-pages/legal-pages-146-missing-authorization</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hub-core/hub-core-508-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nyla/nyla-17-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downgrade/wp-downgrade-122-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-wwe-edition/small-package-quotes-worldwide-express-edition-5218-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-simple-recaptcha/contact-form-7-captcha-008-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-plugin/listingpro-299-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bradesco-gateway/bradesco-gateway-20-cross-site-scripting</loc>
<lastmod>2013-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-popup-lightbox-maker/wp-popup-window-maker-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-rss-import-news-feeds-feed-to-post-and-autoblogging-5010-reflected-cross-site-scripting-via-classname</loc>
<lastmod>2026-01-15T19:09:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geoportail-shortcode/geoportail-shortcode-244-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayer/wp-prayer-209-cross-site-request-forgery-to-arbitrary-prayer-deletion</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-61-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-blacklist-cloud/ip-blacklist-cloud-342-authenticated-admin-path-traversal</loc>
<lastmod>2015-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-cross-site-request-forgery-via-remove_from_wishlist</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antihacker/disable-json-api-login-lockdown-xmlrpc-pingback-stop-user-enumeration-anti-hacker-scan-451-missing-authorization-to-unauthenticated-ip-address-whitelist</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-for-wp/google-adsense-banner-ads-by-adsforwp-18-cross-site-request-forgery</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forums-11513-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-151-full-path-disclosure</loc>
<lastmod>2005-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-1392-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-bar-extender/debug-bar-extender-05-reflected-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2949-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sintic_gallery/sintic_gallery-all-known-versions-arbitrary-file-upload</loc>
<lastmod>2012-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-breadcrumbs/essential-breadcrumbs-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-attachments/download-attachments-140-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snow-monkey/snow-monkey-2915-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-09-25T17:34:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-my-business-auto-publish/auto-publish-for-google-my-business-37-cross-site-request-forgery</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-302-reflected-cross-site-scripting</loc>
<lastmod>2026-02-18T14:55:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpo365-login/wpo365-login-116-authentication-bypass</loc>
<lastmod>2020-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscriber/email-subscriber-11-stored-cross-site-scripting</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/contact-form-drag-and-drop-form-builder-for-wordpress-everest-forms-149-sql-injection</loc>
<lastmod>2019-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-450-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-filter/easy-filter-110-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/owm-weather/owm-weather-5611-cross-site-request-forgery</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery-pro/nextgen-gallery-pro-319-reflected-cross-site-scripting</loc>
<lastmod>2021-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ossdl-cdn-off-linker/cdn-linker-lite-131-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-05-26T17:23:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arya-multipurpose/arya-multipurpose-105-reflected-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-menu-manager/advanced-menu-manager-296-cross-site-request-forgery-to-menu-edition</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revampcrm-woocommerce/revamp-crm-for-woocommerce-104-local-file-inclusion</loc>
<lastmod>2019-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-464-race-condition</loc>
<lastmod>2022-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5915-information-exposure</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/k-elements/k-elements-550-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fraudlabs-pro-for-woocommerce/fraudlabs-pro-for-woocommerce-2228-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-317-reflected-cross-site-scripting</loc>
<lastmod>2021-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1710-sql-injections</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chessgame-shizzle/chessgame-shizzle-130-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T18:30:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-party/illi-link-party-10-missing-authorization-to-unauthenticated-arbitrary-link-deletion</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filr-protection/filr-1210-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payplus-payment-gateway/payplus-payment-gateway-668-reflected-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navis-documentcloud/navis-documentcloud-011-reflected-cross-site-scripting</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8702003-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-23T20:04:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flex-qr-code-generator/flex-qr-code-generator-127-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-12-05T16:45:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-management/hospital-management-system-47020-11-2023-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-recent-posts-widget/acf-recent-posts-widget-593-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7310-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cover-wp/cover-wp-165-cross-site-scripting</loc>
<lastmod>2011-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-events/wooevents-412-unauthenticated-arbitrary-file-overwrite</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forum/wp-forum-24-sql-injection</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalprocessing-card-payments/nomupay-payment-processing-gateway-715-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-survey-versus-poll-image-poll-video-poll-239-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-noindex-nofollow-tool/ultimate-noindex-nofollow-tool-112-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rvg-optimize-database/optimize-database-after-deleting-revisions-511-cross-site-request-forgery-via-odb_start_manually</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-15115-cross-site-scripting</loc>
<lastmod>2013-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/kali-forms-2413-authenticated-contributor-stored-cross-site-scripting-via-kaliforms_field_components-parameter</loc>
<lastmod>2026-06-30T15:03:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgall-for-woocommerce/-522-reflected-cross-site-scripting-via-add_query_arg-function</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allow-php-in-posts-and-pages/allow-php-in-posts-and-pages-304-authenticated-subscriber-remote-code-execution-via-shortcode</loc>
<lastmod>2023-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/text-hover/text-hover-41-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-contact/aio-contact-281-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coachific-shortcode/coachific-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-userhash-shortcode-attribute</loc>
<lastmod>2026-04-14T19:47:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-formerly-woof-1343-cross-site-request-forgery</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/mojoomla-school-management-system-unspecified-version-authenticated-student-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-thank-you-page-for-woocommerce-finale-lite-sales-countdown-timer-discount-for-woocommerce-2170-missing-authorization-to-unauthenticated-system-information-disclosure</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zuut/zuut-142-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/empowerment/empowerment-102-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-post-with-other-site/sync-post-with-other-site-16-missing-authorization-to-authenticated-subscriber-post-creation-and-update</loc>
<lastmod>2024-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mygallery/myslidergallery-121-remote-file-inclusion</loc>
<lastmod>2007-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.1/wordpress-core-412-cross-site-scripting</loc>
<lastmod>2015-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-and-date-remover/wp-meta-and-date-remover-220-authenticated-subscriber-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/game-server-status/game-server-status-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/u-design/udesign-responsive-wordpress-theme-4140-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workscout/workscout-4107-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickfunnels/clickfunnels-311-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiempocom/tiempocom-012-cross-site-request-forgery-to-shortcode-deletion</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3213-cross-site-scripting</loc>
<lastmod>2018-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-helpdesk-support-ticket-system/happy-helpdesk-support-ticket-system-1010-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cycle-text-announcement/wp-cycle-text-announcement-81-authenticated-contributor-sql-injection</loc>
<lastmod>2025-10-02T22:31:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-311-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-linkedin/bestwebsofts-linkedin-105-cross-site-scripting</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-429-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-codes/add-custom-codes-480-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-1002-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-2212-cross-site-request-forgery</loc>
<lastmod>2022-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1355-cross-site-request-forgery</loc>
<lastmod>2022-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-slider/accordion-slider-196-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-garden/banner-garden-plugin-for-wordpress-013-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-342-authenticated-givewp-manager-php-object-injection</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-testing-for-wp/ab-testing-for-wordpress-1182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-26T19:05:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-assistant-connector/mobile-assistant-connector-222-sql-injection</loc>
<lastmod>2022-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basticom-framework/basticom-framework-150-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-04T19:36:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-twitch-integration/streamweasels-twitch-integration-175-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-904-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedded-video-with-link/embedded-video-41-cross-site-scripting</loc>
<lastmod>2010-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giftware/gift-cards-for-woocommerce-pro-426-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-1113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-writing-assistant/ai-content-writing-assistant-content-writer-chatgpt-image-generator-all-in-one-116-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-421-unauthenticated-sql-injection</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-mail-queue/gd-mail-queue-43-reflected-cross-site-scripting</loc>
<lastmod>2024-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pinevale/pinevale-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-woocommerce/pdf-invoice-builder-for-woocommerce-650-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-app-structured-data-for-schemaorg/schema-app-structured-data-1223-missing-authorization-via-page_init</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppdf/responsive-flipbook-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-wordpress-359-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flickr-press/wp-flickr-press-264-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imgspider/imgspider-2312-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-652-missing-authorization-to-settings-modification</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copymatic/copymatic-ai-content-writer-generator-16-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-carousel-shortcode/image-carousel-shortcode-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats/wp-stats-252-cross-site-request-forgery</loc>
<lastmod>2015-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propovoice-pro/propovoice-pro-1703-unauthenticated-sql-injection</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-caching-with-htaccess/browser-caching-with-htaccess-121-cross-site-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-153-sensitive-information-exposure</loc>
<lastmod>2022-04-18T10:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locations/locations-321-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-351-remote-code-execution-via-remote-file-inclusion</loc>
<lastmod>2013-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dynamic-links/wp-dynamic-links-101-reflected-cross-site-scripting</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ajax-contact-form/wp-ajax-contact-form-222-cross-site-request-forgery-to-arbitrary-email-deletion</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recall-products/recall-products-08-cross-site-scripting</loc>
<lastmod>2020-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debugger-troubleshooter/debugger-troubleshooter-132-unauthenticated-privilege-escalation-to-administrator-via-cookie-manipulation</loc>
<lastmod>2026-03-30T09:30:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divi-builder/elegant-themes-multiple-versions-arbitrary-file-upload</loc>
<lastmod>2020-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-category-tree/product-category-tree-25-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-bridge/forms-bridge-425-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-01-27T17:37:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-utm-tracking/utm-tags-tracking-for-contact-form-7-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenberg/gutenberg-2182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.9/wordpress-691-missing-authorization-to-authenticated-author-sensitive-information-disclosure-via-query-attachments-ajax-endpoint</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aoa-downloadable/downloable-by-american-osteopathic-association-010-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-162610-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-posts-webcam-recorder/video-posts-webcam-recorder-1554-reflected-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-14109-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hyve-lite/ai-chatbot-for-wordpress-hyve-lite-122-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2440-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ilab-media-tools/media-cloud-for-amazon-s3-imgix-google-cloud-storage-digitalocean-spaces-and-more-4524-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/images-asynchronous-load/images-asynchronous-load-105-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-1803-reflected-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multisite-content-copier-pro/multisite-content-copierupdater-pro-212-reflected-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/at-internet/at-internet-smarttag-02-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-gateway/quran-gateway-15-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-19T15:07:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enigma-chartjs/chartjs-20232-authenticatededitor-stored-cross-site-scripting</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-525-authenticated-administrator-sql-injection-via-field_conditions</loc>
<lastmod>2025-06-13T17:44:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-172-reflected-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-119-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-252-missing-authorization-to-unauthenticated-arbitrary-file-read-and-deletion</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp/mailchimp-list-subscribe-form-200-cross-site-request-forgery-to-mailchimp-list-change</loc>
<lastmod>2026-02-18T14:55:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-379-authenticated-custom-missing-authorization-to-unauthorized-event-publication-via-event_approved-parameter</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ajax-filters/advanced-ajax-product-filters-1546-reflected-cross-site-scripting</loc>
<lastmod>2021-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/easybook/cththemes-citybook-233-townhub-105-and-easybook-121-stored-cross-site-scripting</loc>
<lastmod>2019-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/jetbackup-wp-backup-migrate-restore-140-sensitive-information-disclosure</loc>
<lastmod>2020-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimole-wp/image-optimization-lazy-load-331-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-614-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-5105-authenticated-contributor-dom-based-stored-cross-site-scripting-via-lightbox-widget</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bukza/bukza-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/wptravelly-160-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-video-player/youtube-embed-263-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cardealer/cardealer-164-missing-authorization-to-authenticated-subscriber-change-and-delete-js-and-css-files</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brighttalk-wp-shortcode/brighttalk-wordpress-shortcode-240-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:22:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-21281-unauthenticated-stored-cross-site-scripting-via-headers</loc>
<lastmod>2023-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-wp-sitemap/simple-wp-sitemap-121-cross-site-request-forgery</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/restaurant-and-cafe/restaurant-and-cafe-125-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-recent-purchases/easy-digital-downloads-recent-purchases-102-unauthenticated-remote-file-inclusion</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/travelly-tour-travel-booking-manager-for-woocommerce-tour-hotel-booking-solution-215-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-responsive-gallery-album/ai-responsive-gallery-album-14-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-691-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-open-close/woocommerce-open-close-best-business-schedules-manager-430-reflected-cross-site-scripting</loc>
<lastmod>2022-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photolio/photolio-theme-all-known-versions-cross-site-scripting</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneclick-whatsapp-order/oneclick-chat-to-order-105-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2419-authenticated-path-traversal</loc>
<lastmod>2019-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember/armember-premium-67-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gocache-cdn/gocache-136-missing-authorization</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-redirect-manager/easy-redirect-manager-21818-cross-site-scripting</loc>
<lastmod>2019-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-rewards-gamification-ranks-badges-loyalty-plugin-243-missing-authorization</loc>
<lastmod>2022-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rightway/right-way-40-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-event-manager/advanced-event-manager-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/restrict-content-328-missing-authorization</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchwiz/searchwiz-100-authenticated-contributor-stored-cross-site-scripting-via-post-title</loc>
<lastmod>2026-01-13T16:43:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-comment-remix/wp-comment-remix-143-sql-injection</loc>
<lastmod>2008-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/backupguard-1146-reflected-cross-site-scripting</loc>
<lastmod>2017-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-poll/liquidpoll-3378-unauthenticated-stored-cross-site-scripting-via-form_data-parameter</loc>
<lastmod>2024-08-20T17:21:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportflow/supportflow-06-stored-cross-site-scripting-via-discussion-ticket-title</loc>
<lastmod>2016-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-popup-creator/popup-mailchimp-getresponse-and-activecampaign-intergrations-326-unauthenticated-sql-injection</loc>
<lastmod>2025-01-06T15:43:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/woof-products-filter-for-woocommerce-119-local-file-inclusion</loc>
<lastmod>2018-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptelegram-widget/telegram-widget-and-join-link-2212-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginplus/loginplus-12-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sigmize/sigmize-009-cross-site-request-forgery</loc>
<lastmod>2026-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed-plus/youtube-embed-plus-1424-missing-authorization</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-216-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fleet/fleet-manager-251-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T14:58:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keyword-meta/keyword-meta-30-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-41-improper-authentication</loc>
<lastmod>2014-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeegg-toolkit/themeegg-toolkit-129-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-popups-lite/master-popups-103-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-marktplaats-for-woocommerce/woosa-205-authenticated-administrator-arbitrary-file-read-via-log_file-parameter</loc>
<lastmod>2026-06-18T16:04:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-views-counter/post-views-counter-134-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-block-ips/login-block-ips-100-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-management-xtended/admin-management-xtended-251-missing-authorization</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kikfyre-events-calendar-tickets/event-kikfyre-218-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/gallery-blocks-with-lightbox-image-gallery-html5-video-youtube-vimeo-video-gallery-and-lightbox-for-native-gallery-321-authenticated-contributor-stored-cross-site-scripting-via-galleryid-and-classname-parameters</loc>
<lastmod>2024-06-27T20:19:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-cards/content-cards-097-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-270-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/gutenberg-essential-blocks-604-authenticated-contributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2026-05-01T16:12:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-3732-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generic-elements-for-elementor/generic-elements-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/privacy-policy-generator-terms-conditions-generator-wplegalpages-270-arbitrary-settings-update-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sifr/sifr-0681-cross-site-request-forgery</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-intense/image-intense-325-sql-injection</loc>
<lastmod>2018-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-168-sql-injection</loc>
<lastmod>2018-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-news-sliders/wp-news-sliders-10-missing-authorization</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-up/gift-up-2213-cross-site-request-forgery-via-consume_post</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qiniu-uploader/qiniu-uploader-01-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-paypal/easy-paypal-buy-now-button-173-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-switcher/favicon-switcher-1211-cross-site-request-forgery</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-3165-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reset/wp-reset-most-advanced-wordpress-reset-tool-pro-500-598-missing-authorization-to-database-reset</loc>
<lastmod>2021-11-10T14:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_copy_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-post-submission-manager-lite/frontend-post-submission-manager-lite-125-missing-authorization-to-unauthenticated-arbitrary-post-modification</loc>
<lastmod>2025-12-20T14:15:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/islamic-phrases/islamic-phrases-2122015-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:17:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multisite-clone-duplicator/multisite-clone-duplicator-153-reflected-cross-site-scripting</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/layers/layers-05-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:31:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-blocks/lazy-blocks-410-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-box/ads-box-10-sql-injection</loc>
<lastmod>2012-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inquiry-cart/inquiry-cart-342-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-179-reflected-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tooltips/simple-tooltips-213-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/good-homes/good-homes-1313-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelligent-importer/catalog-importer-scraper-crawler-514-unauthenticated-php-code-injection</loc>
<lastmod>2025-09-10T18:49:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-attempts/limit-attempts-by-bestwebsoft-118-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/verdure/verdure-organic-tea-shop-wordpress-theme-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kredeum-nfts/kredeum-nfts-the-easiest-way-to-sell-your-nfts-directly-on-your-wordpress-site-169-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:48:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porto-functionality/porto-theme-functionality-373-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-css-preview/live-css-preview-214-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-12-04T17:36:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1321-unauthenticated-stored-cross-site-scripting-via-name_directory_name</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-filter-posts/post-grid-master-3411-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/make_a_statement/make-a-statement-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-box-office/woocommerce-box-office-1150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-2211-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0857-local-file-inclusion</loc>
<lastmod>2016-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-182-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canva/canva-design-beautiful-blog-graphics-124-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-380-cross-site-request-forgery-to-publicly-accessible-form-submission-export</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio7_html5_full_width_sticky_pro/apollo-363-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disqus-comment-system/disqus-comment-system-276-cross-site-request-forgery</loc>
<lastmod>2014-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2662-missing-authorization-to-theme-settings-update</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-to-twitter/send-to-twitter-172-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress-login-register-links-on-forum-topic-pages/bbpress-login-register-links-on-forum-topic-pages-275-cross-site-request-forgery</loc>
<lastmod>2019-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedocs/wedocs-2114-missing-authorization-to-settings-update</loc>
<lastmod>2025-12-05T15:51:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microsoft-start/msn-partner-hub-287-missing-authorization</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-farsi/font-farsi-166-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-29T19:56:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-forms-multiple-form-instances/gravity-forms-multiple-form-instances-111-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-09T15:25:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-all-kinds-of-maps-and-store-locator-for-wordpress-864-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-21T21:10:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plotly/plotly-102-stored-cross-site-scripting</loc>
<lastmod>2015-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-293-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2020-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pardakht-delkhah/pardakht-delkhah-298-cross-site-request-forgery-to-form-setting-reset</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salavat-counter/salavat-counter-plugin-094-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdevtool/wpdevtool-011-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-460-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-word-count-column/admin-word-count-column-22-arbitrary-file-read</loc>
<lastmod>2022-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-tranzila-gateway/woocommerce-tranzila-gateway-108-unauthenticated-php-object-injection</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/platinum-seo-pack/platinum-seo-137-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glofox-shortcodes/glofox-shortcodes-26-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T18:24:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plausible-analytics/plausible-analytics-133-reflected-cross-site-scripting-via-page-url</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eduma/eduma-576-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luckywp-scripts-control/luckywp-scripts-control-121-cross-site-request-forgery</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/migrate-post/migrate-posts-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-chat/click-to-chat-wp-support-all-in-one-floating-widget-234-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anti-spam/titan-anti-spam-security-730-ip-spoofing-to-protection-bypass</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gnu-mailman-integration/gnu-mailman-integration-106-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12120-reflected-cross-site-scripting-via-page-and-tab</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7615-authenticated-author-stored-cross-site-scripting-via-uploaded-image-alternative-text</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171049-authenticated-author-arbitrary-file-upload-via-mainphp-upload-bypass</loc>
<lastmod>2026-03-10T15:36:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-directorybox-manager/wp-directorybox-manager-25-authentication-bypass</loc>
<lastmod>2025-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turn-off-comments-for-all-posts/turn-off-all-comments-10-reflected-cross-site-scripting</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-ecommerce-payments-and-subscriptions-made-easy-365-missing-authorization</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-news-lite/live-news-106-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stats/stats-10-stored-cross-site-scripting</loc>
<lastmod>2007-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-custom-social-share-by-codebard/fast-custom-social-share-by-codebard-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-414-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/as-english-admin/as-english-admin-100-open-redirection</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalpoll-lite/total-poll-lite-499-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointify/appointify-108-authenticated-administrator-sql-injection</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/software-issue-manager/software-issue-manager-501-authenticated-contributor-stored-cross-site-scripting-via-noaccess_msg-parameter</loc>
<lastmod>2025-08-11T16:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-staff-list/simple-staff-list-224-missing-authorization-via-ajax_flush_rewrite_rules-and-staff_member_export</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-82-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-4101-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gostats-for-wordpress/gostats-for-wordpress-14-cross-site-request-forgery-via-gostats_manage-function</loc>
<lastmod>2026-05-26T17:23:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/movies-importer/movies-bulk-importer-10-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-2012-unauthenticated-limited-code-execution</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-online/applyonline-application-form-builder-and-manager-262-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-05-21T19:49:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-html5-video/woocommerce-html5-video-1710-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickbank-ads-clickbank-widget/clickbank-affiliate-ads-120-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelmap-blog/travel-map-101-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/incredible-font-awesome/incredible-font-awesome-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zox-news/zox-news-3160-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-decaf/event-espresso-4-decaf-5037decaf-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-3290-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-fields/simple-fields-1411-cross-site-scripting</loc>
<lastmod>2019-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmcs-bridge/whmcs-bridge-63-reflected-cross-site-scripting</loc>
<lastmod>2022-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/image-gallery-responsive-photo-gallery-170-reflected-cross-site-scripting-via-linkbutton</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12023-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campaign-monitor-wp/campaign-monitor-forms-255-missing-authorization-to-authenticatedsubscriber-options-update-via-ajax_dismiss_notice</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blockade/wp-blockade-0914-missing-authorization-to-authenticated-subscriber-arbitrary-shortcode-execution-via-shortcode-parameter</loc>
<lastmod>2026-04-07T17:39:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/renewal/renewal-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-menu-widget/dropdown-menu-widget-197-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dj-email-publish/dj-emailpublish-172-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-monster/travel-monster-112-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-countdown-for-woocommerce/product-time-countdown-for-woocommerce-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spreadr-for-woocomerce/spreadr-woocommerce-104-missing-authorization-to-arbitrary-content-deletion</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapster-wp-maps/mapster-wp-maps-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-15T21:33:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-309-unauthenticated-sensitive-information-disclosure-via-type-juggling</loc>
<lastmod>2025-11-18T15:26:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-470-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-527-unauthenticated-sql-injection</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flozen-theme/flozen-151-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-checkout/wp-stripe-checkout-12237-sensitive-information-exposure-via-debug-log</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/photo-gallery-sliders-proofing-and-themes-nextgen-gallery-3598-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flynsarmy-iframe-shortcode/iframe-shortcode-105-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/precious-metals-chart-and-widgets/precious-metals-charts-and-widgets-for-wordpress-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-324-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/post-carousel-235-missing-capabilities-check</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-2014-authenticated-contributor-stored-cross-site-scripting-via-header_size-tag</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glass/glass-132-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-unlimited-database-files-backup-by-backup-for-wp-73-unauthenticated-database-back-up-exposure</loc>
<lastmod>2025-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-6412-stored-cross-site-scripting</loc>
<lastmod>2020-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speedup-optimization/speedup-optimization-159-missing-authorization-to-authenticated-subscriber-plugin-settings-update-via-speedup01_enabled-ajax-action</loc>
<lastmod>2026-03-20T15:08:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-292-and-304-sensitive-information-disclosure</loc>
<lastmod>2011-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinmonster/optinmonster-260-reflected-cross-site-scripting</loc>
<lastmod>2021-09-20T18:03:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/sliderby10web-1252-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breadcrumb-navxt/breadcrumb-navxt-610-sensitive-data-exposure</loc>
<lastmod>2018-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-missing-authorization-to-player-deletion</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-organiser/event-organiser-3129-authenticated-contributor-stored-cross-site-scripting-via-eo_events-shortcode</loc>
<lastmod>2026-06-30T15:56:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstream/wpstream-495-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2speed/wp2speed-faster-optimize-pagespeed-insights-score-90-100-101-unauthenticated-information-exposure</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shop-original/wp-shop-34316-sql-injection</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-express/webp-express-01411-arbitrary-file-read</loc>
<lastmod>2018-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-3920-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ticket-spot/event-tickets-rsvps-calendar-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:11:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-metas/custom-metas-151-reflected-cross-site-scripting</loc>
<lastmod>2016-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-minimum-amount-for-woocommerce/order-minimummaximum-amount-limits-for-woocommerce-468-authenticated-shop-manager-stored-cross-site-scripting-via-hide-add-to-cart-content-fields</loc>
<lastmod>2026-01-27T19:38:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jitsi-shortcodes/wordpress-jitsi-shortcode-01-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-the-ultimate-help-desk-support-plugin-288-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5984-authenticated-subscriber-sql-injection-via-rid-parameter</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-xml-file-export-import-for-woocommerce/order-xml-file-export-import-for-woocommerce-123-cross-site-scripting</loc>
<lastmod>2018-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-social-share-buttons/add-social-share-buttons-for-whatsapp-and-viber-11-cross-site-request-forgery</loc>
<lastmod>2018-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-and-templates-815-authenticated-contributor-stored-cross-site-scripting-via-open-street-map-widget-marker-content</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salat-times/salat-times-321-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-breadcrumbs/essential-breadcrumbs-111-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yahoo-updates-for-wordpress/yahoo-updates-for-wordpress-10-cross-site-scripting</loc>
<lastmod>2014-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-drag-drop-contact-form-builder-for-wordpress-11035-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-forms/wise-forms-120-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-1103-cross-site-request-forgery</loc>
<lastmod>2020-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolementor/codesigner-430-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gocodes/gocodes-135-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-14-sql-injection</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-iframe/custom-iframe-for-elementor-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-taxonomy-meta/category-and-taxonomy-meta-fields-100-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-1511-missing-authorization</loc>
<lastmod>2025-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-posts-and-category-for-elementor/blog-posts-and-category-filter-for-elementor-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-114-cross-site-request-forgery</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namasha-by-mdesign/namasha-by-mdesign-1200-authenticated-contributor-stored-cross-site-scripting-via-playicon_title-parameter</loc>
<lastmod>2025-06-25T14:07:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-253-authenticated-admin-php-object-injection</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rrdevs-for-elementor/rraddons-for-elementor-110-authenticated-contributor-post-disclosure</loc>
<lastmod>2025-01-10T19:02:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-75-unauthenticated-sql-injection</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-pinterest-portfolio/gs-pins-for-pinterest-lite-180-missing-authorization-via-_update_shortcode</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18160-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-ticker/stock-ticker-3232-reflected-cross-site-scripting-in-ajax_stockticker_symbol_search_test</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alone/alone-782-unauthenticated-remote-code-execution</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneelements-ultimate-addons-for-elementor/oneelements-best-elementor-addons-137-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-24T12:20:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-rewrite-analyzer/url-rewrite-analyzer-133-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-conversion-pixel/pixel-cat-lite-262-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-order-terms/i-order-terms-150-cross-site-request-forgery</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-380-unauthenticated-stored-cross-site-scripting-via-event_type</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-js-list-pages-shortcodes/wp-js-list-pages-shortcodes-121-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-attribute</loc>
<lastmod>2026-01-06T20:28:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-googleslides/jquery-googleslides-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:24:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-41611-unauthenticated-arbitrary-shortcode-execution-via-checkout-billing-fields</loc>
<lastmod>2026-04-03T22:12:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reoon-email-verifier/reoon-email-verifier-201-missing-authorization</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21113-authenticated-editor-arbitrary-file-deletion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-1718-cross-site-request-forgery</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mh-board/mh-board-1321-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/builderall-cheetah-for-wp/builderall-for-wordpress-301-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-chocolate/dt-chocolate-10-open-redirect</loc>
<lastmod>2013-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viral-signup/viral-signup-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/ai-power-complete-ai-pack-powered-by-gpt-4-181-missing-authorization-to-sensitive-data-exposure</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-244-multiple-sql-injection</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3s-cf7-zoho/w3scloud-contact-form-7-to-zoho-crm-30-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funcaptcha/funcaptcha-anti-spam-captcha-033-cross-site-request-forgery</loc>
<lastmod>2014-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-forms-for-paystack/payment-forms-for-paystack-401-authenticated-administrator-sql-injection</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fyyd-podcast-shortcodes/fyyd-podcast-shortcodes-031-authenticated-contributor-stored-cross-site-scripting-via-color-shortcode-attribute</loc>
<lastmod>2026-03-20T15:06:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoloblocks/zoloblocks-2311-missing-authorization</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtuaria-pagseguro/virtuaria-pagbank-pagseguro-para-woocommerce-363-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-in-page-for-elementor/post-in-page-for-elementor-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-contact-form-7-compact-db/advanced-contact-form-7-100-missing-authorization-to-unauthenticated-arbitrary-contact-form-submission-deletion-via-form_id-parameter</loc>
<lastmod>2026-06-23T16:41:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-23-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobica-core/jobica-core-141-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4222-free-and-2251-premium-unauthenticated-information-exposure</loc>
<lastmod>2024-08-15T13:29:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedding-barcodes-into-product-pages-and-orders/barcode-generator-for-woocommerce-204-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sendgrid-mailer/sendgrid-for-wordpress-14-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-share-buttons-adder/simple-share-buttons-adder-850-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opening-hours/were-open-141-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_AI/ultimateai-283-limited-user-password-change-due-to-improper-empty-and-missing-default-value-check</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpperformancetester/wpperformancetester-200-cross-site-request-forgery</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-line-notify/woocommerce-line-notify-117-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-1361-authenticated-contributor-sql-injection</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spectra-pro/spectra-pro-114-authenticated-contributor-stored-cross-site-scripting-via-block-ids</loc>
<lastmod>2024-08-01T17:20:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nuss/nuss-133-missing-authorization</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-core/thim-core-233-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2429-reflected-cross-site-scripting</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-12-modules-all-in-one-solution-formerly-woolentor-290-authenticated-contributor-stored-cross-site-scripting-via-wl-product-horizontal-filter-widget</loc>
<lastmod>2024-06-10T16:01:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/a-mart/a-mart-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/register-plus-redux/register-plus-redux-43-cross-site-scripting</loc>
<lastmod>2012-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sandbox/sandbox-04-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaky-paywall/leaky-paywall-4212-cross-site-request-forgery</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-contentSlider/lambertgroup-allinone-content-slider-38-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-474-cross-site-request-forgery-to-statistic-deletion</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booqable-rental-reservations/booqable-rental-2425-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linker/linker-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimeter/freemius-sdk-223-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2019-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wb-custom-product-tabs-for-woocommerce/custom-product-tabs-for-woocommerce-124-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2024-12-20T18:48:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-slideshow/wp-simple-slideshow-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-7911-7100-unauthenticated-sql-injection</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2380-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-text-widget/advanced-text-widget-212-missing-authorization-via-atw_dismiss_admin_notice</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2202-authenticated-arbitrary-file-read</loc>
<lastmod>2022-07-12T14:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-editor/table-editor-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-featured-images-extended/category-featured-images-extended-152-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-brain/open-brain-050-authenticated-administrator-stored-cross-site-scripting-via-api-key-setting</loc>
<lastmod>2026-04-15T17:42:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payflex-payment-gateway/payflex-payment-gateway-261-open-redirect</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-hours/open-hours-easy-opening-hours-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:44:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codelights-shortcodes-and-widgets/sidebar-widgets-by-codelights-14-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loan-comparison/loan-comparison-152-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publishpress-authors/co-authors-multiple-authors-and-guest-authors-in-an-author-box-with-publishpress-authors-4101-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qyrr-code/qyrr-simply-and-modern-qr-code-creation-207-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-09-29T15:22:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-widgets/wp-testimonials-142-cross-site-request-forgery-to-widget-deletion</loc>
<lastmod>2023-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dermatology-clinic/dermatology-clinic-143-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dap-to-autoresponders-daar/dap-to-autoresponders-email-syncing-10-unauthenticated-information-exposure</loc>
<lastmod>2025-03-28T18:38:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-352-authenticated-contributor-stored-cross-site-scripting-via-wpmem_user_memberships-shortcode</loc>
<lastmod>2025-05-16T21:04:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tainacan-interface/tainacan-interface-272-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worry-proof-backup/worry-proof-backup-024-authenticated-subscriber-path-traversal-via-backup-upload</loc>
<lastmod>2026-02-25T16:01:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rentfetch/rent-fetch-0324-unauthenticated-stored-cross-site-scripting-via-keyword-parameter</loc>
<lastmod>2026-02-17T15:35:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vkontakte-wall-post/vkontakte-wall-post-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flex-qr-code-generator/flex-qr-code-generator-125-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-14T19:34:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitemap-index/sitemap-index-123-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/timetics-1044-missing-authorization</loc>
<lastmod>2025-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked-pro/cooked-pro-180-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledgebase/knowledge-base-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T17:33:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-gateway/easy-digital-downloads-stripe-extension-212-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jnews/jnews-wordpress-newspaper-magazine-blog-amp-theme-806-reflected-cross-site-scripting</loc>
<lastmod>2021-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-captcha/wc-captcha-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-arbitrary-post-deletion</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eelv-newsletter/eelv-newsletter-330-reflected-cross-site-scripting</loc>
<lastmod>2013-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nasa-core/nasa-core-641-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-page-transition/easy-page-transition-101-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-1101-authenticated-editor-sql-injection</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-sizes-controller/image-sizes-controller-create-custom-image-sizes-disable-image-sizes-1010-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-finance-calculator/simple-finance-calculator-10-reflected-cross-site-scripting</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-diamond-flipbook-flash/nature-flipbook-wordpress-plugin-17-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-wordfence-extension/mainwp-wordfence-extension-407-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-230-authenticated-administrator-stored-cross-site-scripting-via-several-parameters</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-previous-216-cross-site-scripting</loc>
<lastmod>2012-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sober/sober-3512-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-content-converter/newspack-content-converter-015-missing-authorization</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-493-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bamboo-enquiries/bamboo-enquiries-193-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-721-missing-authorization-to-private-post-activity</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm-map-elementor/osm-map-widget-for-elementor-122-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-06-18T14:27:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-cleaner/database-cleaner-098-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anomify/anomify-ai-036-authenticated-administrator-stored-cross-site-scripting-via-anomify_api_key-parameter</loc>
<lastmod>2026-05-19T12:05:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-redirect/simple-redirect-11-reflected-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chameleon/chameleon-theme-39-arbitrary-file-uploads</loc>
<lastmod>2013-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filr-protection/filr-secure-document-library-1213-authenticated-contributor-arbitrary-file-uploads</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infinite-scroll/infinite-scroll-262-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-10-17T15:41:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-cookie-law/easy-cookie-law-31-cross-site-request-forgery-via-ecl_options</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotel-listing/hotel-listings-133-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-145-missing-authorization-to-unauthenticated-form-data-exfiltration-via-csv-export</loc>
<lastmod>2026-01-27T17:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-544-reflected-cross-site-scripting</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-hit-counter/post-hit-counter-132-missing-authorization</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/wp-all-import-pro-411-reflected-cross-site-scripting</loc>
<lastmod>2020-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-easiest-data-table-builder-509-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5952-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-473-cross-site-scripting-via-media-metadata</loc>
<lastmod>2017-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kidsplanet/kids-planet-2214-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clockify-lite/clockinator-lite-107-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bet-wc-2018-russia/bet-wc-2018-russia-21-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterslider/master-slider-pro-3712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-713-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/wordpress-backup-migration-147-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ilive/intelligent-wordpress-live-chat-support-plugin-utilities-104-stored-cross-site-scripting</loc>
<lastmod>2019-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/give-3220-missing-authorization-to-unauthenticated-arbitrary-earning-reports-disclosure-via-give_reports_earnings-function</loc>
<lastmod>2025-03-14T22:39:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-25-admin-sql-injection</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-gallery-lite-1872-missing-authorization-to-gallery-modification-via-envira_gallery_insert_images</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-372-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-1991-cross-site-request-forgery</loc>
<lastmod>2020-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-0170-authenticated-contributor-stored-cross-site-scripting-via-post-content</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-250-authenticated-administrator-server-side-request-forgery-via-validate_file-function</loc>
<lastmod>2025-03-25T23:22:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workreap_core/workreap-core-340-authentication-bypass</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide/slides-presentations-0039-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-3253-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-130-cross-site-request-forgery-via-wptodo_addcomment</loc>
<lastmod>2024-05-29T15:54:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/wp-all-import-345-cross-site-scripting</loc>
<lastmod>2018-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-3518-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-36-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coachify/coachify-115-missing-authorization</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-511-sensitive-information-disclosure-via-shortcode</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-show-posts/wp-show-posts-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-329-unauthenticated-sql-injection</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-airbnb-review-slider/wp-airbnb-review-slider-39-authenticated-administrator-sql-injection</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-form-registration-form-profile-form-for-user-profiles-frontend-content-forms-for-user-submissions-ugc-2811-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-900-sql-injection</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notify-odoo/notify-odoo-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-326-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-designer-pro/woocommerce-designer-pro-1926-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-10-10T20:34:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-76-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rightnow/right-now-unknown-versions-arbitrary-file-upload</loc>
<lastmod>2013-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_copy_start</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-chat-button/sticky-button-click-to-chat-10-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-2711-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-image/menu-image-icons-made-easy-307-authenticated-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxtool/foxtool-all-in-one-contact-chat-button-custom-login-media-optimize-images-252-cross-site-request-forgery-to-google-oauth-connection</loc>
<lastmod>2025-12-11T14:26:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-164-open-proxy</loc>
<lastmod>2015-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-google-map-travel/ab-google-map-travel-46-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wp-business-directory-plugin-and-classified-listings-directory-28139-missing-authorization-to-authenticated-author-arbitrary-image-attachment</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-photo-gallery-1814-missing-authorization</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/gallery-image-and-video-gallery-with-thumbnails-121-sql-injection</loc>
<lastmod>2017-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quttera-web-malware-scanner/quttera-web-malware-scanner-35141-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keywords-highlight-tool/search-engine-keywords-highlighter-013-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-77-authenticated-candidate-insecure-direct-object-reference</loc>
<lastmod>2025-12-20T01:29:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-cloud/cart66-cloud-237-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/news-event/news-event-101-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-3115-open-redirect</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-453-authenticated-contributor-sql-injection</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixabay-images/pixabay-images-20-authentication-bypass-to-arbitrary-file-upload</loc>
<lastmod>2015-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pearl/pearl-corporate-business-348-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-167-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-child-pages/cc-child-pages-142-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member-widgets-for-elementor/ultimate-member-widgets-for-elementor-23-unauthenticated-information-exposure</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-377-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-page-builder-features-333-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-genix-lite/support-genix-123-missing-authorization</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-archive-mapping/custom-query-blocks-531-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-header-footer-woocommerce-builder-template-library-2086-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/wp-all-export-pro-191-unauthenticated-remote-code-execution-via-custom-export-fields</loc>
<lastmod>2025-02-07T03:20:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/applixir/reward-video-ad-for-wordpress-16-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2026-03-20T15:16:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2-click-socialmedia-buttons/2-click-social-media-buttons-033-multiple-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hueman/hueman-3724-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-related-posts/custom-related-posts-173-missing-authorization-to-authenticated-subscriber-private-post-search-and-relation-updates</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tooltip/tooltip-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-social-bar/sticky-social-bar-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gracey/gracey-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-discount-rules/discount-rules-for-woocommerce-241-reflected-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-98810-stored-contributor-cross-site-scripting-in-profile-setting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tt-custom-post-type-creator/tt-custom-post-type-creator-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13971-authenticated-contributor-stored-cross-site-scripting-via-html-tags</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-cielo/claudio-sanches-checkout-cielo-for-woocommerce-110-insufficient-verification-of-data-authenticity-to-order-payment-status-update</loc>
<lastmod>2024-06-03T17:09:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybooktable/mybooktable-bookstore-353-cross-site-request-forgery</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openpix-for-woocommerce/openpix-2133-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-support-system/ilghera-support-system-for-woocommerce-130-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-05-12T17:11:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-login-url/custom-login-url-102-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkpreview/phees-linkpreview-167-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-event-post/themify-event-post-132-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-11659-authenticated-admin-local-file-inclusion</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadboxer/leadboxer-13-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-photo-album/easy-photo-album-115-sensitive-information-disclosure</loc>
<lastmod>2016-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-popup-for-opt-ins-lead-gen-more-1182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ct-ultimate-gdpr/ultimate-gdpr-ccpa-24-unauthenticated-settings-import-export</loc>
<lastmod>2021-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-limit-login-attempts/miniorange-limit-login-attempts-4072-administrator-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-welcome-for-beaver-builder/dashboard-welcome-for-beaver-builder-108-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elementor-addons/easy-elementor-addons-227-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/esv-bible-shortcode-for-wordpress/esv-bible-shortcode-for-wordpress-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T17:47:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-reviews/ultimate-reviews-3216-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addfreespace/addfreespace-013-cross-site-request-forgery-to-stored-cross-site-scripting-via-settings-page</loc>
<lastmod>2026-05-04T14:07:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dt-reservation-plugin/reservation-16-reflected-cross-site-scripting</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/craftis/craftis-handcraft-artisan-elementor-template-kit-128-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-15148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-templates/slider-templates-103-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-085-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-tag-manager/meta-tag-manager-32-open-redirect</loc>
<lastmod>2025-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auctions/wordpress-auction-plugin-37-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-77-unauthenticated-stored-cross-site-scripting-via-quiccloud-ccssucss-rest-api-endpoints</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-comments/add-comments-101-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-320-cross-site-request-forgery</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date/order-delivery-date-for-woocommerce-20-1231-unauthenticated-arbitrary-options-update</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_save_folder_order</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-222-missing-authorization-to-limited-privilege-escalation</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/cookie-banner-cookie-consent-consent-log-cookie-scanner-script-blocker-for-gdpr-ccpa-eprivacy-wp-cookie-consent-412-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2026-02-18T14:54:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer/loginizer-175-reflected-cross-site-scripting-via-name</loc>
<lastmod>2022-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hot-linked-image-cacher/hot-linked-image-cacher-116-reflected-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-241114-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-manager-for-wp-e-commerce/smart-manager-for-woocommerce-397-unauthenticated-sql-injection</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-5013-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-manager-for-wordpress/sermon-manager-2300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T17:25:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41028-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/femme/femme-1311-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmaster-tools/webmaster-tools-20-cross-site-request-forgery-vin-lionscripts_plg_f</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-825-authenticated-subscriber-cross-site-scripting</loc>
<lastmod>2022-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-ad-changer/cm-ad-changer-205-cross-site-request-forgery</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2210-insecure-direct-object-reference-to-authenticated-teacher-account-takeoverprivilege-escalation</loc>
<lastmod>2024-10-25T20:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/ultimate-addons-for-elementor-lite-249-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2025-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-youtube-video-player/ultimate-youtube-video-shorts-player-with-vimeo-33-missing-authorization-to-authenticated-subscriber-setting-exposure</loc>
<lastmod>2024-11-21T17:06:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duoshuo/-12-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-114-missing-authorization-via-several-functions</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-1391-missing-authorization-to-authenticated-subscriber-sensitive-information-disclosure</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepeople-post-map/codepeople-post-map-for-google-maps-126-authenticated-contributor-stored-cross-site-scripting-via-cpm_point-post-meta</loc>
<lastmod>2026-06-26T12:59:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-wp-page-post/duplicate-page-and-post-295-authenticated-contributor-sql-injection-via-meta_key-parameter</loc>
<lastmod>2025-09-09T17:40:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-513-insecure-direct-object-reference-via-quantity</loc>
<lastmod>2025-04-30T22:01:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yolink-search/yolink-search-for-wordpress-26-reflected-cross-site-scripting</loc>
<lastmod>2013-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-413-authenticated-sql-injection</loc>
<lastmod>2021-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-53-unauthenticated-arbitrary-php-object-instantiation</loc>
<lastmod>2025-04-03T16:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2930-reflected-cross-site-scripting-via-form_ids-parameter</loc>
<lastmod>2026-04-07T10:36:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protect-page/ppwp-password-protect-pages-189-protection-mechanism-bypass</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allow-php-execute/allow-php-execute-10-authenticated-editor-php-code-injection</loc>
<lastmod>2025-03-07T14:16:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-503-improper-limitation-of-file-name-to-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2023-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-122-missing-authorization-to-unauthenticated-protected-post-disclosure</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-media/sell-media-241-cross-site-scripting</loc>
<lastmod>2020-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-image-title-attribute/bulk-auto-image-title-attribute-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-quickview/quick-view-for-woocommerce-2216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-uploader/advanced-uploader-42-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack/element-pack-pro-7192-authenticated-contributor-arbitrary-file-read-and-phar-deserialization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-32-cross-site-scripting</loc>
<lastmod>2018-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mabel-shoppable-images-lite/shoppable-images-lite-123-missing-authorization</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert/mc-woocommerce-wishlist-172-missing-authorization</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-12322-cross-site-request-forgery</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-elementor-addons/wpb-elementor-addons-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-306-authenticated-contributor-local-file-inclusion-in-render_raw</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fudousan-plugin/fudousan-plugin-570-cross-site-scripting</loc>
<lastmod>2021-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-564-reflected-cross-site-scripting-cross-frame-scripting</loc>
<lastmod>2020-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cluevo-lms/cluevo-lms-e-learning-platform-1100-cross-site-request-forgery</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-16830-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2025-06-13T20:36:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-hero/slider-hero-861-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-elementor/download-manager-addons-for-elementor-130-unauthenticated-sql-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-recipe/wp-easy-recipe-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chauffeur-booking-system/chauffeur-taxi-booking-system-for-wordpress-72-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-1471-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/storepress/storepress-1012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sort-searchresult-by-title/sort-searchresult-by-title-100-cross-site-request-forgery-via-settings_page</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio/portfolio-by-bestwebsoft-240-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wheel-of-life/wheel-of-life-120-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-363-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-12-01T11:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-219-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-feather/social-media-feather-213-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/byconsole-woo-order-delivery-time/wooodt-lite-delivery-pickup-date-time-location-for-woocommerce-251-unauthenticated-full-path-dsiclosure</loc>
<lastmod>2025-02-17T15:48:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3109-authenticated-contributor-stored-cross-site-scripting-via-post-navigation-widget</loc>
<lastmod>2024-05-30T21:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accesspress-anonymous-post/accesspress-anonymous-post-280-backdoored</loc>
<lastmod>2021-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1441-authenticated-contributor-stored-dom-based-cross-site-scripting-via-id-and-data-size-parameters</loc>
<lastmod>2025-06-04T21:58:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-mailchimp/paid-memberships-pro-mailchimp-add-on-234-unauthenticated-information-disclosure</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1736-unauthenticated-server-side-template-injection-via-prefill-functionality</loc>
<lastmod>2026-03-30T09:13:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-themer/beaver-themer-149-authenticated-contributor-sensitive-information-exposure-via-shortcode</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-authenticated-subscriber-limited-arbitrary-file-upload</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-banner/random-banner-20-cross-site-scripting</loc>
<lastmod>2014-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-151-unauthenticated-arbitrary-file-deletion-via-cf7-file-field-post-value</loc>
<lastmod>2026-06-19T11:55:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kbslider/kenburner-slider-all-versions-path-traversal</loc>
<lastmod>2014-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surecart/surecart-250-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-branding-extension/mainwp-white-label-extension-411-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-157-cross-site-request-forgery-via-viewstoolsdiagnosticsinformationphp</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translatepress-multilingual/translatepress-296-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-ajax/login-with-ajax-304-cross-site-scripting</loc>
<lastmod>2012-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-5623-authenticated-administrator-directory-traversal-to-arbitrary-file-read</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advanced-shipment-tracking/advanced-shipment-tracking-for-woocommerce-326-authenticated-wordpress-options-change</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-308-missing-authorization-to-course-category-creation</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clinked-client-portal/clinked-client-portal-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-29T22:54:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-594-authenticated-contributor-stored-cross-site-scripting-via-image-url</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-bookmarks/custom-admin-bar-favorites-01-reflected-cross-site-scripting</loc>
<lastmod>2025-04-24T18:32:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amp-plus/amp-plus-30-reflected-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-arbitrary-account-changes</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/directory-listings-wordpress-plugin-ulisting-220-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-03-14T14:22:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-builder-31112-authenticated-contributor-protected-post-disclosure</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-website-translator/prisna-gwt-google-website-translator-1411-authenticated-admin-php-object-injection</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-sermons/advanced-sermons-33-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robokassa/robokassa-payment-gateway-for-woocommerce-161-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-easiest-most-advanced-wordpress-plugin-for-google-maps-409-reflected-cross-site-scripting</loc>
<lastmod>2019-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-2087-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-211-cross-site-scripting-via-post_title-parameter</loc>
<lastmod>2012-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-7061-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2021-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19625-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/wp-custom-admin-interface-732-missing-authorization-to-transients-deletion</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-4324-arbitrary-post-deletion-via-cross-site-request-forgery</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-bar/top-bar-305-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spotlight-search/advanced-all-in-one-admin-search-by-wp-spotlight-111-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-posts-scroll/featured-posts-scroll-125-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-rotator/favicon-rotator-1210-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6001-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-links/hide-links-142-unauthenticated-shortcode-execution</loc>
<lastmod>2024-11-12T13:23:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-web-share-button/share-buttons-social-media-102-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-382-authenticated-access-or-cross-site-request-forgery-leading-to-sql-injection-via-orderby-order-parameters</loc>
<lastmod>2014-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/user-private-files-file-upload-download-manager-with-secure-file-sharing-213-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-google-maps/maps-by-bestwebsoft-135-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluxtore/fluxtore-160-missing-authorization</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-5426-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2025-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-file-dropzone/woo-file-dropzone-117-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5avmanager/html5-av-manager-027-arbitrary-file-upload</loc>
<lastmod>2012-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-240422-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/vpsuform-3220-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazonify/amazonify-081-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryout-serious-slider/serious-slider-124-cross-site-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-1912-arbitrary-file-upload</loc>
<lastmod>2013-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-143-missing-authorization-to-arbitrary-attachment-resize</loc>
<lastmod>2025-11-14T15:11:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-wordpress-blocks-plugin-333-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-06-09T22:39:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3248-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-downloads-manager/lana-downloads-manager-190-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-2232-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stacker/wp-stacker-185-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-526-unauthenticated-stored-cross-site-scripting-via-form-subject</loc>
<lastmod>2024-12-13T16:24:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-4142-reflected-cross-site-scripting</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-easy-automation-integration-webhooks-workflow-builder-plugin-61002-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-01-22T16:30:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/contact-forms-by-cimatti-180-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-download-lite/subscribe-to-download-lite-129-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-slider-with-description/image-slider-with-description-92-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woocommerce-payments-480-561-authentication-bypass-and-privilege-escalation</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/echo-knowledge-base/knowledge-base-for-documentation-faqs-with-ai-assistance-11302-unauthenticated-php-object-injection-in-is_article_recently_viewed</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/provesource/provesource-social-proof-312-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-urls/simple-urls-120-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-boost/social-share-boost-44-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-links/internal-link-juicer-2234-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobbank/jobbank-123-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-mp3-player-with-playlist/html5-mp3-player-with-playlist-270-full-path-disclosure</loc>
<lastmod>2014-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobboardwp/jobboardwp-job-board-listings-and-submissions-110-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mingle-forum/mingle-forum-10321-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-monster/event-monster-139-authenticatedcontributor-php-object-injection-via-custom-meta</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-752-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3-rotating-words/animated-rotating-words-54-missing-authorization-via-save_admin_options</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-20773-arbitrary-file-upload</loc>
<lastmod>2015-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avalex/avalex-automatisch-sichere-rechtstexte-313-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trackship-for-woocommerce/trackship-for-woocommerce-175-missing-authorization</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shopo/shopo-114-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-28814-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-specific-rss-feed-menu/category-specific-rss-feed-subscription-20-cross-site-request-forgery</loc>
<lastmod>2019-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-profilr-display-social-network-profile/social-profilr-10-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-391-reflected-cross-site-scripting</loc>
<lastmod>2023-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-53-reflected-cross-site-scripting-via-account_id-and-account_username</loc>
<lastmod>2025-03-27T16:33:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockart-blocks/blockart-blocks-gutenberg-blocks-page-builder-blocks-wordpress-block-plugin-sections-template-library-215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-youtube-integration/streamweasels-youtube-integration-132-authenticated-contributor-stored-cross-site-scripting-via-sw-youtube-embed-shortcode</loc>
<lastmod>2024-10-28T21:40:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-92-shortcode-based-cross-site-scripting</loc>
<lastmod>2022-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hesabfa-accounting/hesabfa-accounting-212-reflected-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-compatibility-checker/php-compatibility-checker-152-cross-site-request-forgery</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wproject/wproject-580-reflected-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maps-for-wp/maps-for-wp-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-classified-ads-business-directory-plugin-401-reflected-cross-site-scripting</loc>
<lastmod>2024-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-296-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indieblocks/indieblocks-0132-authenticated-contributor-stored-cross-site-scripting-via-kind-parameter</loc>
<lastmod>2025-06-12T13:09:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-gallery/gallery-photo-albums-plugin-1347-cross-site-scripting</loc>
<lastmod>2015-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-viet/woo-viet-152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/davenport/davenport-versatile-blog-and-magazine-wordpress-theme-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/echelon/echelon-24-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-368-authenticated-administrator-arbitrary-file-upload-via-path-traversal</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxwpbookmark/cbx-bookmark-favorite-168-reflected-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-tracking-and-log/user-activity-tracking-and-log-408-cross-site-request-forgery</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-easy-estimates-and-invoices-2081-missing-authorization</loc>
<lastmod>2024-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-delete-revision/better-delete-revision-161-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-page-express-companion/one-page-express-companion-1643-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-lite-247-authenticated-contributor-information-disclosure</loc>
<lastmod>2025-08-14T20:16:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hack-info/hack-info-317-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/startklar-elmentor-forms-extwidgets/startklar-elementor-addons-1713-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-membership/wcfm-membership-woocommerce-memberships-for-multivendor-marketplace-2107-unauthenticated-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zegen/zegen-119-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homesweet/homesweet-real-estate-wordpress-theme-14-insecure-direct-object-reference</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netgsm/netgsm-2963-reflected-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-and-notification/booking-calendar-and-notification-403-missing-authorization-via-wpcb_all_bookings-wpcb_update_booking_post-and-wpcb_delete_posts-functions</loc>
<lastmod>2025-02-28T15:23:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-images-ai/all-imagesai-ia-image-bank-and-custom-image-creation-104-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-comment-remove/bulk-comment-remove-2-cross-site-request-forgery-via-brc_admin</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/randomquotr/randomquotr-104-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T14:55:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prevent-landscape-rotation/prevent-landscape-rotation-20-cross-site-request-forgery-via-adminpagephp</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-344-reflected-cross-site-scripting</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-site/membersonic-lite-membership-site-plugin-12-authentication-bypass</loc>
<lastmod>2016-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-ebay/wp-lister-lite-for-ebay-383-missing-authorization</loc>
<lastmod>2025-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-toolbar/web-accessibility-with-max-access-210-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-01-09T15:52:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wow-entrance-effects-wee/wow-entrance-effects-wee-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T20:10:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-forms-2019-reflected-cross-site-scripting</loc>
<lastmod>2015-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-picture-backup/flickr-picture-backup-07-arbitrary-file-upload</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3132-insecure-direct-object-reference-to-unauthenticated-sensitive-information-exposure-via-unscoped-bearer-token</loc>
<lastmod>2025-12-16T18:41:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-min-max-quantity-step-control-single/min-max-control-45-reflected-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optio-dentistry/optio-dentistry-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T16:22:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secupress/secupress-free-wordpress-security-2251-cross-site-request-forgery-to-banned-ip-address</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookx/bookx-17-path-traversal</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-avatar-reloaded/user-avatar-reloaded-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-1412-reflected-cross-site-scripting-via-asl-nounce</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saoshyant-page-builder/saoshyant-page-builder-38-missing-authorization</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scraper/wp-scraper-58-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-events-calendar/digital-events-calendar-108-authenticated-contributor-stored-cross-site-scripting-via-column-parameter</loc>
<lastmod>2025-09-10T18:54:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-310-missing-authorization</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpSS/wordpress-spreadsheet-06-unauthenticated-sql-injection</loc>
<lastmod>2008-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2920-unauthenticated-arbitrary-file-upload-via-copy_post_image</loc>
<lastmod>2025-11-06T16:28:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-membership-plugin-content-restriction-member-levels-user-profile-user-signup-4026-unauthenticated-php-object-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/konnichiwa/konnichiwa-membership-083-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-yogi/yogi-health-beauty-yoga-292-reflected-cross-site-scripting</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-374-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-cost-of-goods/ni-woocommerce-cost-of-goods-328-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4260-free-2290-premium-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-pinterest-portfolio/wordpress-pinterest-plugin-make-a-popup-user-profile-masonry-and-gallery-layout-188-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multisite-content-copier/wordpress-multisite-content-copierupdater-140-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-2222-missing-authorization</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frndzk-expandable-bottom-bar/frndzk-expandable-bottom-bar-10-authenticated-administrator-stored-cross-site-scripting-via-text-parameter</loc>
<lastmod>2025-03-24T19:33:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3135-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pf-timer/pf-timer-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fg-drupal-to-wp/fg-drupal-to-wordpress-3703-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highlight/highlight-202-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nestbyte-core/nestbyte-core-12-unauthenticated-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idx-broker-platinum/impress-for-idx-broker-261-authenticated-arbitrary-post-creation-modification-and-deletion</loc>
<lastmod>2020-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-2213-missing-authorization</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edubin/edubin-920-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-277-missing-authorization-on-rest-api-routes</loc>
<lastmod>2019-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-child-theme-creator/easy-child-theme-creator-131-cross-site-request-forgery</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-2770-authenticated-subscriber-stored-cross-site-scripting-via-link_title</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbx-restaurant-booking/cbx-restaurant-booking-121-cross-site-request-forgery-to-plugin-reset</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pvn-auth-popup/pvn-auth-popup-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-search/advanced-woo-search-277-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-470-insecure-direct-object-reference-via-order_id-parameter</loc>
<lastmod>2020-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-321-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-155-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-1471-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-registration-pro/cm-registration-pro-320-php-object-injection</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-maps/simple-maps-098-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uix-shortcodes/uix-shortcodes-204-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-in-city/events-in-city-30-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:24:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery-pro/contest-gallery-pro-19141-authenticated-administrator-sql-injection-via-wp_user_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-wordpress-blocks-plugin-319-authenticated-contributor-stored-cross-site-scripting-via-title-tag-attribute</loc>
<lastmod>2024-07-01T19:35:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-gutenberg/gutenberg-blocks-publishpress-blocks-controls-visibility-reusable-blocks-334-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-24T17:10:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1246-missing-authorization-via-fire_cron-rest-endpoint</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-conversion-pixel/pixel-cat-conversion-pixel-manager-261-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-reflected-cross-site-scripting-via-global-variables</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-16620-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-event-calendar/spidercalendar-1551-sql-injection</loc>
<lastmod>2017-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed/youtube-embed-531-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-assistant/debug-assistant-14-cross-site-request-forgery-via-imlt_create_admin</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-mu-secure-invites/secure-invites-13-reflected-cross-site-scripting</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webbricks-addons/web-bricks-addons-for-elementor-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-240-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements/thegem-theme-elements-for-wpbakery-51051-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-648-cross-site-request-forgery-to-bulk-actions</loc>
<lastmod>2025-12-01T18:38:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-query/easy-query-wp-query-builder-204-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-compliance/cookie-information-free-gdpr-consent-solution-2022-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-post-dripper-extension/mainwp-post-dripper-extension-404-missing-authorization-to-arbitrary-pagepost-deletion</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hosting-performance-check/wp-hosting-performance-check-2188-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4284-missing-authorization-to-unauthenticated-image-upload-via-ep_upload_file_media-ajax-endpoint</loc>
<lastmod>2026-02-16T17:29:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2622-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quizzin/quizzin-1014-reflected-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/cookie-notice-for-gdpr-ccpa-eprivacy-consent-403-missing-authorization</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fareharbor/fareharbor-for-wordpress-367-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-1924-authenticated-cross-site-scripting</loc>
<lastmod>2020-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-action-button/floating-action-button-121-cross-site-request-forgery</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indieauth/indieauth-454-cross-site-request-forgery-to-account-takeover-via-stolen-oauth-tokens</loc>
<lastmod>2025-10-23T19:57:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-amaps/wp_amaps-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caching-compatible-cookie-optin-and-javascript/caching-compatible-cookie-opt-in-and-javascript-0010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1022-cross-site-request-forgery-to-template-creation</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sema-api/sema-api-527-reflected-cross-site-scripting-via-catid-parameter</loc>
<lastmod>2025-01-08T22:08:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58009-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmsmasters-content-composer/cmsmasters-content-composer-188-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-for-wp/related-posts-for-wordpress-211-reflected-cross-site-scripting</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-express-checkout/wp-express-checkout-accept-paypal-payments-237-unauthenticated-price-manipulation</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-content/nelio-content-420-authenticated-contributor-sql-injection</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/particle-background/particle-background-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:03:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clicky/clicky-by-yoast-15-stored-cross-site-scripting</loc>
<lastmod>2016-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/statify-widget/statify-widget-146-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-by-adtribes-woocommerce-product-feeds-for-google-facebookmeta-bing-more-1325-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-wp-admin-login/wordpress-all-in-one-login-plugin-208-ip-sooofing-to-protection-mechanism-bypass</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-chart-builder/easy-chart-builder-for-wordpress-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-297-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghl-wizard/lc-wizard-1210-130-missing-authorization-to-unauthenticated-privilege-escalation</loc>
<lastmod>2025-11-06T14:58:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-stored-cross-site-scripting-via-comments-via-urls</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-header-footer-woocommerce-builder-template-library-2082-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photome/photome-572-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-392-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-143-missing-authorization-to-authenticated-contributor-plugin-settings-update</loc>
<lastmod>2025-10-31T16:53:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prismatic/prismatic-27-reflected-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-hyperlink-urls/auto-hyperlink-urls-541-tab-nabbing</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberful-wp/memberful-1750-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-explorer/code-explorer-145-authenticated-admin-external-file-reading</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymc-smart-filter/ymc-filter-3115-unauthenticated-sql-injection</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-dj-manager/mdjm-event-management-1783-authenticated-administrator-arbitrary-file-upload-via-mdjm_email_upload_file-parameter</loc>
<lastmod>2026-06-05T14:20:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearfy/clearfy-cache-204-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1325-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-pickupp/woocommerce-pickupp-240-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-405-cross-site-request-forgery</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-11917-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordtube/wordtube-143-remote-file-inclusion</loc>
<lastmod>2007-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-hide-login/easy-hide-login-108-cross-site-request-forgery</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-598-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxypress/foxypress-049-sql-injection</loc>
<lastmod>2012-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-302-cross-site-scripting</loc>
<lastmod>2010-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-geometa/wp-geometa-034-035-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-wp_ajax_wpgm_start_geojson_import-function</loc>
<lastmod>2025-05-30T18:05:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-263-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/os-our-team/os-our-team-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aapanel-wp-toolkit/aapanel-wp-toolkit-10-11-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-auto_login-function</loc>
<lastmod>2025-07-17T16:21:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar-event/event-calendar-146-reflected-cross-site-scripting</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1123-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/movies/movies-06-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-cross-site-request-forgery</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strategery-migrations/strategery-migrations-10-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-xpro-addons-for-elementor-free-1467-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-07T22:00:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avchat-3/avchat-video-chat-22-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3493-unprotected-storage-of-potentially-sensitive-files</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-328-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-picker/mail-picker-1014-unauthenticated-php-object-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iconize/iconize-124-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-elementor/extensions-for-elementor-2032-authenticated-contributor-stored-cross-site-scripting-via-ee-events-and-ee-flipbox-widget</loc>
<lastmod>2024-07-08T19:48:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-post-shortcode/related-post-shortcode-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1410-authenticated-subscriber-directory-traversal</loc>
<lastmod>2024-10-24T17:56:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-add/form-builder-1990-unauthenticated-csv-injection</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-340-unauthenticated-information-exposure-via-get_megamenu_content-function</loc>
<lastmod>2025-02-18T22:37:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-4311-missing-authorization-to-authenticated-subscriber-unauthorized-ai-api-usage</loc>
<lastmod>2026-04-23T14:45:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/st-daily-tip/st-daily-tip-47-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-on-postpage/google-map-on-postpage-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chatbot/wp-chatbot-for-messenger-47-missing-authorization</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility/accessibility-106-cross-site-request-forgery</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-blocks/gutenberg-blocks-acf-blocks-suite-2611-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-auth/http-auth-032-cross-site-request-forgery</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bin-stripe-donation/stripe-donation-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-1289-authenticated-subscriber-sql-injection-via-export</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase/team-showcase-29-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2934-cross-site-request-forgery</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-hotel/easy-hotel-booking-196-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-expand-tabs-free/wp-tabs-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-video-box/multi-video-box-152-reflected-cross-site-scripting-via-video_id-and-group_id-parameters</loc>
<lastmod>2025-03-21T17:53:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-header-images/wp-header-images-200-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ydn-download/download-downloads-wordpress-download-plugin-by-edmon-142-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preloader-quotes/preloader-quotes-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwp/backwp-202-reflected-cross-site-scripting</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/useragent-spy/useragent-spy-131-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-memory/memory-usage-245-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2022-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blog-and-widgets/wp-blog-and-widget-23-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-619-authenticated-contributor-information-disclosure</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vasaio-qr-code/vasaio-qr-code-125-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-alidropship/ald-dropping-and-fulfillment-for-aliexpress-and-woocommerce-1021-cross-site-request-forgery-to-order-information-disclosure</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hana-flv-player/hana-flv-player-313-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eds-font-awesome/eds-font-awesome-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:15:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-166-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reuters-direct/reuters-direct-300-missing-authorization-to-unauthenticated-settings-reset</loc>
<lastmod>2025-11-26T14:20:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-258-cross-site-scripting</loc>
<lastmod>2017-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16106-unauthenticated-arbitrary-appointment-view-modification-and-deletion</loc>
<lastmod>2026-05-06T13:33:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highlight/highlight-093-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-414-stored-cross-site-scripting</loc>
<lastmod>2016-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-audit/content-audit-160-authenticated-admin-sql-injection</loc>
<lastmod>2014-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/huskerportfolio/husker-portfolio-03-arbitrary-file-upload</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipblocklist/ipblocklist-10-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classified-ads-146-server-side-request-forgery</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-elementor-addons/better-elementor-addons-141-authenticatedcontributor-local-file-inclusion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/quick-interest-slider-315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-editor-by-pixo/image-editor-by-pixo-238-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-bolt/backup-bolt-141-cross-site-request-forgery</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sopa-blackout/sopa-blackout-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-site-builder/zita-site-builder-102-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-widgets-shortcode/wordpress-widgets-shortcode-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-1-wordpress-booking-plugin-21-authenticated-sql-injection</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-840-reflected-cross-site-scripting</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode-site-under-construction/wp-maintenance-mode-site-under-construction-43-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-111311-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-spoiler/simple-spoiler-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-slider/pickplugins-product-slider-for-woocommerce-11341-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-repost/wp-repost-01-authenticated-administrator-stored-cross-site-scritping</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-and-social-locker-arsocial/social-share-and-social-locker-141-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multilevel-referral-plugin-for-woocommerce/multilevel-referral-affiliate-plugin-for-woocommerce-228-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-28T15:26:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bzscore-live-score/bzscore-live-score-103-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-menu/shortcode-menu-32-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campus-directory/faculty-staff-and-student-directory-plugin-campus-directory-174-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-50-sql-injection</loc>
<lastmod>2015-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-and-registration-5275-missing-authorization</loc>
<lastmod>2026-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon-list-block/icon-list-block-add-icon-based-lists-with-custom-styles-121-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-11-18T01:11:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doofinder-for-woocommerce/doofinder-for-woocommerce-21013-unauthenticated-information-exposure</loc>
<lastmod>2026-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-pdf-stamper/easy-digital-downloads-pdf-stamper-10-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-gutenberg-1431-authenticated-cross-site-scripting-in-various-blocks</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/north-wp/north-575-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-authenticated-information-disclosure-via-rest-api</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-for-elementor-83-authenticated-contributor-stored-cross-site-scripting-via-animated_text_class</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/photo-gallery-sliders-proofing-and-themes-420-insecure-direct-object-reference-to-authenticated-subscriber-image-deletion-via-rest-api</loc>
<lastmod>2026-05-19T17:01:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-247-authenticated-editor-sql-injection</loc>
<lastmod>2026-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profitori/the-e-commerce-erp-2113-missing-authorization</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-4441-authenticated-author-arbitrary-file-upload-via-wxr-upload-bypass</loc>
<lastmod>2025-12-05T21:07:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-link-preview/visual-link-preview-231-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-widget/testimonials-widget-404-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-elementor-contact-form-db/contact-form-db-elementor-17-reflected-cross-site-scripting</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tw-image-hover-share/quantic-social-image-hover-108-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-04T16:30:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-registration-forms/easy-registration-forms-206-csv-injection</loc>
<lastmod>2020-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oa-social-login/social-login-590-authentication-bypass-via-disqus-oauth-provider</loc>
<lastmod>2024-11-22T15:08:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-pyramid/seo-pyramid-198-reflected-cross-site-scripting</loc>
<lastmod>2025-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/html5-video-player-2526-unauthenticated-sql-injection</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sip-reviews-shortcode-woocommerce/sip-reviews-shortcode-for-woocommerce-123-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-music-player-podcast-player-radio-by-sonaar-5701-missing-authorization-to-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-plus-one-bottom/google-plus-one-bottom-002-cross-site-request-forgery-to-plugin-settings-update-via-settings-page</loc>
<lastmod>2026-06-01T19:43:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcom-member/wpcom-member-1714-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2025-10-31T13:35:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-management-system-for-gamification-ranks-badges-and-loyalty-program-2971-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-12-18T20:25:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-extra-fields/profile-extra-fields-by-bestwebsoft-106-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7111-authenticatedcontributor-server-side-request-forgery-via-ajax_import_options</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-on-ajax_save_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-3281-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-203-cross-site-scripting</loc>
<lastmod>2018-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-day-ross-edition/ltl-freight-quotes-day-ross-edition-2111-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-multi-uploader/multi-uploader-for-gravity-forms-113-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-datatable/wp-jquery-datatable-401-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-pricing-table/simple-pricing-table-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-68-authenticated-subscriber-path-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-forms/mollie-forms-263-missing-authorization-to-arbitrary-post-duplication</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-to-pdf-enhanced/wp-post-to-pdf-enhanced-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-security-enhancer/wp-hide-security-enhancer-251-missing-authorization-to-unauthenticated-arbitrary-file-contents-deletion</loc>
<lastmod>2024-12-05T16:25:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-denial-of-service-via-long-password</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-event-planner/simple-event-planner-154-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-03-23T10:38:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-450-authenticated-administrator-stored-cross-site-scripting-via-form-settings</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto-payment-gateway-with-payeer-for-woocommerce/crypto-payment-gateway-with-payeer-for-woocommerce-103-unauthenticated-payment-bypass</loc>
<lastmod>2025-11-03T15:59:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tcbd-tooltip/tcbd-tooltip-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-20T15:04:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-mobile-app-framework-446-unauthenticated-privilege-escalation-via-password-reset</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-affiliate/wc-affiliate-23-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-9040-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-329-unauthenticated-limited-file-read</loc>
<lastmod>2025-10-17T17:26:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-org-chart/easy-org-chart-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-media-links/floating-social-media-links-143-remote-file-inclusion-via-fsml-hideshowjsphp-wpp-parameter</loc>
<lastmod>2012-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-search/premmerce-product-search-for-woocommerce-224-cross-site-request-forgery</loc>
<lastmod>2025-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-921-authenticated-custom-sql-injection-via-order-parameter</loc>
<lastmod>2026-04-10T12:55:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.9/wordpress-core-292-authorization-bypass</loc>
<lastmod>2010-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate-to-wpml-export/qtranslate-x-cleanup-and-wpml-import-301-cross-site-request-forgery-via-clean_ajx</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-landing-page/wp-landing-page-093-cross-site-request-forgery-to-arbitrary-post-meta-update</loc>
<lastmod>2025-12-05T17:38:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-36-protection-mechanism-bypass</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-548-missing-authorization</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-page/duplicate-page-441-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpressplugin-upgrade-time-out-plugin/wordpressplugin-upgrade-time-out-plugin-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listsearch/buddyholis-listsearch-11-authenticated-contributor-stored-cross-site-scripting-via-placeholder-shortcode-attribute</loc>
<lastmod>2026-02-10T20:10:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-justified-gallery/flickr-justified-gallery-340-reflected-cross-site-scripting</loc>
<lastmod>2015-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-block/photo-block-151-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-builder/contact-form-builder-contact-widget-217-reflected-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-for-ultimate-member/video-photo-gallery-for-ultimate-member-113-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goodenergy/good-energy-177-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-card-generator/twitter-card-generator-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-post-filter-widgets-for-elementor/better-post-filter-widgets-for-elementor-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-facebook-comments/lazy-social-comments-204-authenticated-administrator-stored-cross-site-scripting-via-plugin-options</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6737-missing-authorization-to-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-3165-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-395-sensitive-data-exposure</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sociable/sociable-4341-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/export-any-wordpress-data-to-xmlcsv-141-wp-all-export-pro-186-authenticated-admin-remote-code-execution</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-most-recent-posts-mod/advanced-most-recent-posts-mod-1652-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-post-generator/ai-post-generator-autowriter-33-missing-authorization</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-sales-notification/wc-sales-notification-122-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mark-new-posts/mark-new-posts-751-missing-authorization-via-save_options</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aec-kiosque/aec-kiosque-193-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-361-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2020-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-editor-recorder/audio-editor-amp-recorder-223-unauthenticated-information-exposure</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliderspack-all-in-one-image-sliders/slider-a-sliderspack-23-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-post-thumbnail/magic-post-thumbnail-529-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-bolt/backup-bolt-130-sensitive-information-exposure</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexmls-idx/flexmls-idx-31427-unauthenticated-php-object-injection</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alfie-the-productfeedtool-wp-plugin/alfie-feed-plugin-121-cross-site-request-forgery-to-stored-cross-site-scripting-via-naam-parameter</loc>
<lastmod>2026-03-20T15:07:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-335-reflected-cross-site-scripting</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3313-csv-injection</loc>
<lastmod>2018-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-1147-missing-authorization</loc>
<lastmod>2020-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-yourmembership/yourmembership-single-sign-on-113-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-1127-missing-authorization</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-master/quote-master-711-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-779-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-1033-reflected-cross-site-scripting</loc>
<lastmod>2020-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-health-o-meter/page-health-o-meter-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-53810-improper-authorization-via-submit_review</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-rating-system/gd-rating-system-23-directory-traversal</loc>
<lastmod>2018-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insta-gallery/social-feed-gallery-247-cross-site-request-forgery</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alma-gateway-for-woocommerce/alma-5161-missing-authorization</loc>
<lastmod>2026-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-csv-exporter/wp-csv-exporter-136-csv-injection</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-271-authenticated-author-server-side-request-forgery-via-remote-library-image-upload</loc>
<lastmod>2026-02-24T20:06:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-updraftplus-extension/mainwp-updraftplus-extension-406-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-calendly-scheduling/embed-calendly-44-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collectchat/chatbot-for-wordpress-by-collectchat-243-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-pro-4716-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ird-slider/ird-slider-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:18:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpt-bootstrap-carousel/cpt-bootstrap-carousel-112-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-993-authenticated-admin-sql-injection-via-email-value</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timed-content/timed-content-272-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-membership/wp-membership-123-cross-site-scripting</loc>
<lastmod>2015-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dp-addthis/dp-addthis-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eu-vat-for-woocommerce/euuk-vat-manager-for-woocommerce-21212-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qode-essential-addons/qode-essential-addons-152-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertkit/convertkit-204-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-woo-brands/discover-the-best-woocommerce-product-brands-plugin-for-wordpress-woocommerce-brands-plugin-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tracking-code-manager/tracking-code-manager-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegant-blocks/elegant-blocks-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webauthn/wp-webauthn-134-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-20T15:20:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/create/create-291-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/busiprof/busiprof-252-cross-site-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-unique-article-header-image/wp-unique-article-header-image-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/annie/annie-211-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensitive-chinese-words-scanner/the-great-firewords-of-china-12-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-421-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-admin-notices/disable-admin-notices-individually-140-cross-site-request-forgery</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-139-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1017-authenticated-contributor-stored-cross-site-scripting-via-layout_type-and-id-parameters</loc>
<lastmod>2024-06-19T13:41:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingor/bookingor-201-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-medical-drawing-of-human-body/interactive-medical-drawing-of-human-body-26-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management-pro/school-management-pro-1034-authenticated-school-admin-sql-injection</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-email-inquiry-cart-options/email-inquiry-cart-options-for-woocommerce-343-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-259-stored-cross-site-scripting</loc>
<lastmod>2013-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-search/posts-search-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-pay/wp-easy-pay-free-423-missing-authorization-to-unauthenticated-service-disconnection</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-awesome/history-timeline-105-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug-author-box/social-pug-author-box-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-3183-authenticated-contributor-stored-cross-site-scripting-via-get_image_alt</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpematico/wpematico-rss-feed-fetcher-287-cross-site-request-forgery-to-plugin-deactivation-via-handle_feedback_submission-function</loc>
<lastmod>2025-07-25T14:59:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-plus/grid-plus-33-reflected-cross-site-scripting</loc>
<lastmod>2025-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3136-authenticated-contributor-stored-cross-site-scripting-via-lw_content_block-shortcode</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-portfolio/premium-portfolio-features-for-phlox-theme-234-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-28T23:34:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-326-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kodex-posts-likes/kodex-posts-likes-250-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T12:18:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fiddle/wp-fiddle-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-lockdown/post-lockdown-402-missing-authorization-to-authenticated-subscriber-post-disclosure</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-1041-authenticated-contributor-stored-cross-site-scripting-via-tableon_popup_iframe_button-shortcode</loc>
<lastmod>2025-06-20T18:15:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-bootstrap-blocks/all-bootstrap-blocks-1328-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-event-history/timeline-event-history-32-reflected-cross-site-scripting</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vietnam-checkout/woocommerce-vietnam-checkout-205-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-61012-cross-site-request-forgery-to-unauthorized-post-editing</loc>
<lastmod>2025-02-28T15:24:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-audio-dock/themify-audio-dock-204-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-follow-up-emails/woocommerce-follow-up-emails-4940-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveys/surveys-1018-authenticated-sql-injection</loc>
<lastmod>2017-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-tiktok-feed/feeds-for-tiktok-display-video-feeds-in-grid-layouts-1024-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-413-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/project-cost-calculator/project-cost-calculator-100-missing-authorization</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-buttons-creator/simple-buttons-creator-104-cross-site-request-forgery-to-arbitrary-button-deletion</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/image-gallery-photo-grid-video-gallery-2133-missing-authorization-to-authenticated-author-arbitrary-gallery-modification</loc>
<lastmod>2025-12-15T02:22:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-elementor-addons-and-templates-171-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donation-forms-by-givecloud/donation-forms-wp-by-givecloud-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-library-categories/media-library-categories-200-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wiguard/wiguard-201-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-page-numbers/wp-page-numbers-05-cross-site-request-forgery-via-wp_page_numbers_settings</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mermaid/wp-mermaid-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-tabs/carousel-slider-226-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-by-wp-academy/wp-clone-242-sensitive-information-exposure</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-3933-simple-download-monitor-3933-authenticated-contributor-sql-injection-via-order-parameter-in-log-export-functionality</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-buttons/social-share-buttons-for-wordpress-27-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verowa-connect/verowa-connect-323-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-336-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/buzzclub/buzz-club-night-club-dj-and-music-festival-event-wordpress-theme-204-missing-authorization-to-authenticated-subscriber-limited-arbitrary-option-update</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-slug/custom-author-url-201-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-one/google-1-by-bestwebsoft-134-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-hygiene/media-hygiene-301-missing-authorization-to-authenticated-subscriber-arbitrary-attachment-deletion</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/multiple-plugins-various-versions-authenticated-contributor-stored-dom-based-cross-site-scripting-via-featherlightjs-javascript-library</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-rankings-testing-tool/seo-scout-0983-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-204-authenticated-scubscriber-stored-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gestpay-for-woocommerce/gestpay-for-woocommerce-20221130-cross-site-request-forgery-csrf-via-ajax_unset_default_card</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-151-privilege-escalation</loc>
<lastmod>2018-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-githuber-md/wp-githuber-md-1163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ctl-arcade-lite/ctl-arcade-lite-10-cross-site-request-forgery-to-plugin-activation-and-deactivation</loc>
<lastmod>2025-11-10T15:12:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cozystay/cozystay-191-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-6418-missing-authorization</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-2951-cross-site-scripting</loc>
<lastmod>2017-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maz-loader/maz-loader-preloader-builder-for-wordpress-132-sql-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-config-tool/debug-log-manger-tool-145-unauthenticated-information-exposure-via-logs</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-social-connect/bp-social-connect-15-authentication-bypass</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-actions-and-filters/add-shortcodes-actions-and-filters-209-reflected-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/multiple-miniorange-plugins-various-version-reflected-cross-site-scripting</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-login-page/custom-login-page-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-my-account-for-woocommerce/sysbasics-customize-my-account-for-woocommerce-436-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-17T17:37:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-payments/accept-stripe-payments-2079-insecure-direct-object-reference</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fullcalendar/wp-fullcalendar-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-companion/z-companion-1013-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform-pro/metform-pro-391-missing-authorization</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amp-wp/amp-wp-1515-cross-site-request-forgery-via-multiple-settings-pages</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/occupancyplan/occupancyplan-1030-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-arbitrary-roles-and-capabilities-creationdeletion</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-find-your-nearest/wp-find-your-nearest-031-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-flip-image-gallery/page-flip-image-gallery-022-directory-traversal</loc>
<lastmod>2008-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode/coming-soon-maintenance-mode-105-information-exposure</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-elementor-addons-with-white-label-free-widgets-hover-effects-conditions-animations-2086-authenticated-contributor-stored-cross-site-scripting-via-fancybox</loc>
<lastmod>2025-08-11T18:42:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capitalize-my-title/capitalize-my-title-053-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reflex-gallery/reflex-gallery-wordpress-photo-gallery-314-arbitrary-file-upload</loc>
<lastmod>2015-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-right-click-for-wp/disable-right-click-for-wp-116-cross-site-request-forgery</loc>
<lastmod>2022-05-04T12:11:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-table-builder/smart-table-builder-101-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-09-05T14:47:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-5111-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixabay-images/pixabay-images-34-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-06-17T14:04:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post-page-menu-custom-post-type/duplicate-post-page-menu-custom-post-type-231-missing-authorization</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-1031-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-272-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-329-cross-site-request-forgery-via-getpluginstatus</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latex2html/latex2html-254-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gulri-slider/gulri-slider-358-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedder-for-google-reviews/embedder-for-google-reviews-173-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertpro/convert-pro-175-missing-authorization</loc>
<lastmod>2023-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-521-unauthenticated-stored-cross-site-scripting-via-user_id-parameter</loc>
<lastmod>2024-11-14T16:30:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alobaidi-captcha/alobaidi-captcha-103-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2025-08-14T20:13:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ops-robots-txt/on-page-seo-whatsapp-chat-button-101-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpify-woo/wpify-woo-czech-408-missing-authorization</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-quote-calculator-order/woocommerce-quote-calculator-11-unauthenticated-sql-injection</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ippsum/ippsum-120-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codecolorer/codecolorer-0101-unauthenticated-stored-cross-site-scripting-via-class-attribute-in-cc-comment-shortcode</loc>
<lastmod>2026-04-15T15:22:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/critique/critique-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artibot/artibot-free-chat-bot-for-wordpress-websites-116-authenticated-admin-cross-site-scripting</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vm-backups/vm-backups-10-cross-site-request-forgery</loc>
<lastmod>2021-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publitio/publitio-218-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universam-demo/universam-859-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheets-to-wp-table-live-sync/sheets-to-wp-table-live-sync-370-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-elementor-279-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-instagram-lite/gallery-for-social-photo-10035-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1265-reflected-cross-site-scripting</loc>
<lastmod>2019-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1211-sql-injections</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokstories/rokstories-125-cross-site-scripting</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-stream-quiz/ari-stream-quiz-1232-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluid-notification-bar/fluid-notification-bar-323-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T17:15:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/bulk-noindex-nofollow-toolkit-201-reflected-cross-site-scripting-via-tab-order-and-orderby</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-149-unauthenticated-sql-injection-via-conditions-parameter</loc>
<lastmod>2024-06-20T20:56:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-top-posts-widget/google-analytics-top-content-widget-155-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docket-cache/docket-cache-240702-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-1113-reflected-cross-site-scripting</loc>
<lastmod>2025-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialdriver-framework/swift-framework-20240430-authenticated-admin-stored-cross-site-scripting-via-auth</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-myghpay-payment-gateway/woocommerce-myghpay-payment-gateway-30-reflected-cross-site-scripting</loc>
<lastmod>2021-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-262-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-options/editorskit-1403-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-13982-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lean-wp/lean-wp-140-cross-site-request-forgery</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callrail-phone-call-tracking/callrail-phone-call-tracking-049-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eunice/eunice-all-versions-reflected-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-product-editor/ni-woocommerce-bulk-product-editor-145-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-6062-authenticated-administrator-sql-injection</loc>
<lastmod>2025-10-07T16:05:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-818-authenticated-author-directory-traversal</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/4stats/4stats-209-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-23T13:53:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediaview/mediaview-112-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-233-authenticated-stored-cross-site-scripting-via-backup_receipient-parameter</loc>
<lastmod>2021-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-1861-authenticated-administrator-stored-cross-site-scripting-via-plugins-privacy-settings</loc>
<lastmod>2025-06-25T14:11:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/minamaze/minamaze-1101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-302-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scribble-maps/scribble-maps-12-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/re-attacher/re-attacher-by-bestwebsoft-109-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-estimated-reading-time/insert-estimated-reading-time-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-carousel-elementor/testimonial-carousel-for-elementor-1011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wishlist/premmerce-wishlist-for-woocommerce-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-gravityforms-blacklist/bsk-forms-blacklist-362-authenticated-administrator-sql-injection-via-order-and-orderby</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-517-insecure-direct-object-reference-to-unauthenticated-arbitrary-order-completion-via-token-and-order_id</loc>
<lastmod>2026-03-29T12:42:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-199-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-referral-free/user-referral-80-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-synchro-pdf/videos-sync-pdf-174-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-side-tab/simple-side-tab-2114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-online-courses-quizzes-learning-4243-unauthenticated-information-exposure</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-sitemap-generator/xml-sitemaps-411-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-pdf-using-contact-form-7/generate-pdf-using-contact-form-7-412-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsense-plugin/adpush-129-reflected-cross-site-scripting</loc>
<lastmod>2015-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shine-pdf/shine-pdf-embeder-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:39:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-mobile-app-framework-444-privilege-escalation-and-account-takeover-via-weak-otp</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/wordpress-social-login-and-register-discord-google-twitter-linkedin-766-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-categories/restrict-categories-264-reflected-cross-site-scripting-via-rc-search</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/smart-post-show-post-grid-post-carousel-slider-and-list-category-posts-3012-authenticated-administrator-php-object-injection</loc>
<lastmod>2026-04-13T16:33:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vooplayer/vooplayer-v4-404-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-240-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-1186-authenticated-administrator-sql-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-various-versions-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps-pro/wp-google-maps-pro-8111-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-of-post-images/carousel-of-post-images-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-click-migration/1-click-wordpress-migration-22-unauthenticated-information-disclsoure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stagtools/stagtools-236-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wp-smart-import-113-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uleak-security-dashboard/uleak-security-monitoring-plugin-123-stored-cross-site-scripting</loc>
<lastmod>2022-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loco-translate/loco-translate-253-authenticated-php-code-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-background/video-background-274-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6710-authenticated-contributor-stored-cross-site-scripting-via-elementor-wrapperid-and-zindex</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-directory-traversal</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noindex-by-path/noindex-by-path-10-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minical/minical-hotel-booking-plugin-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-124-cross-site-request-forgery-to-plugin-channel-reset</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-activities/booking-activities-11519-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pinterest-automatic/pinterest-automatic-pin-4182-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteguard/siteguard-wp-plugin-176-login-page-disclosure</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentmx-content-publisher/contentmx-content-publisher-106-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payments-stripe-gateway/pay-with-stripe-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/casamia/casamia-property-rental-real-estate-wordpress-theme-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3564-missing-authorization</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotspots/hotspots-analytics-4012-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abtest/ab-test-for-wordpress-107-local-file-inclusion</loc>
<lastmod>2016-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitepos-lite/vitepos-317-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-187-stored-cross-site-scripting</loc>
<lastmod>2022-04-21T14:19:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-331-missing-authorization-to-authenticated-subscriber-ticket-restore</loc>
<lastmod>2025-11-20T17:01:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proof-factor-social-proof-notifications/proof-factor-8211-social-proof-notifications-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-036-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-shortcode-and-widget/tabs-shortcode-and-widget-117-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player-with-playlist/html5-video-player-with-playlist-250-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1265-missing-authorization</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabby-checkout/tabby-checkout-584-unauthenticated-information-exposure</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datepicker/wp-datepicker-210-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elasticpress/loader-utils-js-package-203-prototype-pollution</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-294-arbitrary-file-upload</loc>
<lastmod>2020-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ruza/ruza-107-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-156-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-198-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-quick-view/wpc-smart-quick-view-for-woocommerce-402-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9300-reflected-cross-site-scripting</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.6/wordpress-core-361-open-redirect</loc>
<lastmod>2013-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-abandoned-cart-recovery/abandoned-cart-recovery-for-woocommerce-104-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allwebmenus-wordpress-menu-plugin/allwebmenus-wordpress-menu-plugin-113-remote-file-inclusion</loc>
<lastmod>2011-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viral-loops-wp-integration/viral-loops-wp-integration-381-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-326-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T16:50:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/import-export-all-wordpress-images-users-post-types-387-reflected-cross-site-scripting</loc>
<lastmod>2018-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-missing-authorization-in-categorifyajaxupdatefolderposition</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-463-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecab-taxi-booking-manager/e-cab-taxi-booking-manager-for-woocommerce-201-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-professional-5156-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/weeklynews/weekly-news-229-cross-site-scripting</loc>
<lastmod>2015-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/annie/annie-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fullcalendar/fullcalendar-16-unauthenticated-information-exposure</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-224-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-list/medialist-139-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/wordpress-tag-category-and-taxonomy-manager-ai-autotagger-3320-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slek-gateway-for-woocommerce/slek-gateway-for-woocommerce-10-unauthenticated-insufficiently-protected-credentials-via-payment-redirect-form-hidden-fields</loc>
<lastmod>2026-05-11T19:06:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/archive-page/archive-page-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bizapp-for-woocommerce/bizapp-for-woocommerce-208-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:42:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-270-authenticated-instructor-insecure-direct-object-reference-to-arbitrary-course-deletion</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/total-security/total-security-34-cross-site-scripting</loc>
<lastmod>2016-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-address-blocker/ip-blocker-lite-1111-cross-site-request-forgery</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/advanced-form-integration-connect-woocommerce-and-contact-form-7-to-google-sheets-and-other-platforms-1820-sql-injection-to-reflected-cross-site-scripting-via-integration_id</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ce21-suite/ce21-suite-220-authentication-bypass</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/power-forms-builder/powerformbuilder-106-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-spotlight/employee-spotlight-team-member-showcase-meet-the-team-plugin-512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T16:31:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-403-missing-authorization-to-unauthenticated-sensitive-information-disclosure-via-visualizerv1actioncharttype-rest-endpoint</loc>
<lastmod>2026-06-30T15:03:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicewp/wordpress-affiliates-plugin-slicewp-affiliates-1120-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-965-authenticated-editor-stored-cross-site-scripting-via-email-settings</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kernel-theme/kernel-premium-wordpress-blog-magazine-theme-news-editorial-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-313-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2019-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-1044-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/league-of-legends-shortcodes/league-of-legends-shortcodes-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metalpriceapi/metalpriceapi-114-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/foodbakery-delivery-restaurant-directory-wordpress-theme-47-cross-site-request-forgery-in-multiple-functions</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-types-carousel-slider/post-carousel-slider-104-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-addon-templates-widgets-kits-woocommerce-builders-607-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-14T18:35:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locateandfilter/locateandfilter-1616-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-240-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-memory/memory-usage-memory-limit-php-and-server-memory-health-check-and-fix-plugin-243-cross-site-scripting</loc>
<lastmod>2022-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osd-subscribe/osd-subscribe-123-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-402-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-kick-integration/streamweasels-kick-integration-113-authenticated-contributor-stored-cross-site-scripting-via-status-classic-offline-text-parameter</loc>
<lastmod>2025-06-13T20:21:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubotchat/qubotchat-115-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-text-multilanguage/quran-multilanguage-text-audio-2323-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-add-to-cart-button-for-woocommerce/ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-122217-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-720-missing-authorization</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliding-social-icons/sliding-social-icons-161-cross-site-request-forgery-and-stored-cross-site-scripting</loc>
<lastmod>2014-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/birth-chart-compatibility/birth-chart-compatibility-20-unauthenticated-full-path-exposure</loc>
<lastmod>2025-07-21T20:51:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-free-paid-memberships-subscriptions-content-restriction-user-profile-custom-user-registration-login-builder-512-missing-authorization</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-162-sensitive-information-disclosure</loc>
<lastmod>2022-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suretriggers/suretriggers-1023-cross-site-request-forgery</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiehub/cookiehub-110-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-5611-authenticated-contributor-sensitive-information-exposure-via-content_template</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revenueflex-easy-ads/auto-ad-inserter-increase-google-adsense-and-ad-manager-revenue-15-missing-authorization-to-authenticated-editor-settings-update</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-stats/seriously-simple-stats-150-authenticated-podcast-manager-sql-injection-via-order_by</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-pro/user-registration-membership-pro-custom-registration-form-login-form-and-user-profile-513-cross-site-request-forgery-to-user-deletion</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-ultimate-invoice/peprodev-ultimate-invoice-209-insecure-direct-object-reference-to-unauthenticated-order-information-exposure</loc>
<lastmod>2025-02-18T19:27:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-1291-authenticated-administrator-directory-traversal-to-arbitrary-file-read</loc>
<lastmod>2025-04-16T17:11:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ajax-contact-form/wp-ajax-contact-form-222-reflected-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-190-protection-mechanism-bypass</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yayforms/yay-forms-embed-custom-forms-surveys-and-quizzes-easily-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:30:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snow-club/snow-club-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-3119-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5-stars-rating-funnel/5-stars-rating-funnel-1267-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1298-12997-reflected-cross-site-scripting</loc>
<lastmod>2015-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopkeeper-extender/shopkeeper-extender-70-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emc2-alert-boxes/emc2-alert-boxes-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-design/woocommerce-product-design-100-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coru-lfmember/coru-lfmember-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailjet-for-wordpress/mailjet-email-marketing-53-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripshow/stripshow-plugin-252-sql-injection</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-flash-galleries/global-flash-gallery-0151-arbitrary-file-upload</loc>
<lastmod>2011-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-3616-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-524-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-menu-or-anything-on-scroll/sticky-menu-sticky-header-220-reflected-cross-site-scripting</loc>
<lastmod>2020-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webd-woocommerce-advanced-reporting-statistics/advanced-reporting-statistics-for-woocommerce-orders-products-customers-reporting-413-unauthenticated-sql-injection</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-widgets/dynamic-widgets-1516-reflected-cross-site-scripting</loc>
<lastmod>2021-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-export-import-412-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linklaunder-seo-plugin/linklaunder-seo-0921-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-17154-cross-site-request-forgery-to-template-apply</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-admin/compact-admin-130-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimum-purchase-for-woocommerce/minimum-purchase-for-woocommerce-2001-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-contact-bar/mobile-contact-bar-304-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/motors/motors-car-dealer-rental-listing-wordpress-theme-5665-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-02T14:13:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hestia-nginx-cache/hestia-nginx-cache-240-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy-pro/brizy-pro-280-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-woocommerce-email-designer/kadence-woocommerce-email-designer-1514-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-for-woocommerce-by-wbw-312-unauthenticated-sql-injection</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/backup-guard-1146-cross-site-scripting</loc>
<lastmod>2017-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a2-optimized-wp/a2-optimized-wp-304-cross-site-request-forgery</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/wp-file-manager-64-unauthenticated-resource-access-to-site-backups</loc>
<lastmod>2020-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codeflavors-vimeo-video-post-lite/vimeotheque-2342-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-piwik-extension/mainwp-matomo-extension-404-cross-site-request-forgery</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-281-spam-injection</loc>
<lastmod>2018-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpoptin/top-bar-popups-by-wpoptin-201-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dooodl/dooodl-230-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11520-captcha-bypass</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brozzme-scroll-top/brozzme-scroll-top-185-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-254-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1315-unauthenticated-sql-injection</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3248-cross-site-request-forgery</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0991-google-drive-client-secret-exposure</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uk-cookie-consent/catapult-uk-cookie-consent-239-stored-cross-site-scripting</loc>
<lastmod>2018-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fb-messenger-live-chat/live-chat-with-messenger-customer-chat-146-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-import-kit/demo-import-kit-110-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-10-14T19:38:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notif-bell/notif-bell-098-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addonify-floating-cart/addonify-floating-cart-for-woocommerce-1217-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date/order-delivery-date-for-wp-e-commerce-pro-1240-reflected-cross-site-scripting</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptobe-memberships/wptobe-memberships-342-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-08-22T15:47:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4265-authenticated-contributor-stored-cross-site-scripting-via-layout_html-parameter</loc>
<lastmod>2024-05-09T21:13:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dofollow-case-by-case/dofollow-case-by-case-351-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-272-missing-authorization-to-authenticated-subscriber-arbitrary-wallet-balance-manipulation</loc>
<lastmod>2026-01-16T14:05:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/christmas-greetings/christmas-greetings-125-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-duplicates/find-duplicates-146-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-48-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register-social-site/registration-forms-user-registration-forms-invitation-based-registrations-front-end-user-profile-login-form-content-restriction-social-sites-login-179-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dmsguestbook/dmsguestbook-170-sql-injection</loc>
<lastmod>2008-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-browser/sermon-browser-04515-multiple-cross-site-scripting</loc>
<lastmod>2016-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pilotpress/pilotpress-2036-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-151-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nonaki-email-template-customizer/nonaki-drag-and-drop-email-template-builder-and-newsletter-plugin-for-wordpress-1011-authenticated-contributor-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2025-11-10T15:23:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-travel-and-tour-booking-plugin-675-authenticated-contributor-stored-cross-site-scripting-via-wte_trip_tax-shortcode</loc>
<lastmod>2026-04-03T19:44:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klarna-payments-for-woocommerce/klarna-payments-for-woocommerce-324-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-dark-mode/catch-dark-mode-20-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-setup/wp-quick-setup-20-missing-authorization-to-authenticated-subscriber-arbitrary-plugintheme-installation</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/album-and-image-gallery-plus-lightbox/album-and-image-gallery-plus-lightbox-162-missing-authorization</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googleanalytics/sharethis-dashboard-for-google-analytics-323-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialdriver-framework/swift-framework-20240430-authenticated-contributor-stored-cross-site-scripting-via-caption-title</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-135-reflected-cross-site-scripting-via-font-size</loc>
<lastmod>2020-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-woo-variation-swatches/gs-variation-swatches-for-woocommerce-304-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-photoswipe/simple-photoswipe-01-missing-authorization-subscriber-settings-update</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-menu/jetmenu-24111-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-reviews-wp/widget-for-google-reviews-1015-authenticated-subscriber-directory-traversal-to-local-file-inclusion</loc>
<lastmod>2025-07-07T16:50:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-profile/wp-front-end-profile-021-stored-cross-site-scripting</loc>
<lastmod>2016-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-carousel-free/logo-carousel-341-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-264-authenticated-contributor-stored-cross-site-scripting-via-jkit-banner</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3104-authenticated-contributor-dom-based-stored-cross-site-scripting-via-title_tag</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-x-discount-pop-up/coupon-x-discount-pop-up-promo-code-pop-ups-announcement-pop-up-woocommerce-popups-135-missing-authorization-to-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-01-10T14:13:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery-box-by-crudlab/image-gallery-box-by-crudlab-103-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revision-manager-tmc/revision-manager-tmc-2822-cross-site-request-forgery</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-blocks/enhanced-blocks-8211-page-builder-blocks-for-gutenberg-141-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-team-members-showcase-plugin-449-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swiftxr-3darvr-viewer/swiftxr-3darvr-viewer-107-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-feed-to-post-autoblogging-news-youtube-video-feeds-aggregator-447-authenticatedcontributor-blind-server-side-request-forgery-ssrf</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-user-notes/frontend-user-notes-211-cross-site-request-forgery-to-note-content-modification-via-confirmedit-action</loc>
<lastmod>2026-06-05T10:36:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ship-to-ecourier/ship-to-ecourier-101-cross-site-request-forgery</loc>
<lastmod>2021-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-1748-unauthenticated-stored-cross-site-scripting-via-sanitize_file-function</loc>
<lastmod>2025-06-02T21:07:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cimy-user-manager/cimy-user-manager-144-arbitrary-file-read</loc>
<lastmod>2012-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-post-voice/magic-post-voice-12-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nova-lite/nova-lite-139-reflected-cross-site-scripting</loc>
<lastmod>2020-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2download-connector/2download-connector-for-2dl-hosted-checkout-015-missing-authorization-to-unauthenticated-sensitive-customer-subscription-data-exposure-via-todownload_email-parameter</loc>
<lastmod>2026-06-18T17:37:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anywhere-elementor-pro/anywhere-elementor-pro-229-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-menu-lite/side-menu-lite-add-sticky-fixed-buttons-42-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/purple-xmls-google-product-feed-for-woocommerce/product-feed-on-woocommerce-for-google-357-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-480-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-syntax/wp-syntax-0910-remote-code-execution</loc>
<lastmod>2009-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-wp/google-map-225-sql-injection</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realbig-media/realbig-113-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-donation-plugin-for-wordpress-fundraising-with-recurring-donations-more-1884-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-10-24T17:36:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-109-unauthenticated-sql-injection</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-category-notifications/wp-post-category-notifications-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mapit/mapit-303-missing-authorization</loc>
<lastmod>2026-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anthologize/anthologize-082-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-1995-authenticated-student-remote-code-execution</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-171-cross-site-request-forgery</loc>
<lastmod>2022-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gallery-metabox/wp-gallery-metabox-100-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fabric/fabric-150-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-348-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32823-unauthenticated-stored-cross-site-scripting-via-update_field</loc>
<lastmod>2026-01-08T18:46:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-318-reflected-cross-site-scripting</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subscribe/wp-subscribe-1212-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-02T14:11:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surferseo/surfer-150502-authenticated-administrator-sql-injection</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horizontal-line-shortcode/horizontal-line-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4144-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-portfolio-gallery/simple-portfolio-gallery-01-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-popups/nelio-popups-135-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/vulnerability-ecommerce-product-catalog-plugin-for-wordpress-334-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-on-the-go/acf-on-the-go-101-missing-authorization-to-authenticated-subscriber-arbitrary-content-update</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-downloader/ebook-downloader-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mediumishh/mediumish-1060-reflected-cross-site-scripting</loc>
<lastmod>2021-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coneblog-widgets/coneblog-wordpress-blog-widgets-148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/roisin/roisin-121-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
</urlset>
